Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prevenčka laptop

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Thomas
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 07 dub 2005 20:02
Bydliště: Hradec Králové
Kontaktovat uživatele:

Prevenčka laptop

#1 Příspěvek od Thomas »

Šlape celkem bez potíží, prej jí tady občas vyskakujou nějaký okna :?: Já nic takovýho nezaznamenal :lol:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by tomas (administrator) on DESKTOP-C5F069G (Dell Inc. Latitude E6220) (29-01-2021 07:09:45)
Running from C:\Users\tomas\Downloads
Loaded Profiles: tomas
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\ProgramData\Rpcnet\Bin\rpcld.exe
(Absolute Software Corp. -> Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\UshUpgradeService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Windows\System32\HostControlService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Windows\System32\HostStorageService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(O2Micro Inc. -> O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\73.0.3856.329\opera.exe <13>
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\73.0.3856.329\opera_crashreporter.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Softland SRL -> Microsoft) C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) [File not signed]
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-364587917-2012317419-2455768257-1002\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia -> Nokia)
HKU\S-1-5-21-364587917-2012317419-2455768257-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Print\Monitors\HP D811 Status Monitor: C:\WINDOWS\system32\hpinkstsD811LM.dll [393352 2017-04-05] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\novaPDF 10 Port Monitor: C:\WINDOWS\system32\novamn10.dll [18944 2019-05-08] (Softland) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-23] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3301B68A-A834-4600-BE18-AF84D999FB5E} - System32\Tasks\doPDF 10 Telemetry => C:\Program Files\Softland\novaPDF 10\Driver\GoogleAnalytics.exe [51504 2019-05-08] (Softland SRL -> )
Task: {42F2F973-63AE-417F-A1F9-F6AE65698CFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-05] (Google Inc -> Google Inc.)
Task: {49BD0AB1-481C-478D-980E-0627DDB074A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {51BDBB1D-3D3C-4E05-9DDB-42376068FF20} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {80FC6E46-C4D7-43EA-A3A7-49EB11DF06C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8D286B93-486E-4A69-B394-542FF8FDC759} - System32\Tasks\Opera scheduled Autoupdate 1526659664 => C:\Program Files (x86)\Opera\launcher.exe [1583256 2021-01-14] (Opera Software AS -> Opera Software)
Task: {8E478971-442F-4FC8-BC85-1EC68B02B1F1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8F553F60-EA10-4F34-941C-91EFAE9F9291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-05] (Google Inc -> Google Inc.)
Task: {A0B73DA2-3C8F-4B24-B171-0969D31150DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C84A579E-B94F-4517-865F-9E3D30B09EA3} - System32\Tasks\Opera scheduled assistant Autoupdate 1582736126 => C:\Program Files (x86)\Opera\launcher.exe [1583256 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
Task: {DE311658-57EF-408D-8BED-FCFE16E214F4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EE92282C-F399-47F0-A2B6-B7941A5FF428} - System32\Tasks\doPDF 10 Update => C:\Program Files\Softland\novaPDF 10\Driver\UpdateApplication.exe [98096 2019-05-08] (Softland SRL -> )
Task: {F231C0E8-30F7-4CDD-A1E7-D2E25BBD16BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.236.192.130 77.236.192.150
Tcpip\..\Interfaces\{80701f5f-f89c-4335-abe6-cc8b7eebde60}: [DhcpNameServer] 77.236.192.130 77.236.192.150
Tcpip\..\Interfaces\{d4e419cf-9e7c-4fc0-8690-1f4d98412ecc}: [DhcpNameServer] 192.168.135.1 8.8.8.8

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tomas\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-17]

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default [2021-01-29]
CHR Notifications: Default -> hxxps://45.faranharbarius.com; hxxps://aukro.cz; hxxps://fres-news.com; hxxps://live-stream365.com; hxxps://news-jupiter.com; hxxps://notification-centar.com; hxxps://paratmagazine.com; hxxps://postovnezdarma.cz; hxxps://pushbesttools.com; hxxps://sport247.host; hxxps://vevio.cz; hxxps://www.apocalyptica.com; hxxps://www.arkadium.com; hxxps://www.chance.cz; hxxps://www.dreamstime.com; hxxps://www.facebook.com; hxxps://www.freefilm.to; hxxps://www.goodfon.com; hxxps://www.koralky.cz; hxxps://www.kupi.cz; hxxps://www.megaknihy.cz; hxxps://www.penize.cz; hxxps://www.viry.cz; hxxps://www.vitalia.cz; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxps://www.facebook.com/marketplace/item/34835 ... jn/3391773"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Seznam doplněk - Email) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-04-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-22]
CHR HKU\S-1-5-21-364587917-2012317419-2455768257-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-364587917-2012317419-2455768257-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]

Opera:
=======
OPR Profile: C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable [2021-01-29]
OPR Notifications: Opera Stable -> hxxps://aukro.cz; hxxps://www.amateri.com; hxxps://www.chance.cz; hxxps://www.kupi.cz; hxxps://www.youtube.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 hostcontrolsvc; C:\WINDOWS\System32\HostControlService.exe [815616 2018-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 hoststoragesvc; C:\WINDOWS\System32\HostStorageService.exe [161280 2018-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 NovaPdf10Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [53040 2019-05-08] (Softland SRL -> Microsoft)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [487048 2019-08-07] (Geek Software GmbH -> Geek Software GmbH)
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [184840 2016-02-03] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-25] (IDT, Inc.) [File not signed]
R2 ushupgradesvc; C:\WINDOWS\System32\UshUpgradeService.exe [265728 2018-03-05] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cykbfltrService; C:\WINDOWS\system32\DRIVERS\cykbfltr.sys [19968 2015-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Cypress Semiconductor, Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 MpKslbeb8c21d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BEF3553-A91F-4B5A-93D6-2F64E3F6AC61}\MpKslDrv.sys [47344 2021-01-28] (Microsoft Windows -> Microsoft Corporation)
R3 O2MDFW8x64; C:\WINDOWS\System32\drivers\O2MDFw8x64.sys [74368 2012-06-15] (O2Micro -> O2Micro)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [521728 2011-03-17] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-29 07:07 - 2021-01-29 07:07 - 002297856 _____ (Farbar) C:\Users\tomas\Downloads\FRST64 (1).exe
2021-01-28 13:00 - 2021-01-28 13:00 - 000000173 __RSH C:\ProgramData\3002.xml
2021-01-25 12:52 - 2021-01-25 12:52 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-21 13:43 - 2021-01-21 13:43 - 000244713 _____ C:\Users\tomas\Downloads\Zadost_o_bonus_pro_podzim2020_2-BO_tisk.pdf
2021-01-18 19:31 - 2021-01-18 19:31 - 000003970 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1526659664
2021-01-18 19:31 - 2021-01-18 19:31 - 000001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-01-17 08:31 - 2021-01-17 08:31 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-01-16 18:18 - 2021-01-16 12:42 - 000413698 __RSH C:\bootmgr
2021-01-16 18:18 - 2019-12-07 10:08 - 000000001 ___SH C:\BOOTNXT
2021-01-16 12:53 - 2021-01-16 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-16 12:52 - 2021-01-16 12:52 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-16 12:52 - 2021-01-16 12:52 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-16 12:52 - 2021-01-16 12:52 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-16 12:52 - 2021-01-16 12:52 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-16 12:52 - 2021-01-16 12:52 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-16 12:52 - 2021-01-16 12:52 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-16 12:51 - 2021-01-16 12:51 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-16 12:51 - 2021-01-16 12:51 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-16 12:51 - 2021-01-16 12:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-16 12:51 - 2021-01-16 12:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-16 12:51 - 2021-01-16 12:51 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-16 12:51 - 2021-01-16 12:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-16 12:51 - 2021-01-16 12:51 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-16 12:50 - 2021-01-16 12:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-16 12:50 - 2021-01-16 12:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-16 12:50 - 2021-01-16 12:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-16 12:49 - 2021-01-16 12:49 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-16 12:49 - 2021-01-16 12:49 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-16 12:49 - 2021-01-16 12:49 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-16 12:49 - 2021-01-16 12:49 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-16 12:48 - 2021-01-16 12:48 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-16 12:48 - 2021-01-16 12:48 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-16 12:47 - 2021-01-16 12:47 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-16 12:46 - 2021-01-16 12:46 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-16 12:45 - 2021-01-16 12:45 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-16 12:45 - 2021-01-16 12:45 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-16 12:44 - 2021-01-16 12:44 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-16 12:44 - 2021-01-16 12:44 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-16 12:44 - 2021-01-16 12:44 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-16 12:44 - 2021-01-16 12:44 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-16 12:42 - 2021-01-16 12:42 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-16 12:41 - 2021-01-16 12:41 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-16 12:41 - 2021-01-16 12:41 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-16 12:41 - 2021-01-16 12:41 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-16 12:41 - 2021-01-16 12:41 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-16 12:39 - 2021-01-16 12:39 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-16 12:39 - 2021-01-16 12:39 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-16 12:38 - 2021-01-16 12:38 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-16 12:35 - 2021-01-16 12:35 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-16 10:22 - 2021-01-16 10:22 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-16 10:22 - 2021-01-16 10:22 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-16 10:21 - 2021-01-16 10:21 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-16 10:21 - 2021-01-16 10:21 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-29 07:13 - 2019-10-20 09:40 - 000017251 _____ C:\Users\tomas\Downloads\FRST.txt
2021-01-29 07:11 - 2019-10-20 09:40 - 000000000 ____D C:\FRST
2021-01-29 07:09 - 2020-11-16 20:02 - 000000000 ____D C:\Users\tomas\AppData\Local\CrashDumps
2021-01-29 07:09 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-29 06:24 - 2018-07-05 20:30 - 000000000 ____D C:\Program Files\CCleaner
2021-01-29 06:21 - 2020-09-25 12:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-29 06:21 - 2018-03-07 08:57 - 000017920 _____ C:\WINDOWS\system32\rpcnetp.exe
2021-01-28 17:11 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-28 17:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-28 16:14 - 2018-05-18 17:02 - 000000000 ____D C:\Users\tomas\AppData\Local\Packages
2021-01-23 12:26 - 2018-07-05 20:30 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-23 12:10 - 2019-11-13 08:11 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-23 12:09 - 2020-09-25 12:48 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-23 12:09 - 2019-12-07 15:43 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-23 12:09 - 2019-12-07 15:43 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-23 12:09 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-18 19:31 - 2020-09-25 12:58 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-18 19:31 - 2020-09-25 12:58 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-18 19:31 - 2018-05-18 17:07 - 000000000 ____D C:\Program Files (x86)\Opera
2021-01-17 08:32 - 2018-05-18 17:05 - 000000000 ___RD C:\Users\tomas\OneDrive
2021-01-16 18:17 - 2018-03-07 10:57 - 000078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2021-01-16 18:16 - 2020-09-25 12:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-16 18:16 - 2020-09-25 12:30 - 000459688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-16 18:16 - 2020-09-25 12:29 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-16 18:16 - 2018-06-24 10:50 - 000031042 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2021-01-16 18:15 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-16 18:08 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-16 18:08 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-16 18:08 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-16 13:09 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-16 10:20 - 2020-09-25 12:34 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-14 12:10 - 2018-05-19 21:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-14 11:54 - 2018-05-19 21:35 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevenčka laptop

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Thomas
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 07 dub 2005 20:02
Bydliště: Hradec Králové
Kontaktovat uživatele:

Re: Prevenčka laptop

#3 Příspěvek od Thomas »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-29-2021
# Duration: 00:00:10
# OS: Windows 10 Pro
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80701f5f-f89c-4335-abe6-cc8b7eebde60}|DhcpNameServer - "77.236.192.130"
Deleted HKLM\System\CurrentControlSet\Services\Tcpip\Parameters|DhcpNameServer - "77.236.192.130"

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email - bgjpfhpjcgdppjbgnpnjllokbmcdllig

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [3303 octets] - [19/10/2019 21:36:26]
AdwCleaner[S00].txt - [1918 octets] - [29/01/2021 18:20:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevenčka laptop

#4 Příspěvek od Diallix »

poprosim o nove loga FRST + ADDITION
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Thomas
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 07 dub 2005 20:02
Bydliště: Hradec Králové
Kontaktovat uživatele:

Re: Prevenčka laptop

#5 Příspěvek od Thomas »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by tomas (29-01-2021 21:53:12)
Running from C:\Users\tomas\Downloads
Windows 10 Pro Version 2004 19041.746 (X64) (2020-09-25 11:59:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-364587917-2012317419-2455768257-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-364587917-2012317419-2455768257-503 - Limited - Disabled)
Guest (S-1-5-21-364587917-2012317419-2455768257-501 - Limited - Disabled)
tomas (S-1-5-21-364587917-2012317419-2455768257-1002 - Administrator - Enabled) => C:\Users\tomas
WDAGUtilityAccount (S-1-5-21-364587917-2012317419-2455768257-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Pinball (HKLM-x32\...\{C342E30B-52F9-4657-96B6-32E399B9DEB2}) (Version: 5.1.2600.5512 - Microsoft Coprporation)
Adobe Reader XI (11.0.23) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Adventure Pinball Demo (HKLM-x32\...\Adventure Pinball Demo) (Version: - )
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.)
doPDF (HKLM\...\{09BE69E4-B9AD-447D-8A2F-E1D6CBE9C417}) (Version: 10.1.112 - Softland) Hidden
doPDF 10 (HKLM-x32\...\{f5020cd6-f9e7-47b4-ba38-35989d3528ac}) (Version: 10.1.112 - Softland)
doPDF 10 add-in for Microsoft Office (x64) (HKLM\...\{F9F53ACC-96EE-49A9-B947-0BDBC9F29A70}) (Version: 10.1.112 - Softland)
doPDF 10 add-in for Microsoft Office (x86) (HKLM-x32\...\{F274B289-723E-46E4-A2E5-50F9DA00EC92}) (Version: 10.1.112 - Softland)
doPDF 10 Printer Driver (HKLM\...\{F2AA4489-36C5-428A-A715-DD4BFE05361F}) (Version: 10.1.112 - Softland)
FastStone Image Viewer 6.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.5 - FastStone Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
LibreOffice 6.2.0.3 (HKLM-x32\...\{C0B9601C-3433-41E2-B681-4C86274F0656}) (Version: 6.2.0.3 - The Document Foundation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.53 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-364587917-2012317419-2455768257-1002\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Pinball Arcade Trial (HKLM-x32\...\Pinball Arcade Trial Version 1.0) (Version: - )
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}) (Version: 7.1.180.94 - Nokia) Hidden
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
OpenOffice 4.1.7 (HKLM-x32\...\{E3E3C1D4-6886-4EDB-9F12-335641465055}) (Version: 4.17.9800 - Apache Software Foundation)
Opera Stable 73.0.3856.344 (HKLM-x32\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF24 Creator 9.0.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0067 - ST Microelectronics)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zoner Photo Studio 11 (HKLM-x32\...\ZonerPhotoStudio11_CZ_is1) (Version: - ZONER software)

Packages:
=========
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.3.8.0_x64__htrsf667h5kn2 [2019-10-31] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2020-12-25] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-01-29 14:29 - 2016-03-09 23:05 - 000122888 ____H () [File not signed] C:\ProgramData\rpcnet\bin\GLAwsnl.dll
2018-06-24 15:33 - 2011-01-25 01:57 - 004637184 _____ (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\STLang64.dll
2020-09-25 12:35 - 2011-01-25 01:57 - 000651776 ____N (IDT, Inc.) [File not signed] C:\WINDOWS\system32\stapi64.dll
2012-06-26 12:08 - 2012-06-26 12:08 - 000026624 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
2012-06-26 10:58 - 2012-06-26 10:58 - 001262592 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\NGSCM64.DLL
2012-06-26 12:08 - 2012-06-26 12:08 - 000572928 _____ (Nokia) [File not signed] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
2019-05-08 19:36 - 2019-05-08 19:36 - 000018944 _____ (Softland) [File not signed] C:\WINDOWS\System32\novamn10.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-364587917-2012317419-2455768257-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\tomas\Desktop\wallpaper2you_298746.jpg
DNS Servers: 77.236.192.130 - 77.236.192.150
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FF6D8518-8107-408D-B471-392B6182A973}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7DA411C6-7978-4091-A80B-DEC9AA80AA56}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{D533EA2D-49BE-45DA-9393-07529F9E99F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{60CCD97E-BBE2-4121-B2D8-6D9CA49A316C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{E2DC7159-DE2E-4E28-BC91-787D6D763019}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{A0B651C4-B620-4558-BB98-2227CD021065}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C7B4CA9D-D33F-4090-9475-9A4195F7B7CE}] => (Allow) LPort=8501
FirewallRules: [{C7AA14F3-273A-4883-B62F-5627CD72F439}] => (Allow) LPort=8501
FirewallRules: [{7CE7D6F0-967D-4217-9D86-B8973F3C5B65}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8967792-EFE8-4853-916D-23B4B8492885}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C682E9F2-B333-4761-9054-2D3DFD382712}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{944A5209-D9A5-4554-8766-3558FC6D2DC2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1522EF5-B9F1-4731-B92A-F419E989CB51}] => (Allow) C:\Program Files (x86)\Opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B26B22A7-E9C9-43F0-A62B-38CC05FC87BC}] => (Allow) C:\Program Files (x86)\Opera\73.0.3856.344\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{FD246212-983A-43DD-B49F-81AD9E43043E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

07-01-2021 15:55:27 Naplánovaný kontrolní bod
15-01-2021 17:41:16 Instalační služba modulů systému Windows
28-01-2021 17:09:35 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/29/2021 07:09:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GameBar.exe, verze: 5.420.11102.0, časové razítko: 0x5faaa7cb
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.662, časové razítko: 0xec58f015
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000010bd5c
ID chybujícího procesu: 0x2890
Čas spuštění chybující aplikace: 0x01d6f5ff0744e496
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 3b6dffaa-dcf7-4d44-94d2-0d7aee7b87d1
Úplný název chybujícího balíčku: Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App

Error: (01/28/2021 05:09:14 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (01/26/2021 09:09:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mousocoreworker.exe, verze: 10.0.19041.746, časové razítko: 0xcba13983
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.546, časové razítko: 0x43cbc11d
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007287e
ID chybujícího procesu: 0x28fc
Čas spuštění chybující aplikace: 0x01d6eca2e725b0ee
Cesta k chybující aplikaci: C:\Windows\System32\mousocoreworker.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: 1c5d3d2e-a5a3-4394-a2ef-4c5b812ef87d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/24/2021 05:08:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchApp.exe, verze: 10.0.19041.546, časové razítko: 0xc404ae05
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.662, časové razítko: 0x27bfa5f0
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000213ad
ID chybujícího procesu: 0xcd8
Čas spuštění chybující aplikace: 0x01d6f2696251192d
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: f9913b49-0bd7-4149-9208-878ef84f5a69
Úplný název chybujícího balíčku: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (01/23/2021 12:04:15 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (4840,G,0) Pokus o otevření souboru C:\Users\tomas\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení selhal. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (01/21/2021 03:46:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (01/18/2021 07:29:20 PM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (9156,R,98) WebCacheLocal: Při otevírání souboru protokolu C:\Users\tomas\AppData\Local\Microsoft\Windows\WebCache\V01.log došlo k chybě -1032 (0xfffffbf8).

Error: (01/18/2021 07:29:19 PM) (Source: ESENT) (EventID: 490) (User: )
Description: DllHost (9156,R,98) WebCacheLocal: Pokus o otevření souboru C:\Users\tomas\AppData\Local\Microsoft\Windows\WebCache\V01.log pro čtení nebo zápis selhal. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru selže a dojde k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (01/29/2021 06:20:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba novaPDF 10 Server byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (01/29/2021 06:20:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Storage Middleware Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/29/2021 06:20:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba PDF24 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (01/29/2021 06:20:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Remote Procedure Call (RPC) Net byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/29/2021 06:20:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ServiceLayer byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/29/2021 06:20:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Remote Procedure Call (RPC) LD byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/29/2021 06:20:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/29/2021 06:20:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Audio Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2021-01-29 16:56:08.0290000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {E8C5C6F6-FA74-49E8-85A0-D24EA8C0521C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-29 07:07:04.7570000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Fuerboos.D!cl
ID: 2147723655
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\tomas\Downloads\FRST.exe; webfile:_C:\Users\tomas\Downloads\FRST.exe|https://download.bleepingcomputer.com/d ... 0087080276
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: DESKTOP-C5F069G\tomas
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.3013.0, AS: 1.329.3013.0, NIS: 1.329.3013.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-28 16:12:04.6930000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {9F56D080-7100-4CF8-975B-2713A1B00F88}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-27 12:48:51.7790000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {660EEA33-CDF0-4B2B-B053-8306570AE8EE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-26 09:28:28.7300000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {131DF851-CFBC-44E2-9D0F-D3D844B9D8AF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-13 12:58:12.3600000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.214.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2020-11-16 19:21:15.0250000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.1015.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x8050a003
Popis chyby: Balíček neobsahuje aktuální soubor definic pro tento program. Další informace naleznete v nápovědě a podpoře.

Date: 2020-11-16 19:21:15.0200000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.1015.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x8050a003
Popis chyby: Balíček neobsahuje aktuální soubor definic pro tento program. Další informace naleznete v nápovědě a podpoře.

Date: 2020-11-16 19:21:15.0150000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.1015.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x8050a003
Popis chyby: Balíček neobsahuje aktuální soubor definic pro tento program. Další informace naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2020-11-06 11:52:56.3180000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-06 09:44:14.0460000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-06 09:42:01.7140000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-06 09:40:15.9890000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-06 09:40:15.5940000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-06 09:39:25.5710000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-06 09:30:09.9000000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-11-06 09:30:08.9960000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A13 11/17/2013
Motherboard: Dell Inc. 0R97MN
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 86%
Total physical RAM: 3977.01 MB
Available physical RAM: 549.97 MB
Total Virtual: 6793.01 MB
Available Virtual: 2971.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.58 GB) (Free:258.18 GB) NTFS ==>[drive with boot components (obtained from BCD)]

\\?\Volume{e91e6299-0000-0000-0000-f0644a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: E91E6299)
Partition 1: (Active) - (Size=297.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=525 MB) - (Type=27)

==================== End of Addition.txt =======================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by tomas (administrator) on DESKTOP-C5F069G (Dell Inc. Latitude E6220) (29-01-2021 21:43:35)
Running from C:\Users\tomas\Downloads
Loaded Profiles: tomas
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Absolute Software Corp. -> Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Access Denied) C:\ProgramData\Rpcnet\Bin\rpcld.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <26>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\tomas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2101.15643.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\UshUpgradeService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Windows\System32\HostControlService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation) C:\Windows\System32\HostStorageService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia -> Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(O2Micro Inc. -> O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCUpdate.exe
(Softland SRL -> Microsoft) C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) [File not signed]
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-364587917-2012317419-2455768257-1002\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia -> Nokia)
HKU\S-1-5-21-364587917-2012317419-2455768257-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Print\Monitors\HP D811 Status Monitor: C:\WINDOWS\system32\hpinkstsD811LM.dll [393352 2017-04-05] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\novaPDF 10 Port Monitor: C:\WINDOWS\system32\novamn10.dll [18944 2019-05-08] (Softland) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-23] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3301B68A-A834-4600-BE18-AF84D999FB5E} - System32\Tasks\doPDF 10 Telemetry => C:\Program Files\Softland\novaPDF 10\Driver\GoogleAnalytics.exe [51504 2019-05-08] (Softland SRL -> )
Task: {42F2F973-63AE-417F-A1F9-F6AE65698CFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-05] (Google Inc -> Google Inc.)
Task: {49BD0AB1-481C-478D-980E-0627DDB074A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {51BDBB1D-3D3C-4E05-9DDB-42376068FF20} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {80FC6E46-C4D7-43EA-A3A7-49EB11DF06C5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8D286B93-486E-4A69-B394-542FF8FDC759} - System32\Tasks\Opera scheduled Autoupdate 1526659664 => C:\Program Files (x86)\Opera\launcher.exe [1583256 2021-01-14] (Opera Software AS -> Opera Software)
Task: {8E478971-442F-4FC8-BC85-1EC68B02B1F1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8F553F60-EA10-4F34-941C-91EFAE9F9291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-05] (Google Inc -> Google Inc.)
Task: {A0B73DA2-3C8F-4B24-B171-0969D31150DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C84A579E-B94F-4517-865F-9E3D30B09EA3} - System32\Tasks\Opera scheduled assistant Autoupdate 1582736126 => C:\Program Files (x86)\Opera\launcher.exe [1583256 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
Task: {DE311658-57EF-408D-8BED-FCFE16E214F4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EE92282C-F399-47F0-A2B6-B7941A5FF428} - System32\Tasks\doPDF 10 Update => C:\Program Files\Softland\novaPDF 10\Driver\UpdateApplication.exe [98096 2019-05-08] (Softland SRL -> )
Task: {F231C0E8-30F7-4CDD-A1E7-D2E25BBD16BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.236.192.130 77.236.192.150
Tcpip\..\Interfaces\{80701f5f-f89c-4335-abe6-cc8b7eebde60}: [DhcpNameServer] 77.236.192.130 77.236.192.150
Tcpip\..\Interfaces\{d4e419cf-9e7c-4fc0-8690-1f4d98412ecc}: [DhcpNameServer] 192.168.135.1 8.8.8.8

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\tomas\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-29]

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default [2021-01-29]
CHR Notifications: Default -> hxxps://45.faranharbarius.com; hxxps://aukro.cz; hxxps://fres-news.com; hxxps://live-stream365.com; hxxps://news-jupiter.com; hxxps://notification-centar.com; hxxps://paratmagazine.com; hxxps://postovnezdarma.cz; hxxps://pushbesttools.com; hxxps://sport247.host; hxxps://vevio.cz; hxxps://www.apocalyptica.com; hxxps://www.arkadium.com; hxxps://www.chance.cz; hxxps://www.dreamstime.com; hxxps://www.facebook.com; hxxps://www.freefilm.to; hxxps://www.goodfon.com; hxxps://www.koralky.cz; hxxps://www.kupi.cz; hxxps://www.megaknihy.cz; hxxps://www.penize.cz; hxxps://www.viry.cz; hxxps://www.vitalia.cz; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxps://www.facebook.com/marketplace/item/34835 ... jn/3391773"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\tomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]
CHR HKU\S-1-5-21-364587917-2012317419-2455768257-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-364587917-2012317419-2455768257-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]

Opera:
=======
OPR Profile: C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable [2021-01-29]
OPR Notifications: Opera Stable -> hxxps://aukro.cz; hxxps://www.amateri.com; hxxps://www.chance.cz; hxxps://www.kupi.cz; hxxps://www.youtube.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\tomas\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2015-07-09] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 hostcontrolsvc; C:\WINDOWS\System32\HostControlService.exe [815616 2018-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 hoststoragesvc; C:\WINDOWS\System32\HostStorageService.exe [161280 2018-03-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
R2 NovaPdf10Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [53040 2019-05-08] (Softland SRL -> Microsoft)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [487048 2019-08-07] (Geek Software GmbH -> Geek Software GmbH)
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [184840 2016-02-03] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [296448 2011-01-25] (IDT, Inc.) [File not signed]
R2 ushupgradesvc; C:\WINDOWS\System32\UshUpgradeService.exe [265728 2018-03-05] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cykbfltrService; C:\WINDOWS\system32\DRIVERS\cykbfltr.sys [19968 2015-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Cypress Semiconductor, Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 O2MDFW8x64; C:\WINDOWS\System32\drivers\O2MDFw8x64.sys [74368 2012-06-15] (O2Micro -> O2Micro)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [521728 2011-03-17] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-29 21:42 - 2021-01-29 21:42 - 002297856 _____ (Farbar) C:\Users\tomas\Downloads\FRST64 (2).exe
2021-01-29 18:30 - 2021-01-29 18:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-01-29 18:27 - 2021-01-29 18:27 - 008457584 _____ (Malwarebytes) C:\Users\tomas\Downloads\adwcleaner_8.0.9.1 (1).exe
2021-01-29 18:18 - 2021-01-29 18:18 - 008457584 _____ (Malwarebytes) C:\Users\tomas\Downloads\adwcleaner_8.0.9.1.exe
2021-01-29 14:29 - 2021-01-29 14:29 - 000000173 __RSH C:\ProgramData\3002.xml
2021-01-29 07:07 - 2021-01-29 07:07 - 002297856 _____ (Farbar) C:\Users\tomas\Downloads\FRST64 (1).exe
2021-01-25 12:52 - 2021-01-25 12:52 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-21 13:43 - 2021-01-21 13:43 - 000244713 _____ C:\Users\tomas\Downloads\Zadost_o_bonus_pro_podzim2020_2-BO_tisk.pdf
2021-01-18 19:31 - 2021-01-18 19:31 - 000003970 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1526659664
2021-01-18 19:31 - 2021-01-18 19:31 - 000001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-01-17 08:31 - 2021-01-17 08:31 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-01-16 18:18 - 2021-01-16 12:42 - 000413698 __RSH C:\bootmgr
2021-01-16 18:18 - 2019-12-07 10:08 - 000000001 ___SH C:\BOOTNXT
2021-01-16 12:53 - 2021-01-16 12:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-16 12:52 - 2021-01-16 12:52 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-16 12:52 - 2021-01-16 12:52 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-16 12:52 - 2021-01-16 12:52 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-16 12:52 - 2021-01-16 12:52 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-16 12:52 - 2021-01-16 12:52 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-16 12:52 - 2021-01-16 12:52 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-16 12:51 - 2021-01-16 12:51 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-16 12:51 - 2021-01-16 12:51 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-16 12:51 - 2021-01-16 12:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-16 12:51 - 2021-01-16 12:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-16 12:51 - 2021-01-16 12:51 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-16 12:51 - 2021-01-16 12:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-16 12:51 - 2021-01-16 12:51 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-16 12:50 - 2021-01-16 12:50 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-16 12:50 - 2021-01-16 12:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-16 12:50 - 2021-01-16 12:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-16 12:49 - 2021-01-16 12:49 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-16 12:49 - 2021-01-16 12:49 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-16 12:49 - 2021-01-16 12:49 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-16 12:49 - 2021-01-16 12:49 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-16 12:48 - 2021-01-16 12:48 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-16 12:48 - 2021-01-16 12:48 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-16 12:47 - 2021-01-16 12:47 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-16 12:46 - 2021-01-16 12:46 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-16 12:45 - 2021-01-16 12:45 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-16 12:45 - 2021-01-16 12:45 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-16 12:44 - 2021-01-16 12:44 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-16 12:44 - 2021-01-16 12:44 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-16 12:44 - 2021-01-16 12:44 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-16 12:44 - 2021-01-16 12:44 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-16 12:42 - 2021-01-16 12:42 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-16 12:41 - 2021-01-16 12:41 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-16 12:41 - 2021-01-16 12:41 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-16 12:41 - 2021-01-16 12:41 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-16 12:41 - 2021-01-16 12:41 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-16 12:39 - 2021-01-16 12:39 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-16 12:39 - 2021-01-16 12:39 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-16 12:38 - 2021-01-16 12:38 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-16 12:35 - 2021-01-16 12:35 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-16 10:22 - 2021-01-16 10:22 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-16 10:22 - 2021-01-16 10:22 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-16 10:21 - 2021-01-16 10:21 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-16 10:21 - 2021-01-16 10:21 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-29 21:46 - 2019-10-20 09:40 - 000016812 _____ C:\Users\tomas\Downloads\FRST.txt
2021-01-29 21:45 - 2019-10-20 09:40 - 000000000 ____D C:\FRST
2021-01-29 21:43 - 2018-07-05 20:30 - 000000000 ____D C:\Program Files\CCleaner
2021-01-29 21:40 - 2018-03-07 08:57 - 000017920 _____ C:\WINDOWS\system32\rpcnetp.exe
2021-01-29 18:26 - 2018-05-18 17:05 - 000000000 ___RD C:\Users\tomas\OneDrive
2021-01-29 18:25 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-29 18:23 - 2020-09-25 12:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-29 18:23 - 2020-09-25 12:29 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-29 18:23 - 2018-06-24 10:50 - 000031173 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2021-01-29 18:23 - 2018-05-18 17:07 - 000000000 ____D C:\Program Files (x86)\Opera
2021-01-29 18:23 - 2018-03-07 10:57 - 000078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2021-01-29 18:22 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-29 18:08 - 2020-09-25 12:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-29 16:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-29 08:52 - 2020-12-19 12:31 - 000000000 ____D C:\Users\tomas\Desktop\100NIKON
2021-01-29 07:27 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-29 07:27 - 2019-10-20 09:43 - 000041267 _____ C:\Users\tomas\Downloads\Addition.txt
2021-01-29 07:09 - 2020-11-16 20:02 - 000000000 ____D C:\Users\tomas\AppData\Local\CrashDumps
2021-01-28 17:11 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-28 16:14 - 2018-05-18 17:02 - 000000000 ____D C:\Users\tomas\AppData\Local\Packages
2021-01-23 12:26 - 2018-07-05 20:30 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-23 12:10 - 2019-11-13 08:11 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-23 12:09 - 2020-09-25 12:48 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-23 12:09 - 2019-12-07 15:43 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-23 12:09 - 2019-12-07 15:43 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-18 19:31 - 2020-09-25 12:58 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-18 19:31 - 2020-09-25 12:58 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-16 18:16 - 2020-09-25 12:30 - 000459688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-16 18:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-16 18:08 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-16 18:08 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-16 18:08 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-16 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-16 13:09 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-16 10:20 - 2020-09-25 12:34 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-14 12:10 - 2018-05-19 21:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-14 11:54 - 2018-05-19 21:35 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevenčka laptop

#6 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{C7B4CA9D-D33F-4090-9475-9A4195F7B7CE}] => (Allow) LPort=8501
FirewallRules: [{C7AA14F3-273A-4883-B62F-5627CD72F439}] => (Allow) LPort=8501
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {42F2F973-63AE-417F-A1F9-F6AE65698CFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-05] (Google Inc -> Google Inc.)
Task: {8F553F60-EA10-4F34-941C-91EFAE9F9291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-05] (Google Inc -> Google Inc.)
Task: {F231C0E8-30F7-4CDD-A1E7-D2E25BBD16BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
CHR Notifications: Default -> hxxps://45.faranharbarius.com; hxxps://aukro.cz; hxxps://fres-news.com; hxxps://live-stream365.com; hxxps://news-jupiter.com; hxxps://notification-centar.com; hxxps://paratmagazine.com; hxxps://postovnezdarma.cz; hxxps://pushbesttools.com; hxxps://sport247.host; hxxps://vevio.cz; hxxps://www.apocalyptica.com; hxxps://www.arkadium.com; hxxps://www.chance.cz; hxxps://www.dreamstime.com; hxxps://www.facebook.com; hxxps://www.freefilm.to; hxxps://www.goodfon.com; hxxps://www.koralky.cz; hxxps://www.kupi.cz; hxxps://www.megaknihy.cz; hxxps://www.penize.cz; hxxps://www.viry.cz; hxxps://www.vitalia.cz; hxxps://www.youtube.com

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Thomas
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 07 dub 2005 20:02
Bydliště: Hradec Králové
Kontaktovat uživatele:

Re: Prevenčka laptop

#7 Příspěvek od Thomas »

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by tomas (30-01-2021 08:54:46) Run:2
Running from C:\Users\tomas\Desktop
Loaded Profiles: tomas
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [{C7B4CA9D-D33F-4090-9475-9A4195F7B7CE}] => (Allow) LPort=8501
FirewallRules: [{C7AA14F3-273A-4883-B62F-5627CD72F439}] => (Allow) LPort=8501
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {42F2F973-63AE-417F-A1F9-F6AE65698CFB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-05] (Google Inc -> Google Inc.)
Task: {8F553F60-EA10-4F34-941C-91EFAE9F9291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-07-05] (Google Inc -> Google Inc.)
Task: {F231C0E8-30F7-4CDD-A1E7-D2E25BBD16BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
CHR Notifications: Default -> hxxps://45.faranharbarius.com; hxxps://aukro.cz; hxxps://fres-news.com; hxxps://live-stream365.com; hxxps://news-jupiter.com; hxxps://notification-centar.com; hxxps://paratmagazine.com; hxxps://postovnezdarma.cz; hxxps://pushbesttools.com; hxxps://sport247.host; hxxps://vevio.cz; hxxps://www.apocalyptica.com; hxxps://www.arkadium.com; hxxps://www.chance.cz; hxxps://www.dreamstime.com; hxxps://www.facebook.com; hxxps://www.freefilm.to; hxxps://www.goodfon.com; hxxps://www.koralky.cz; hxxps://www.kupi.cz; hxxps://www.megaknihy.cz; hxxps://www.penize.cz; hxxps://www.viry.cz; hxxps://www.vitalia.cz; hxxps://www.youtube.com

EmptyTemp:

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7B4CA9D-D33F-4090-9475-9A4195F7B7CE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7AA14F3-273A-4883-B62F-5627CD72F439}" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42F2F973-63AE-417F-A1F9-F6AE65698CFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42F2F973-63AE-417F-A1F9-F6AE65698CFB}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F553F60-EA10-4F34-941C-91EFAE9F9291}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F553F60-EA10-4F34-941C-91EFAE9F9291}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F231C0E8-30F7-4CDD-A1E7-D2E25BBD16BF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F231C0E8-30F7-4CDD-A1E7-D2E25BBD16BF}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => removed successfully
"Chrome Notifications" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62375229 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2067208 B
Edge => 13325 B
Chrome => 430983214 B
Firefox => 0 B
Opera => 540397017 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3262 B
NetworkService => 53904936 B
tomas => 95647310 B

RecycleBin => 10362815 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:56:47 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevenčka laptop

#8 Příspěvek od Diallix »

Ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Thomas
Návštěvník
Návštěvník
Příspěvky: 235
Registrován: 07 dub 2005 20:02
Bydliště: Hradec Králové
Kontaktovat uživatele:

Re: Prevenčka laptop

#9 Příspěvek od Thomas »

Asi fajn, byla to jen prevenčka asi po půl roce a ta nikdy neuškodí :happy: Díky za rady :closed:

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevenčka laptop

#10 Příspěvek od Diallix »

V pohodicke, nemate zaco :]]
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno