Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prevence

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Prevence

#1 Příspěvek od PavelP »

Dobrý den, prosím o kontrolu. Děkuji.

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2020-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-09-30] (Scansoft, Inc.) [File not signed]
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [69632 2006-03-21] (ScanSoft, Inc.) [File not signed]
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29271224 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP460 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD81.DLL [33792 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP460: C:\WINDOWS\system32\CNMLM81.DLL [270848 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-19] (Google LLC -> Google LLC)
Startup: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-02-02]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Pavel\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10A5D08C-A546-4F11-A804-5B6E327FD368} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {11E62789-9CA5-4CD6-B81D-F976A543B689} - System32\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {1CF9025D-2325-451A-A3C1-0B4108CED0C7} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {250E5A64-3564-4FD6-881A-6DE33888517C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
Task: {2B8AE2DF-141A-499E-8ED5-8942C8EDFA71} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
Task: {3DAF6791-1B01-48FB-AE96-C2F5415BA412} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {3F823AD6-DB01-4C11-B423-6797C75E45BE} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {4DDA2D29-E710-431E-9974-55860881DCF3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {73C4E646-F730-4344-99B5-11CD93CF495C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {77AED3D3-A163-4EBF-80F7-5EA2E712569E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {82A1D4A8-B4B3-4E08-8C95-942A71177E6B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8D2CF19C-4F33-4A06-B75A-6ADBDB05F929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {9FDB4347-3006-406C-A67B-A53830F706FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BCE5CE83-8CB0-44F9-8F13-64DCBE363E94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {CB0A471F-BF48-4B31-AA9E-412C18B565F0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{84c748ad-5931-4452-a55c-9fae0836d652}: [DhcpNameServer] 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\Pavel\Desktop
Edge HomeButtonPage: HKU\S-1-5-21-171863584-1344761036-1501396969-1001 -> hxxp://seznam.cz/
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-20]
Edge DownloadDir: C:\Users\Pavel\Desktop
Edge Notifications: Default -> hxxps://wwlnws.ru
Edge HomePage: Default -> hxxp://seznam.cz/
Edge StartupUrls: Default -> "hxxps://www.seznam.cz/"
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-08-09]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-02-12] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-171863584-1344761036-1501396969-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Pavel\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [2021-02-19] (Pokki -> Pokki)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default [2021-02-21]
CHR DownloadDir: C:\Users\Pavel\Desktop
CHR Notifications: Default -> hxxps://www.youtube.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-08]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-08]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-08]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Farmerama | Zahraj si farmářskou hru zdarma online) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkkchoocmhpnakhkdlijecgadaengdll [2021-02-20]
CHR Extension: (Farmerama CZ) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnpeofkdlnnommkelmjhmidjlmlffamm [2021-02-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S2 gupdate1d6e1c264499a7b; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
S3 gupdatem1d6e1c2644c3149; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12835096 2021-01-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [468888 2021-01-08] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214808 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324904 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [86016 2011-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2020-01-18] (SlimWare Utilities Inc. -> )
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-21 15:52 - 2021-02-21 15:53 - 000015523 _____ C:\Users\Pavel\Desktop\FRST.txt
2021-02-21 15:51 - 2021-02-21 15:53 - 000000000 ____D C:\FRST
2021-02-21 15:51 - 2021-02-21 15:51 - 002301440 _____ (Farbar) C:\Users\Pavel\Desktop\FRST64.exe
2021-02-21 15:46 - 2021-02-21 15:46 - 000000000 ____D C:\Program Files\trend micro
2021-02-21 15:45 - 2021-02-21 15:46 - 000000000 ____D C:\rsit
2021-02-20 10:12 - 2021-02-20 10:12 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-02-19 20:42 - 2021-02-19 20:55 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-02-19 20:01 - 2021-02-19 20:01 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Bigpoint
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigpoint GmbH
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Local\Farmerama
2021-02-19 20:00 - 2021-02-19 20:01 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Farmerama
2021-02-19 19:57 - 2021-02-19 19:57 - 004284928 _____ (Pokki) C:\Users\Pavel\Downloads\PokkiInstaller.exe
2021-02-19 19:57 - 2021-02-19 19:57 - 000000000 ____D C:\Users\Pavel\AppData\Local\Pokki
2021-02-19 19:26 - 2021-02-20 20:20 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\obs-studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000001052 _____ C:\ProgramData\Desktop\OBS Studio.lnk
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\Program Files\obs-studio
2021-02-19 19:20 - 2021-02-19 19:21 - 075607864 _____ (obsproject.com) C:\Users\Pavel\Desktop\OBS-Studio-26.1.1-Full-Installer-x64.exe
2021-02-14 16:23 - 2021-02-14 16:23 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-02-14 16:23 - 2021-02-14 16:23 - 000001100 _____ C:\ProgramData\Desktop\TeamViewer.lnk
2021-02-14 16:22 - 2021-02-14 16:23 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-14 11:29 - 2021-02-14 11:29 - 029352480 _____ (TeamViewer Germany GmbH) C:\Users\Pavel\Desktop\TeamViewer_Setup1.exe
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-12 14:16 - 2021-02-12 14:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-12 14:15 - 2021-02-12 14:15 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-05 06:25 - 2021-02-05 06:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:25 - 2021-02-05 06:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-21 15:55 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-21 15:52 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-21 15:47 - 2021-01-05 19:25 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\WhatsApp
2021-02-21 15:00 - 2020-11-10 16:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-21 10:45 - 2020-11-11 16:37 - 000000000 ____D C:\Users\Pavel\Desktop\Vína 2019 na odesílání
2021-02-21 09:49 - 2020-11-10 16:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{62F3AFFB-7B4D-4381-A384-3DD0A4C25656}
2021-02-20 20:20 - 2020-03-15 13:18 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\vlc
2021-02-20 11:39 - 2020-01-18 14:29 - 000000000 ____D C:\Users\Pavel\AppData\Local\AMD
2021-02-20 11:17 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-20 11:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-20 05:30 - 2020-11-10 16:58 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-02-19 20:01 - 2020-01-18 16:30 - 000000000 ____D C:\Users\Pavel\AppData\Local\D3DSCache
2021-02-19 20:00 - 2021-01-05 19:25 - 000000000 ____D C:\Users\Pavel\AppData\Local\SquirrelTemp
2021-02-19 16:02 - 2021-01-07 18:39 - 000000000 ____D C:\Users\Pavel\AppData\Local\WhatsApp
2021-02-19 15:29 - 2020-04-26 14:44 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-19 04:03 - 2020-02-08 19:37 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-17 12:51 - 2020-01-18 16:23 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-14 16:23 - 2020-01-18 17:43 - 000000000 ____D C:\Users\Pavel\AppData\Local\TeamViewer
2021-02-14 11:10 - 2020-01-24 13:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2021-02-12 15:26 - 2020-01-18 16:19 - 000000000 ____D C:\ProgramData\AVAST Software
2021-02-12 14:46 - 2020-11-10 16:53 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-12 14:46 - 2019-12-07 15:41 - 000716602 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-12 14:46 - 2019-12-07 15:41 - 000144780 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-12 14:41 - 2020-11-10 16:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-12 14:41 - 2020-11-10 16:37 - 000538560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-12 14:41 - 2020-11-10 16:37 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-12 14:40 - 2020-01-18 13:22 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-02-12 14:40 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 14:39 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-12 14:23 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 14:15 - 2015-03-07 15:40 - 000413690 __RSH C:\bootmgr
2021-02-12 14:00 - 2020-11-09 06:16 - 000000000 ___HD C:\$WinREAgent
2021-02-11 12:20 - 2020-11-10 16:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-11 11:58 - 2020-11-30 06:34 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b7792cc8d8ce
2021-02-11 11:58 - 2020-11-10 16:58 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-10 18:54 - 2020-01-18 16:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 18:51 - 2020-01-18 16:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-03 19:43 - 2020-03-27 17:18 - 000000000 ____D C:\Users\Pavel\Desktop\FARMERAMA
2021-01-28 18:54 - 2020-01-18 14:29 - 000000000 ____D C:\Users\Pavel\AppData\Local\Packages
2021-01-23 01:39 - 2020-09-30 11:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2020-01-19 10:31 - 2020-01-19 10:31 - 000000003 _____ () C:\Users\Pavel\AppData\Local\updater.log
2020-01-19 10:31 - 2020-01-19 10:34 - 000000425 _____ () C:\Users\Pavel\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2021 01
Ran by Pavel (21-02-2021 15:55:47)
Running from C:\Users\Pavel\Desktop
Windows 10 Home Version 2004 19041.804 (X64) (2020-11-10 15:59:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-171863584-1344761036-1501396969-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-171863584-1344761036-1501396969-503 - Limited - Disabled)
Guest (S-1-5-21-171863584-1344761036-1501396969-501 - Limited - Disabled)
Pavel (S-1-5-21-171863584-1344761036-1501396969-1001 - Administrator - Enabled) => C:\Users\Pavel
WDAGUtilityAccount (S-1-5-21-171863584-1344761036-1501396969-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20138 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
AIDA64 Extreme v5.80 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.80 - FinalWire Ltd.)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2020.0821.1329.24282 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.4.3 - Advanced Micro Devices, Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - )
Canon MP460 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version: - )
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.70 - Piriform)
Easy-WebPrint (HKLM-x32\...\Easy-WebPrint) (Version: - )
Facebook Gameroom 1.22.7235.32722 (HKLM-x32\...\{2867E3AE-18BA-4BCF-8268-F797A401ED86}) (Version: 1.22.7235.32722 - Facebook)
Farm sčot 2 verze 2.0.5 (HKLM-x32\...\Farm sčot 2_is1) (Version: 2.0.5 - ledni_prase)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Huawei Drivers (HKLM-x32\...\{C82D8932-EB28-4da6-9582-33D515D46F04}) (Version: 4.22.19.00 - )
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Pokki Download Helper (HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\PokkiDownloadHelper) (Version: 1.3.1.282 - Pokki) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Registrace uživatele zařízení Canon MP460 (HKLM-x32\...\Registrace uživatele zařízení Canon MP460) (Version: - )
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{29D851C2-048C-4B5E-8D1F-25D473342BB5}) (Version: 15.00.0020 - ScanSoft, Inc.)
Skype verze 8.67 (HKLM-x32\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.14.5 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.200 - McAfee, LLC)
WhatsApp (HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\WhatsApp) (Version: 2.2104.10 - WhatsApp)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-20] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.2.10190.0_x64__8wekyb3d8bbwe [2020-11-08] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Farmerama CZ.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jnpeofkdlnnommkelmjhmidjlmlffamm
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Farmerama _ Zahraj si farmářskou hru zdarma online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gkkchoocmhpnakhkdlijecgadaengdll
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Farmerama.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gkkchoocmhpnakhkdlijecgadaengdll

==================== Loaded Modules (Whitelisted) =============

2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-08-21 13:19 - 2020-08-21 13:19 - 001562624 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-08-21 13:28 - 2020-08-21 13:28 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-08-21 13:28 - 2020-08-21 13:28 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\TiltWheelMouse.exe:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)
BHO-x32: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18] () [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)
Toolbar: HKLM-x32 - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll [2006-04-18] () [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "OpwareSE4"
HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{66982354-DE60-435C-A722-563503BEB969}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe] => (Block) C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe => No File
FirewallRules: [TCP Query User{9D1D2D8D-98D0-4952-A2F6-243C3CD285D6}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe] => (Block) C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe => No File
FirewallRules: [UDP Query User{B57B99DF-DE00-4308-8620-2BD2671F4724}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{CB1481B9-76F6-44EB-9339-3CFC39572756}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F629E691-CA23-4983-81A2-36C16B2EA5D7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B004A5FD-65CD-428A-9B40-6B669B444D3D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0739A69E-3C18-4453-BFC0-EF6C2DC98DBF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5CBC8850-6FD1-45D4-AEDB-E1A7B95707A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CAEB50F8-530F-4948-AD24-AD7FAA011BDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A95732F8-4943-4FB7-A6E0-F6E50972871A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0ABBD581-E6E3-499E-9A2B-81BAE325CD73}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:97.12 GB) (Free:46.19 GB) (48%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/14/2021 11:10:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TeamViewer.exe, verze: 15.1.3937.0, časové razítko: 0x5df7b883
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.804, časové razítko: 0x039874b8
Kód výjimky: 0xc0000005
Posun chyby: 0x000621d3
ID chybujícího procesu: 0x3064
Čas spuštění chybující aplikace: 0x01d702b9a22fcfc0
Cesta k chybující aplikaci: C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 2165b6e8-bc70-4dcc-b502-a06050928d4c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/13/2021 10:02:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2148

Čas spuštění: 01d701453ddeb773

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 786399e5-5447-4a29-bd99-5556b4c7af0a

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: CortanaUI

Typ zablokování: Quiesce

Error: (02/12/2021 06:52:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2020.20110.11001.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 15c8

Čas spuštění: 01d70156d64f900a

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: 78f255d1-39bd-412c-8d0f-983ccdebc571

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (02/07/2021 10:15:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2020.20110.11001.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3a04

Čas spuštění: 01d6fca67ccce810

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: b2d846f7-b651-4c45-b174-7fd0115140ce

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (02/06/2021 05:09:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3188

Čas spuštění: 01d6fbb37d827bb4

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 6541ddf5-2522-4fb8-ad78-9672f82cedc3

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: CortanaUI

Typ zablokování: Quiesce

Error: (01/29/2021 12:28:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Disk (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (01/29/2021 12:28:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (G:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (01/29/2021 12:28:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Uložiště (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (02/18/2021 01:55:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FFA105T)
Description: Server Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX49we79s9ab0xp8xpjb6t6g31ep03r71y.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/08/2021 03:15:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FFA105T)
Description: Server Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/08/2021 01:10:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FFA105T)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/01/2021 04:06:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FFA105T)
Description: Server Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/01/2021 01:08:53 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FFA105T)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/29/2021 07:38:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FFA105T)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/29/2021 02:54:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FFA105T)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/28/2021 04:33:18 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-FFA105T)
Description: Server {F9717507-6651-4EDB-BFF7-AE615179BCCF} se v daném časovém limitu neregistroval u služby DCOM.


CodeIntegrity:
===============
Date: 2021-02-21 15:53:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.6 04/30/2010
Motherboard: MSI 890GXM-G65 (MS-7642)
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 68%
Total physical RAM: 8191.18 MB
Available physical RAM: 2599.45 MB
Total Virtual: 12574.32 MB
Available Virtual: 3665.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.12 GB) (Free:46.19 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Uložiště) (Fixed) (Total:486.38 GB) (Free:452.92 GB) NTFS
Drive f: (Disk) (Fixed) (Total:74.53 GB) (Free:67.71 GB) NTFS
Drive g: (Nový svazek) (Fixed) (Total:12.13 GB) (Free:11.31 GB) NTFS

\\?\Volume{2c1a3cdb-0000-0000-0000-f04d18000000}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 2C1A3CDB)
Partition 1: (Active) - (Size=97.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=486.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 74.5 GB) (Disk ID: 31D631D5)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=42)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#3 Příspěvek od PavelP »

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-22-2021
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 23
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\MachinerData
Deleted C:\ProgramData\Garbage Cleaner
Deleted C:\ProgramData\SlimWare Utilities, Inc
Deleted C:\Users\Pavel\AppData\Local\Pokki
Deleted C:\Users\Pavel\AppData\Local\slimware utilities inc
Deleted C:\Users\Pavel\AppData\Roaming\Smart Clock
Deleted C:\Users\Public\Documents\Downloaded Installers

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\AppID\npPokkiDownloadHelper.dll
Deleted HKCU\Software\Classes\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}
Deleted HKCU\Software\GCleaner
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EB3FC20-7158-4DD5-A08E-707541E9341C}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PokkiDownloadHelper
Deleted HKCU\Software\Pokki
Deleted HKCU\Software\SlimWare Utilities Inc
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\SWDUMon
Deleted HKLM\Software\Wow6432Node\SLIMWARE UTILITIES, INC.
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Toolbar|{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.Pokki Folder C:\Users\Pavel\AppData\Local\POKKI\DOWNLOAD HELPER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3325 octets] - [22/02/2021 16:00:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#4 Příspěvek od Diallix »

Poprosim o nove logy FRST + ADDITION
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#5 Příspěvek od PavelP »

Při spouštění aplikace FRST64 zmizela z plochy. Po opětovném stažení nejde uložit na plochu. Win píše nemáte oprávnění ukládat na plochu. Aplikace stažena do dokumentů.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2021
Ran by Pavel (administrator) on DESKTOP-FFA105T (MSI MS-7642) (22-02-2021 19:01:55)
Running from C:\Users\Pavel\Downloads
Loaded Profiles: Pavel
Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2020-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-09-30] (Scansoft, Inc.) [File not signed]
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [69632 2006-03-21] (ScanSoft, Inc.) [File not signed]
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29271224 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP460 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD81.DLL [33792 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP460: C:\WINDOWS\system32\CNMLM81.DLL [270848 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-19] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10A5D08C-A546-4F11-A804-5B6E327FD368} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {11E62789-9CA5-4CD6-B81D-F976A543B689} - System32\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {1CF9025D-2325-451A-A3C1-0B4108CED0C7} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {250E5A64-3564-4FD6-881A-6DE33888517C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
Task: {2B8AE2DF-141A-499E-8ED5-8942C8EDFA71} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
Task: {3F823AD6-DB01-4C11-B423-6797C75E45BE} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {4DDA2D29-E710-431E-9974-55860881DCF3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {51C3B7A8-9D72-48F7-AFE1-CC11D3816665} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {73C4E646-F730-4344-99B5-11CD93CF495C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {77AED3D3-A163-4EBF-80F7-5EA2E712569E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {82A1D4A8-B4B3-4E08-8C95-942A71177E6B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8D2CF19C-4F33-4A06-B75A-6ADBDB05F929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {9FDB4347-3006-406C-A67B-A53830F706FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BCE5CE83-8CB0-44F9-8F13-64DCBE363E94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {CB0A471F-BF48-4B31-AA9E-412C18B565F0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{84c748ad-5931-4452-a55c-9fae0836d652}: [DhcpNameServer] 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\Pavel\Desktop
Edge HomeButtonPage: HKU\S-1-5-21-171863584-1344761036-1501396969-1001 -> hxxp://seznam.cz/
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-22]
Edge DownloadDir: C:\Users\Pavel\Desktop
Edge Notifications: Default -> hxxps://wwlnws.ru
Edge HomePage: Default -> hxxp://seznam.cz/
Edge StartupUrls: Default -> "hxxps://www.seznam.cz/"
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-08-09]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-02-12] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-171863584-1344761036-1501396969-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Pavel\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default [2021-02-22]
CHR DownloadDir: C:\Users\Pavel\Desktop
CHR Notifications: Default -> hxxps://www.youtube.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-08]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-08]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-08]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Farmerama | Zahraj si farmářskou hru zdarma online) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkkchoocmhpnakhkdlijecgadaengdll [2021-02-20]
CHR Extension: (Farmerama CZ) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnpeofkdlnnommkelmjhmidjlmlffamm [2021-02-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S2 gupdate1d6e1c264499a7b; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
S3 gupdatem1d6e1c2644c3149; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12835096 2021-01-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [468888 2021-01-08] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214808 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324904 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [86016 2011-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 19:01 - 2021-02-22 19:03 - 000017242 _____ C:\Users\Pavel\Downloads\FRST.txt
2021-02-22 18:57 - 2021-02-22 18:57 - 002301440 _____ (Farbar) C:\Users\Pavel\Downloads\FRST64.exe
2021-02-22 14:46 - 2021-02-22 14:46 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-02-21 20:03 - 2021-02-21 20:03 - 008463216 _____ (Malwarebytes) C:\Users\Pavel\Desktop\adwcleaner_8.1.exe
2021-02-21 15:55 - 2021-02-21 15:58 - 000037519 _____ C:\Users\Pavel\Desktop\Addition.txt
2021-02-21 15:52 - 2021-02-21 15:58 - 000023861 _____ C:\Users\Pavel\Desktop\FRST.txt
2021-02-21 15:51 - 2021-02-22 19:02 - 000000000 ____D C:\FRST
2021-02-21 15:46 - 2021-02-21 15:46 - 000000000 ____D C:\Program Files\trend micro
2021-02-21 15:45 - 2021-02-21 15:46 - 000000000 ____D C:\rsit
2021-02-19 20:42 - 2021-02-19 20:55 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-02-19 20:01 - 2021-02-19 20:01 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Bigpoint
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigpoint GmbH
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Local\Farmerama
2021-02-19 20:00 - 2021-02-19 20:01 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Farmerama
2021-02-19 19:57 - 2021-02-19 19:57 - 004284928 _____ (Pokki) C:\Users\Pavel\Downloads\PokkiInstaller.exe
2021-02-19 19:26 - 2021-02-20 20:20 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\obs-studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000001052 _____ C:\ProgramData\Desktop\OBS Studio.lnk
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\Program Files\obs-studio
2021-02-19 19:20 - 2021-02-19 19:21 - 075607864 _____ (obsproject.com) C:\Users\Pavel\Desktop\OBS-Studio-26.1.1-Full-Installer-x64.exe
2021-02-14 16:23 - 2021-02-14 16:23 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-02-14 16:23 - 2021-02-14 16:23 - 000001100 _____ C:\ProgramData\Desktop\TeamViewer.lnk
2021-02-14 16:22 - 2021-02-21 16:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-14 11:29 - 2021-02-14 11:29 - 029352480 _____ (TeamViewer Germany GmbH) C:\Users\Pavel\Desktop\TeamViewer_Setup1.exe
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-12 14:16 - 2021-02-12 14:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-12 14:15 - 2021-02-12 14:15 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-05 06:25 - 2021-02-05 06:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:25 - 2021-02-05 06:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 19:01 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-22 18:51 - 2020-11-10 06:43 - 000000000 ____D C:\Users\Pavel
2021-02-22 18:40 - 2020-11-10 16:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{62F3AFFB-7B4D-4381-A384-3DD0A4C25656}
2021-02-22 18:36 - 2020-11-10 16:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-22 17:17 - 2020-01-18 17:43 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\TeamViewer
2021-02-22 16:00 - 2015-03-15 14:15 - 000000000 ____D C:\AdwCleaner
2021-02-22 15:58 - 2020-09-30 11:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-21 21:10 - 2021-01-05 19:25 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\WhatsApp
2021-02-21 16:11 - 2020-02-02 19:59 - 000000000 ____D C:\Users\Pavel\AppData\Local\Facebook
2021-02-21 15:57 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-21 10:45 - 2020-11-11 16:37 - 000000000 ____D C:\Users\Pavel\Desktop\Vína 2019 na odesílání
2021-02-20 20:20 - 2020-03-15 13:18 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\vlc
2021-02-20 11:39 - 2020-01-18 14:29 - 000000000 ____D C:\Users\Pavel\AppData\Local\AMD
2021-02-20 11:17 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-20 11:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-20 05:30 - 2020-11-10 16:58 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-02-19 20:01 - 2020-01-18 16:30 - 000000000 ____D C:\Users\Pavel\AppData\Local\D3DSCache
2021-02-19 20:00 - 2021-01-05 19:25 - 000000000 ____D C:\Users\Pavel\AppData\Local\SquirrelTemp
2021-02-19 16:02 - 2021-01-07 18:39 - 000000000 ____D C:\Users\Pavel\AppData\Local\WhatsApp
2021-02-19 15:29 - 2020-04-26 14:44 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-19 04:03 - 2020-02-08 19:37 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-17 12:51 - 2020-01-18 16:23 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-14 16:23 - 2020-01-18 17:43 - 000000000 ____D C:\Users\Pavel\AppData\Local\TeamViewer
2021-02-14 11:10 - 2020-01-24 13:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2021-02-12 15:26 - 2020-01-18 16:19 - 000000000 ____D C:\ProgramData\AVAST Software
2021-02-12 14:46 - 2020-11-10 16:53 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-12 14:46 - 2019-12-07 15:41 - 000716602 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-12 14:46 - 2019-12-07 15:41 - 000144780 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-12 14:41 - 2020-11-10 16:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-12 14:41 - 2020-11-10 16:37 - 000538560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-12 14:41 - 2020-11-10 16:37 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-12 14:40 - 2020-01-18 13:22 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-02-12 14:40 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 14:39 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-12 14:23 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 14:15 - 2015-03-07 15:40 - 000413690 __RSH C:\bootmgr
2021-02-12 14:00 - 2020-11-09 06:16 - 000000000 ___HD C:\$WinREAgent
2021-02-11 12:20 - 2020-11-10 16:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-11 11:58 - 2020-11-30 06:34 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b7792cc8d8ce
2021-02-11 11:58 - 2020-11-10 16:58 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-10 18:54 - 2020-01-18 16:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 18:51 - 2020-01-18 16:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-05 20:04 - 2020-09-30 11:25 - 000734016 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-02-05 20:03 - 2020-09-30 11:25 - 000470848 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-02-03 19:43 - 2020-03-27 17:18 - 000000000 ____D C:\Users\Pavel\Desktop\FARMERAMA
2021-01-28 18:54 - 2020-01-18 14:29 - 000000000 ____D C:\Users\Pavel\AppData\Local\Packages

==================== Files in the root of some directories ========

2020-01-19 10:31 - 2020-01-19 10:31 - 000000003 _____ () C:\Users\Pavel\AppData\Local\updater.log
2020-01-19 10:31 - 2020-01-19 10:34 - 000000425 _____ () C:\Users\Pavel\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2021
Ran by Pavel (administrator) on DESKTOP-FFA105T (MSI MS-7642) (22-02-2021 19:01:55)
Running from C:\Users\Pavel\Downloads
Loaded Profiles: Pavel
Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2020-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-09-30] (Scansoft, Inc.) [File not signed]
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [69632 2006-03-21] (ScanSoft, Inc.) [File not signed]
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29271224 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP460 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD81.DLL [33792 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP460: C:\WINDOWS\system32\CNMLM81.DLL [270848 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-19] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10A5D08C-A546-4F11-A804-5B6E327FD368} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {11E62789-9CA5-4CD6-B81D-F976A543B689} - System32\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {1CF9025D-2325-451A-A3C1-0B4108CED0C7} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {250E5A64-3564-4FD6-881A-6DE33888517C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
Task: {2B8AE2DF-141A-499E-8ED5-8942C8EDFA71} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
Task: {3F823AD6-DB01-4C11-B423-6797C75E45BE} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {4DDA2D29-E710-431E-9974-55860881DCF3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {51C3B7A8-9D72-48F7-AFE1-CC11D3816665} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {73C4E646-F730-4344-99B5-11CD93CF495C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {77AED3D3-A163-4EBF-80F7-5EA2E712569E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {82A1D4A8-B4B3-4E08-8C95-942A71177E6B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8D2CF19C-4F33-4A06-B75A-6ADBDB05F929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {9FDB4347-3006-406C-A67B-A53830F706FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BCE5CE83-8CB0-44F9-8F13-64DCBE363E94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {CB0A471F-BF48-4B31-AA9E-412C18B565F0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{84c748ad-5931-4452-a55c-9fae0836d652}: [DhcpNameServer] 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\Pavel\Desktop
Edge HomeButtonPage: HKU\S-1-5-21-171863584-1344761036-1501396969-1001 -> hxxp://seznam.cz/
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-22]
Edge DownloadDir: C:\Users\Pavel\Desktop
Edge Notifications: Default -> hxxps://wwlnws.ru
Edge HomePage: Default -> hxxp://seznam.cz/
Edge StartupUrls: Default -> "hxxps://www.seznam.cz/"
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-08-09]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-02-12] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-171863584-1344761036-1501396969-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Pavel\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default [2021-02-22]
CHR DownloadDir: C:\Users\Pavel\Desktop
CHR Notifications: Default -> hxxps://www.youtube.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-08]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-08]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-08]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Farmerama | Zahraj si farmářskou hru zdarma online) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkkchoocmhpnakhkdlijecgadaengdll [2021-02-20]
CHR Extension: (Farmerama CZ) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnpeofkdlnnommkelmjhmidjlmlffamm [2021-02-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S2 gupdate1d6e1c264499a7b; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
S3 gupdatem1d6e1c2644c3149; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12835096 2021-01-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [468888 2021-01-08] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214808 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324904 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [86016 2011-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 19:01 - 2021-02-22 19:03 - 000017242 _____ C:\Users\Pavel\Downloads\FRST.txt
2021-02-22 18:57 - 2021-02-22 18:57 - 002301440 _____ (Farbar) C:\Users\Pavel\Downloads\FRST64.exe
2021-02-22 14:46 - 2021-02-22 14:46 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-02-21 20:03 - 2021-02-21 20:03 - 008463216 _____ (Malwarebytes) C:\Users\Pavel\Desktop\adwcleaner_8.1.exe
2021-02-21 15:55 - 2021-02-21 15:58 - 000037519 _____ C:\Users\Pavel\Desktop\Addition.txt
2021-02-21 15:52 - 2021-02-21 15:58 - 000023861 _____ C:\Users\Pavel\Desktop\FRST.txt
2021-02-21 15:51 - 2021-02-22 19:02 - 000000000 ____D C:\FRST
2021-02-21 15:46 - 2021-02-21 15:46 - 000000000 ____D C:\Program Files\trend micro
2021-02-21 15:45 - 2021-02-21 15:46 - 000000000 ____D C:\rsit
2021-02-19 20:42 - 2021-02-19 20:55 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-02-19 20:01 - 2021-02-19 20:01 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Bigpoint
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigpoint GmbH
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Local\Farmerama
2021-02-19 20:00 - 2021-02-19 20:01 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Farmerama
2021-02-19 19:57 - 2021-02-19 19:57 - 004284928 _____ (Pokki) C:\Users\Pavel\Downloads\PokkiInstaller.exe
2021-02-19 19:26 - 2021-02-20 20:20 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\obs-studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000001052 _____ C:\ProgramData\Desktop\OBS Studio.lnk
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\Program Files\obs-studio
2021-02-19 19:20 - 2021-02-19 19:21 - 075607864 _____ (obsproject.com) C:\Users\Pavel\Desktop\OBS-Studio-26.1.1-Full-Installer-x64.exe
2021-02-14 16:23 - 2021-02-14 16:23 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-02-14 16:23 - 2021-02-14 16:23 - 000001100 _____ C:\ProgramData\Desktop\TeamViewer.lnk
2021-02-14 16:22 - 2021-02-21 16:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-14 11:29 - 2021-02-14 11:29 - 029352480 _____ (TeamViewer Germany GmbH) C:\Users\Pavel\Desktop\TeamViewer_Setup1.exe
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-12 14:16 - 2021-02-12 14:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-12 14:15 - 2021-02-12 14:15 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-05 06:25 - 2021-02-05 06:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:25 - 2021-02-05 06:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 19:01 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-22 18:51 - 2020-11-10 06:43 - 000000000 ____D C:\Users\Pavel
2021-02-22 18:40 - 2020-11-10 16:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{62F3AFFB-7B4D-4381-A384-3DD0A4C25656}
2021-02-22 18:36 - 2020-11-10 16:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-22 17:17 - 2020-01-18 17:43 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\TeamViewer
2021-02-22 16:00 - 2015-03-15 14:15 - 000000000 ____D C:\AdwCleaner
2021-02-22 15:58 - 2020-09-30 11:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-21 21:10 - 2021-01-05 19:25 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\WhatsApp
2021-02-21 16:11 - 2020-02-02 19:59 - 000000000 ____D C:\Users\Pavel\AppData\Local\Facebook
2021-02-21 15:57 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-21 10:45 - 2020-11-11 16:37 - 000000000 ____D C:\Users\Pavel\Desktop\Vína 2019 na odesílání
2021-02-20 20:20 - 2020-03-15 13:18 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\vlc
2021-02-20 11:39 - 2020-01-18 14:29 - 000000000 ____D C:\Users\Pavel\AppData\Local\AMD
2021-02-20 11:17 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-20 11:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-20 05:30 - 2020-11-10 16:58 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-02-19 20:01 - 2020-01-18 16:30 - 000000000 ____D C:\Users\Pavel\AppData\Local\D3DSCache
2021-02-19 20:00 - 2021-01-05 19:25 - 000000000 ____D C:\Users\Pavel\AppData\Local\SquirrelTemp
2021-02-19 16:02 - 2021-01-07 18:39 - 000000000 ____D C:\Users\Pavel\AppData\Local\WhatsApp
2021-02-19 15:29 - 2020-04-26 14:44 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-19 04:03 - 2020-02-08 19:37 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-17 12:51 - 2020-01-18 16:23 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-14 16:23 - 2020-01-18 17:43 - 000000000 ____D C:\Users\Pavel\AppData\Local\TeamViewer
2021-02-14 11:10 - 2020-01-24 13:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2021-02-12 15:26 - 2020-01-18 16:19 - 000000000 ____D C:\ProgramData\AVAST Software
2021-02-12 14:46 - 2020-11-10 16:53 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-12 14:46 - 2019-12-07 15:41 - 000716602 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-12 14:46 - 2019-12-07 15:41 - 000144780 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-12 14:41 - 2020-11-10 16:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-12 14:41 - 2020-11-10 16:37 - 000538560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-12 14:41 - 2020-11-10 16:37 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-12 14:40 - 2020-01-18 13:22 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-02-12 14:40 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 14:39 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-12 14:23 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 14:15 - 2015-03-07 15:40 - 000413690 __RSH C:\bootmgr
2021-02-12 14:00 - 2020-11-09 06:16 - 000000000 ___HD C:\$WinREAgent
2021-02-11 12:20 - 2020-11-10 16:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-11 11:58 - 2020-11-30 06:34 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b7792cc8d8ce
2021-02-11 11:58 - 2020-11-10 16:58 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-10 18:54 - 2020-01-18 16:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 18:51 - 2020-01-18 16:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-05 20:04 - 2020-09-30 11:25 - 000734016 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-02-05 20:03 - 2020-09-30 11:25 - 000470848 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-02-03 19:43 - 2020-03-27 17:18 - 000000000 ____D C:\Users\Pavel\Desktop\FARMERAMA
2021-01-28 18:54 - 2020-01-18 14:29 - 000000000 ____D C:\Users\Pavel\AppData\Local\Packages

==================== Files in the root of some directories ========

2020-01-19 10:31 - 2020-01-19 10:31 - 000000003 _____ () C:\Users\Pavel\AppData\Local\updater.log
2020-01-19 10:31 - 2020-01-19 10:34 - 000000425 _____ () C:\Users\Pavel\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#6 Příspěvek od Diallix »

Dal ste tu v krat log z frst. Poprosim o log Additon
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#7 Příspěvek od PavelP »

Omlouvám se.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2021
Ran by Pavel (administrator) on DESKTOP-FFA105T (MSI MS-7642) (22-02-2021 19:01:55)
Running from C:\Users\Pavel\Downloads
Loaded Profiles: Pavel
Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(OOO Lightshot -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2020-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117352 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-09-30] (Scansoft, Inc.) [File not signed]
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [69632 2006-03-21] (ScanSoft, Inc.) [File not signed]
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29271224 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\BJ Print Processor4: C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL [84992 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MP460 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD81.DLL [33792 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\BJ Language Monitor4: C:\WINDOWS\system32\CNBLM4.DLL [267776 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP460: C:\WINDOWS\system32\CNMLM81.DLL [270848 2006-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-19] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10A5D08C-A546-4F11-A804-5B6E327FD368} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {11E62789-9CA5-4CD6-B81D-F976A543B689} - System32\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {1CF9025D-2325-451A-A3C1-0B4108CED0C7} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {250E5A64-3564-4FD6-881A-6DE33888517C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
Task: {2B8AE2DF-141A-499E-8ED5-8942C8EDFA71} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4621920 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
Task: {3F823AD6-DB01-4C11-B423-6797C75E45BE} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {4DDA2D29-E710-431E-9974-55860881DCF3} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-18] (Avast Software s.r.o. -> Avast Software)
Task: {51C3B7A8-9D72-48F7-AFE1-CC11D3816665} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {73C4E646-F730-4344-99B5-11CD93CF495C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {77AED3D3-A163-4EBF-80F7-5EA2E712569E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {82A1D4A8-B4B3-4E08-8C95-942A71177E6B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8D2CF19C-4F33-4A06-B75A-6ADBDB05F929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {9FDB4347-3006-406C-A67B-A53830F706FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24770744 2020-08-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BCE5CE83-8CB0-44F9-8F13-64DCBE363E94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {CB0A471F-BF48-4B31-AA9E-412C18B565F0} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{84c748ad-5931-4452-a55c-9fae0836d652}: [DhcpNameServer] 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\Pavel\Desktop
Edge HomeButtonPage: HKU\S-1-5-21-171863584-1344761036-1501396969-1001 -> hxxp://seznam.cz/
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-22]
Edge DownloadDir: C:\Users\Pavel\Desktop
Edge Notifications: Default -> hxxps://wwlnws.ru
Edge HomePage: Default -> hxxp://seznam.cz/
Edge StartupUrls: Default -> "hxxps://www.seznam.cz/"
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-08-09]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-02-12] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-09] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-171863584-1344761036-1501396969-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Pavel\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default [2021-02-22]
CHR DownloadDir: C:\Users\Pavel\Desktop
CHR Notifications: Default -> hxxps://www.youtube.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-08]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-08]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-08]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Farmerama | Zahraj si farmářskou hru zdarma online) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkkchoocmhpnakhkdlijecgadaengdll [2021-02-20]
CHR Extension: (Farmerama CZ) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnpeofkdlnnommkelmjhmidjlmlffamm [2021-02-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8477080 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [621728 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [58048 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S2 gupdate1d6e1c264499a7b; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
S3 gupdatem1d6e1c2644c3149; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [959752 2021-02-12] (McAfee, LLC -> McAfee, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12835096 2021-01-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36792 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208672 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [332880 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [247888 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [97360 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42424 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [176384 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108928 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84496 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851256 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [468888 2021-01-08] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [214808 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324904 2021-01-07] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [86016 2011-01-30] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 19:01 - 2021-02-22 19:03 - 000017242 _____ C:\Users\Pavel\Downloads\FRST.txt
2021-02-22 18:57 - 2021-02-22 18:57 - 002301440 _____ (Farbar) C:\Users\Pavel\Downloads\FRST64.exe
2021-02-22 14:46 - 2021-02-22 14:46 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-02-21 20:03 - 2021-02-21 20:03 - 008463216 _____ (Malwarebytes) C:\Users\Pavel\Desktop\adwcleaner_8.1.exe
2021-02-21 15:55 - 2021-02-21 15:58 - 000037519 _____ C:\Users\Pavel\Desktop\Addition.txt
2021-02-21 15:52 - 2021-02-21 15:58 - 000023861 _____ C:\Users\Pavel\Desktop\FRST.txt
2021-02-21 15:51 - 2021-02-22 19:02 - 000000000 ____D C:\FRST
2021-02-21 15:46 - 2021-02-21 15:46 - 000000000 ____D C:\Program Files\trend micro
2021-02-21 15:45 - 2021-02-21 15:46 - 000000000 ____D C:\rsit
2021-02-19 20:42 - 2021-02-19 20:55 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2021-02-19 20:01 - 2021-02-19 20:01 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Bigpoint
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigpoint GmbH
2021-02-19 20:00 - 2021-02-19 20:07 - 000000000 ____D C:\Users\Pavel\AppData\Local\Farmerama
2021-02-19 20:00 - 2021-02-19 20:01 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Farmerama
2021-02-19 19:57 - 2021-02-19 19:57 - 004284928 _____ (Pokki) C:\Users\Pavel\Downloads\PokkiInstaller.exe
2021-02-19 19:26 - 2021-02-20 20:20 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\obs-studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000001052 _____ C:\ProgramData\Desktop\OBS Studio.lnk
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\obs-studio-hook
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2021-02-19 19:26 - 2021-02-19 19:26 - 000000000 ____D C:\Program Files\obs-studio
2021-02-19 19:20 - 2021-02-19 19:21 - 075607864 _____ (obsproject.com) C:\Users\Pavel\Desktop\OBS-Studio-26.1.1-Full-Installer-x64.exe
2021-02-14 16:23 - 2021-02-14 16:23 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-02-14 16:23 - 2021-02-14 16:23 - 000001100 _____ C:\ProgramData\Desktop\TeamViewer.lnk
2021-02-14 16:22 - 2021-02-21 16:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-14 11:29 - 2021-02-14 11:29 - 029352480 _____ (TeamViewer Germany GmbH) C:\Users\Pavel\Desktop\TeamViewer_Setup1.exe
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 14:16 - 2021-02-12 14:16 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-12 14:16 - 2021-02-12 14:16 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-12 14:15 - 2021-02-12 14:15 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-05 06:25 - 2021-02-05 06:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:25 - 2021-02-05 06:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-22 19:01 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-22 18:51 - 2020-11-10 06:43 - 000000000 ____D C:\Users\Pavel
2021-02-22 18:40 - 2020-11-10 16:58 - 000004210 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{62F3AFFB-7B4D-4381-A384-3DD0A4C25656}
2021-02-22 18:36 - 2020-11-10 16:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-22 17:17 - 2020-01-18 17:43 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\TeamViewer
2021-02-22 16:00 - 2015-03-15 14:15 - 000000000 ____D C:\AdwCleaner
2021-02-22 15:58 - 2020-09-30 11:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-21 21:10 - 2021-01-05 19:25 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\WhatsApp
2021-02-21 16:11 - 2020-02-02 19:59 - 000000000 ____D C:\Users\Pavel\AppData\Local\Facebook
2021-02-21 15:57 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-21 10:45 - 2020-11-11 16:37 - 000000000 ____D C:\Users\Pavel\Desktop\Vína 2019 na odesílání
2021-02-20 20:20 - 2020-03-15 13:18 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\vlc
2021-02-20 11:39 - 2020-01-18 14:29 - 000000000 ____D C:\Users\Pavel\AppData\Local\AMD
2021-02-20 11:17 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-20 11:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-20 05:30 - 2020-11-10 16:58 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-02-19 20:01 - 2020-01-18 16:30 - 000000000 ____D C:\Users\Pavel\AppData\Local\D3DSCache
2021-02-19 20:00 - 2021-01-05 19:25 - 000000000 ____D C:\Users\Pavel\AppData\Local\SquirrelTemp
2021-02-19 16:02 - 2021-01-07 18:39 - 000000000 ____D C:\Users\Pavel\AppData\Local\WhatsApp
2021-02-19 15:29 - 2020-04-26 14:44 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-19 04:03 - 2020-02-08 19:37 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-17 12:51 - 2020-01-18 16:23 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-14 16:23 - 2020-01-18 17:43 - 000000000 ____D C:\Users\Pavel\AppData\Local\TeamViewer
2021-02-14 11:10 - 2020-01-24 13:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2021-02-12 15:26 - 2020-01-18 16:19 - 000000000 ____D C:\ProgramData\AVAST Software
2021-02-12 14:46 - 2020-11-10 16:53 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-12 14:46 - 2019-12-07 15:41 - 000716602 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-12 14:46 - 2019-12-07 15:41 - 000144780 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-12 14:41 - 2020-11-10 16:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-12 14:41 - 2020-11-10 16:37 - 000538560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-12 14:41 - 2020-11-10 16:37 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-12 14:40 - 2020-01-18 13:22 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-02-12 14:40 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 14:39 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 14:39 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-12 14:23 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 14:15 - 2015-03-07 15:40 - 000413690 __RSH C:\bootmgr
2021-02-12 14:00 - 2020-11-09 06:16 - 000000000 ___HD C:\$WinREAgent
2021-02-11 12:20 - 2020-11-10 16:58 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-11 11:58 - 2020-11-30 06:34 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6b7792cc8d8ce
2021-02-11 11:58 - 2020-11-10 16:58 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-10 18:54 - 2020-01-18 16:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 18:51 - 2020-01-18 16:26 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-05 20:04 - 2020-09-30 11:25 - 000734016 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-02-05 20:03 - 2020-09-30 11:25 - 000470848 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-02-03 19:43 - 2020-03-27 17:18 - 000000000 ____D C:\Users\Pavel\Desktop\FARMERAMA
2021-01-28 18:54 - 2020-01-18 14:29 - 000000000 ____D C:\Users\Pavel\AppData\Local\Packages

==================== Files in the root of some directories ========

2020-01-19 10:31 - 2020-01-19 10:31 - 000000003 _____ () C:\Users\Pavel\AppData\Local\updater.log
2020-01-19 10:31 - 2020-01-19 10:34 - 000000425 _____ () C:\Users\Pavel\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#8 Příspěvek od Diallix »

Nic sa ndeje.

Vas log co ste tu teraz dal, su logy FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2021


Ja potrebujem aj ten druhy log ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#9 Příspěvek od PavelP »

Teď se na to dívám, ale podle mě jsou oba logy stejné. Addition i Frst.

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#10 Příspěvek od PavelP »

Zabalil jsem je.
Přílohy
Addition.rar
(6.49 KiB) Staženo 51 x

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#11 Příspěvek od PavelP »

Frst
Přílohy
FRST.rar
(6.48 KiB) Staženo 55 x

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#12 Příspěvek od Diallix »

Hm. S tymto som sa este nestretol. Mozete skusit stiahnut najnovsiu verziu Porgramu a urobit nasledne sken?

Urobte nasledovne:


Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {11E62789-9CA5-4CD6-B81D-F976A543B689} - System32\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {1CF9025D-2325-451A-A3C1-0B4108CED0C7} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {250E5A64-3564-4FD6-881A-6DE33888517C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
Task: {3F823AD6-DB01-4C11-B423-6797C75E45BE} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {73C4E646-F730-4344-99B5-11CD93CF495C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {77AED3D3-A163-4EBF-80F7-5EA2E712569E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {8D2CF19C-4F33-4A06-B75A-6ADBDB05F929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {BCE5CE83-8CB0-44F9-8F13-64DCBE363E94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
FF Plugin HKU\S-1-5-21-171863584-1344761036-1501396969-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Pavel\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
2021-02-05 06:25 - 2021-02-05 06:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:25 - 2021-02-05 06:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#13 Příspěvek od PavelP »

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2021
Ran by Pavel (23-02-2021 16:50:04) Run:1
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {11E62789-9CA5-4CD6-B81D-F976A543B689} - System32\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {1CF9025D-2325-451A-A3C1-0B4108CED0C7} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {250E5A64-3564-4FD6-881A-6DE33888517C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-09] (Adobe Inc. -> Adobe)
Task: {3F823AD6-DB01-4C11-B423-6797C75E45BE} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-04-16] (Advanced Micro Devices, Inc.) [File not signed]
Task: {73C4E646-F730-4344-99B5-11CD93CF495C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {77AED3D3-A163-4EBF-80F7-5EA2E712569E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {8D2CF19C-4F33-4A06-B75A-6ADBDB05F929} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2021-01-03] (Google Inc -> Google Inc.)
Task: {BCE5CE83-8CB0-44F9-8F13-64DCBE363E94} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
FF Plugin HKU\S-1-5-21-171863584-1344761036-1501396969-1001: pokki.com/PokkiDownloadHelper -> C:\Users\Pavel\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [No File]
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
2021-02-05 06:25 - 2021-02-05 06:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:25 - 2021-02-05 06:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11E62789-9CA5-4CD6-B81D-F976A543B689}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11E62789-9CA5-4CD6-B81D-F976A543B689}" => removed successfully
C:\WINDOWS\System32\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-171863584-1344761036-1501396969-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CF9025D-2325-451A-A3C1-0B4108CED0C7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CF9025D-2325-451A-A3C1-0B4108CED0C7}" => removed successfully
C:\WINDOWS\System32\Tasks\update-sys => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{250E5A64-3564-4FD6-881A-6DE33888517C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{250E5A64-3564-4FD6-881A-6DE33888517C}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player NPAPI Notifier" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F823AD6-DB01-4C11-B423-6797C75E45BE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F823AD6-DB01-4C11-B423-6797C75E45BE}" => removed successfully
C:\WINDOWS\System32\Tasks\ModifyLinkUpdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ModifyLinkUpdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73C4E646-F730-4344-99B5-11CD93CF495C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C4E646-F730-4344-99B5-11CD93CF495C}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77AED3D3-A163-4EBF-80F7-5EA2E712569E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77AED3D3-A163-4EBF-80F7-5EA2E712569E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D2CF19C-4F33-4A06-B75A-6ADBDB05F929}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D2CF19C-4F33-4A06-B75A-6ADBDB05F929}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BCE5CE83-8CB0-44F9-8F13-64DCBE363E94}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCE5CE83-8CB0-44F9-8F13-64DCBE363E94}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
C:\WINDOWS\Tasks\update-S-1-5-21-171863584-1344761036-1501396969-1001.job => moved successfully
C:\WINDOWS\Tasks\update-sys.job => moved successfully
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper => removed successfully
"C:\Users\Pavel\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll" => not found
HKLM\System\CurrentControlSet\Services\SWDUMon => removed successfully
SWDUMon => service removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 143143655 B
Java, Flash, Steam htmlcache => 1159 B
Windows/system/drivers => 1725793 B
Edge => 21504 B
Chrome => 432511259 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 39448 B
LocalService => 90486 B
NetworkService => 97142 B
Pavel => 132326447 B

RecycleBin => 200469736 B
EmptyTemp: => 878 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:50:56 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#14 Příspěvek od Diallix »

Dobre.

Este keby sa podaril ten ADDITION log.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PavelP
Návštěvník
Návštěvník
Příspěvky: 377
Registrován: 05 pro 2007 17:59

Re: Prevence

#15 Příspěvek od PavelP »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2021
Ran by Pavel (23-02-2021 17:14:06)
Running from C:\Users\Pavel\Desktop
Windows 10 Home Version 2004 19041.804 (X64) (2020-11-10 15:59:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-171863584-1344761036-1501396969-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-171863584-1344761036-1501396969-503 - Limited - Disabled)
Guest (S-1-5-21-171863584-1344761036-1501396969-501 - Limited - Disabled)
Pavel (S-1-5-21-171863584-1344761036-1501396969-1001 - Administrator - Enabled) => C:\Users\Pavel
WDAGUtilityAccount (S-1-5-21-171863584-1344761036-1501396969-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20140 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
AIDA64 Extreme v5.80 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.80 - FinalWire Ltd.)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2020.0821.1329.24282 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.4.3 - Advanced Micro Devices, Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - )
Canon MP460 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version: - )
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.70 - Piriform)
Easy-WebPrint (HKLM-x32\...\Easy-WebPrint) (Version: - )
Farm sčot 2 verze 2.0.5 (HKLM-x32\...\Farm sčot 2_is1) (Version: 2.0.5 - ledni_prase)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Huawei Drivers (HKLM-x32\...\{C82D8932-EB28-4da6-9582-33D515D46F04}) (Version: 4.22.19.00 - )
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Registrace uživatele zařízení Canon MP460 (HKLM-x32\...\Registrace uživatele zařízení Canon MP460) (Version: - )
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{29D851C2-048C-4B5E-8D1F-25D473342BB5}) (Version: 15.00.0020 - ScanSoft, Inc.)
Skype verze 8.67 (HKLM-x32\...\Skype_is1) (Version: 8.67 - Skype Technologies S.A.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.14.5 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.200 - McAfee, LLC)
WhatsApp (HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\WhatsApp) (Version: 2.2104.10 - WhatsApp)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-20] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.2.10190.0_x64__8wekyb3d8bbwe [2020-11-08] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-171863584-1344761036-1501396969-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-01-07] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Farmerama CZ.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jnpeofkdlnnommkelmjhmidjlmlffamm
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Farmerama _ Zahraj si farmářskou hru zdarma online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gkkchoocmhpnakhkdlijecgadaengdll
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Farmerama.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gkkchoocmhpnakhkdlijecgadaengdll

==================== Loaded Modules (Whitelisted) =============

2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-08-21 13:19 - 2020-08-21 13:19 - 001562624 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-08-21 13:28 - 2020-08-21 13:28 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-08-21 13:28 - 2020-08-21 13:28 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\TiltWheelMouse.exe:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)
BHO-x32: EWPBrowseObject Class -> {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} -> C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18] () [File not signed]
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-02-12] (McAfee, LLC -> McAfee, LLC)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "OpwareSE4"
HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-171863584-1344761036-1501396969-1001\...\StartupApproved\Run: => "Skype for Desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{66982354-DE60-435C-A722-563503BEB969}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe] => (Block) C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe => No File
FirewallRules: [TCP Query User{9D1D2D8D-98D0-4952-A2F6-243C3CD285D6}C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe] => (Block) C:\users\pavel\desktop\war3-cesky 1.27\warcraft iii\war3.exe => No File
FirewallRules: [UDP Query User{B57B99DF-DE00-4308-8620-2BD2671F4724}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{CB1481B9-76F6-44EB-9339-3CFC39572756}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F629E691-CA23-4983-81A2-36C16B2EA5D7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B004A5FD-65CD-428A-9B40-6B669B444D3D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0739A69E-3C18-4453-BFC0-EF6C2DC98DBF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5CBC8850-6FD1-45D4-AEDB-E1A7B95707A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CAEB50F8-530F-4948-AD24-AD7FAA011BDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A95732F8-4943-4FB7-A6E0-F6E50972871A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0ABBD581-E6E3-499E-9A2B-81BAE325CD73}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:97.12 GB) (Free:50.94 GB) (52%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/14/2021 11:10:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TeamViewer.exe, verze: 15.1.3937.0, časové razítko: 0x5df7b883
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.804, časové razítko: 0x039874b8
Kód výjimky: 0xc0000005
Posun chyby: 0x000621d3
ID chybujícího procesu: 0x3064
Čas spuštění chybující aplikace: 0x01d702b9a22fcfc0
Cesta k chybující aplikaci: C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 2165b6e8-bc70-4dcc-b502-a06050928d4c
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/13/2021 10:02:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2148

Čas spuštění: 01d701453ddeb773

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 786399e5-5447-4a29-bd99-5556b4c7af0a

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: CortanaUI

Typ zablokování: Quiesce

Error: (02/12/2021 06:52:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2020.20110.11001.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 15c8

Čas spuštění: 01d70156d64f900a

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: 78f255d1-39bd-412c-8d0f-983ccdebc571

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (02/07/2021 10:15:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2020.20110.11001.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3a04

Čas spuštění: 01d6fca67ccce810

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: b2d846f7-b651-4c45-b174-7fd0115140ce

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (02/06/2021 05:09:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3188

Čas spuštění: 01d6fbb37d827bb4

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 6541ddf5-2522-4fb8-ad78-9672f82cedc3

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: CortanaUI

Typ zablokování: Quiesce

Error: (01/29/2021 12:28:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Disk (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (01/29/2021 12:28:22 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (G:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (01/29/2021 12:28:21 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Uložiště (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (02/23/2021 04:50:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (02/23/2021 04:50:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba TeamViewer byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 2000 milisekund: Restartovat službu.

Error: (02/23/2021 04:50:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1 milisekund: Restartovat službu.

Error: (02/23/2021 04:50:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2021 04:50:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/23/2021 12:33:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (12:30:03, ‎23.‎02.‎2021) bylo neočekávané.

Error: (02/22/2021 04:02:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1 milisekund: Restartovat službu.

Error: (02/22/2021 04:02:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===============
Date: 2021-02-23 17:07:33
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.6 04/30/2010
Motherboard: MSI 890GXM-G65 (MS-7642)
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 40%
Total physical RAM: 8191.18 MB
Available physical RAM: 4901.21 MB
Total Virtual: 9471.18 MB
Available Virtual: 5077.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.12 GB) (Free:50.94 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Uložiště) (Fixed) (Total:486.38 GB) (Free:452.92 GB) NTFS
Drive f: (Disk) (Fixed) (Total:74.53 GB) (Free:67.71 GB) NTFS
Drive g: (Nový svazek) (Fixed) (Total:12.13 GB) (Free:11.31 GB) NTFS

\\?\Volume{2c1a3cdb-0000-0000-0000-f04d18000000}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 2C1A3CDB)
Partition 1: (Active) - (Size=97.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=486.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 74.5 GB) (Disk ID: 31D631D5)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=42)

==================== End of Addition.txt =======================

Odpovědět