Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prevence

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Uživatelský avatar
PredyP
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 1227
Registrován: 24 kvě 2007 21:52
Bydliště: Východ Čech

Prevence

#1 Příspěvek od PredyP »

Dobrý den,
prosím o kontrolu. Děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Petr (administrator) on DESKTOP-GC5ULMC (MSI MS-7623) (17-04-2021 12:42:17)
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [117472 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353400 2021-03-26] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [638352 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [407440 2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Petr\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-10-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\Run: [Discord] => C:\Users\Petr\AppData\Local\Discord\app-0.0.308\Discord.exe [91023672 2020-09-10] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5536424 2021-04-14] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [224768 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG2200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDB6.DLL [30208 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2200 series: C:\WINDOWS\system32\CNMLMB6.DLL [389120 2012-03-26] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-14] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15ADD06C-9C33-4CB0-8D1D-99610CE763F0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {3884E5E0-5B93-4423-818C-4E92B9F83005} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498032 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {461383D0-22DC-4638-AC77-BB761E2E1DB4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {9D16F8EB-7A72-4638-AA13-CE8B825BD42F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {ADC199ED-ED10-4A16-B9DD-EC62F63F60E9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB0884CA-C7EC-4665-90DE-1D913D7379B4} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {BCF44F93-4F4E-425D-BEF4-4322E7833227} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-07] (Google LLC -> Google LLC)
Task: {C2266C8D-28FB-4E73-8CF7-639634139751} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {C36A1F71-08F1-492A-BC15-51A627AF3402} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4686560 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
Task: {D7F9632E-9A68-416D-8F8A-1A4E81638111} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {DABCEABD-0973-4482-A8A3-73192727B790} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E6AC6631-DCCA-4E46-8E29-9EE9B7ADF640} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-07] (Google LLC -> Google LLC)
Task: {F1896A30-59DD-4203-AA6B-664275F59E3F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fb5d3104-e36a-4208-9b45-522c6468f566}: [DhcpNameServer] 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\Petr\Desktop
Edge HomeButtonPage: HKU\S-1-5-21-3289169553-1937731841-1937761989-1001 -> hxxp://seznam.cz/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-17]
Edge DownloadDir: C:\Users\Petr\Desktop
Edge HomePage: Default -> hxxp://seznam.cz/
Edge StartupUrls: Default -> "hxxp://seznam.cz/"
Edge DefaultSearchURL: Default -> hxxps://blobs.officehome.msocdn.com/versionless/webmanifestimages/OfficeDesktop_192.png
Edge Extension: (Office) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ocdlmjhbenodhlknglojajgokahchlkk [2020-09-30]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-11-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-11-23] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-14] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2021-04-16]
CHR DownloadDir: C:\Users\Petr\Desktop
CHR Notifications: Default -> hxxps://meet.google.com; hxxps://www.instagram.com
CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/chromoting/chromoting_logo_512.png
CHR Extension: (Prezentace) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-07]
CHR Extension: (Just Black) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2020-10-07]
CHR Extension: (Dokumenty) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-07]
CHR Extension: (Disk Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-12]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-07]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efmjfjelnicpmdcmfikempdhlmainjcb [2021-01-19]
CHR Extension: (Tabulky) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-16]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2021-01-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7888408 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [623216 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56920 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788368 2021-03-29] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2021-03-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12835096 2021-01-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10359000 2021-03-26] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-09-29] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MsMpEng.exe [103168 2020-09-29] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35680 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208552 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365520 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250328 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99288 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2020-12-31] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41304 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [177872 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107808 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83368 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850120 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [466696 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216376 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-04-05] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-09-25] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-09-25] (Disc Soft Ltd -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 HWHandSet; C:\WINDOWS\System32\drivers\hw_quusbmdm.sys [226560 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hwusb_cdcacm; C:\WINDOWS\System32\drivers\hw_cdcacm.sys [127360 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 hw_usbdev; C:\WINDOWS\System32\drivers\hw_usbdev.sys [116864 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R1 vbdenum; C:\WINDOWS\System32\drivers\vbdenum.sys [119432 2020-04-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6436768 2021-03-25] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [376544 2020-09-29] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-09-29] (Microsoft Windows -> Microsoft Corporation)
S3 VIAHdAudAddService; \SystemRoot\system32\drivers\viahduaa.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-17 12:42 - 2021-04-17 12:43 - 000019916 _____ C:\Users\Petr\Desktop\FRST.txt
2021-04-17 12:41 - 2021-04-17 12:43 - 000000000 ____D C:\FRST
2021-04-17 12:40 - 2021-04-17 12:41 - 002298368 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2021-04-15 23:01 - 2021-04-15 23:01 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-15 23:01 - 2021-04-15 23:01 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-15 23:01 - 2021-04-15 23:01 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-15 20:00 - 2021-04-15 20:00 - 000251740 _____ C:\Users\Petr\Desktop\PD.pdf
2021-04-14 10:22 - 2021-04-14 10:22 - 000068891 _____ C:\Users\Petr\Desktop\Rezervace očkování.pdf
2021-04-10 09:01 - 2021-04-10 09:02 - 000000000 ____D C:\AdwCleaner
2021-04-10 09:01 - 2021-04-10 09:01 - 008534696 _____ (Malwarebytes) C:\Users\Petr\Desktop\adwcleaner_8.2.exe
2021-04-09 19:03 - 2021-04-10 07:27 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2021-04-09 19:03 - 2021-04-09 19:03 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2021-04-09 19:03 - 2021-04-09 19:03 - 000000000 ____D C:\Program Files\VIA
2021-04-09 19:03 - 2012-10-22 16:44 - 002994808 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\VIAPropPageExt.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 001161336 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\ViaKaraokeApo.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 001119352 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\ViaMicArrayAPO.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 000683640 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\VIASysFx.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 000248952 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Dts2APO.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 000123512 _____ (VIA Technologies,Inc.) C:\WINDOWS\system32\ViaKaraokePropPageExt.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 000095352 _____ (VIA Technologies,Inc.) C:\WINDOWS\system32\ViaMicArrayPropPageExt.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 000092280 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Dts2PropPageExt.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 000070776 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\VtSrdAPO.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 000055416 _____ (TODO: <Company name>) C:\WINDOWS\system32\PropPageExt.dll
2021-04-09 19:03 - 2012-10-22 16:44 - 000027768 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\ViakaraokeSrv.exe
2021-04-09 19:03 - 2012-09-24 16:33 - 003141496 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioVIA64.dll
2021-04-09 19:03 - 2012-09-24 16:32 - 002080120 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2021-04-09 19:03 - 2012-09-05 17:12 - 000860024 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2021-04-09 19:03 - 2012-07-15 13:16 - 000394104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2021-04-09 19:03 - 2012-06-28 16:54 - 000086016 _____ (QSound Labs, Inc.) C:\WINDOWS\system32\nQPropPageExt.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 007163744 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEP64H.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 007163744 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEP64A.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 000433504 _____ (Dolby Laboratories) C:\WINDOWS\system32\EED64H.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 000433504 _____ (Dolby Laboratories) C:\WINDOWS\system32\EED64A.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 000137056 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEL64H.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 000137056 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEL64A.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 000120160 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEA64H.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 000120160 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEA64A.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 000075104 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEG64H.dll
2021-04-09 19:03 - 2011-12-15 14:16 - 000075104 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEG64A.dll
2021-04-09 19:03 - 2011-09-27 18:13 - 000879616 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMAPO64.DLL
2021-04-09 19:03 - 2011-09-27 18:13 - 000739328 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\VMAPO32.DLL
2021-04-09 19:03 - 2011-09-27 18:13 - 000619520 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMTHX64.DLL
2021-04-09 19:03 - 2011-09-27 18:13 - 000554496 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\VMTHX32.DLL
2021-04-09 19:03 - 2011-09-27 18:13 - 000057856 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMPPLD64.DLL
2021-04-09 19:03 - 2011-06-08 18:19 - 000083968 _____ (QSound Labs, Inc.) C:\WINDOWS\system32\nQAPO.dll
2021-04-09 19:03 - 2010-10-26 18:55 - 000074240 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMWRP64.DLL
2021-04-09 19:03 - 2010-10-26 18:54 - 000053760 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\VMPPCN64.DLL
2021-04-09 19:03 - 2009-07-31 11:40 - 000025600 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\VMfilt64.sys
2021-04-09 19:02 - 2021-04-09 19:03 - 000000000 ____D C:\Program Files (x86)\VIA
2021-04-05 13:37 - 2021-04-05 13:36 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-04-05 13:37 - 2021-04-05 13:36 - 000216376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-03-25 21:24 - 2021-03-25 21:24 - 000000000 ____D C:\Users\Petr\AppData\Local\VALORANT
2021-03-25 21:24 - 2021-03-25 21:24 - 000000000 ____D C:\Users\Petr\AppData\Local\UnrealEngine
2021-03-25 20:22 - 2021-03-25 20:28 - 000257780 _____ C:\WINDOWS\ntbtlog.txt
2021-03-25 20:22 - 2021-03-25 20:22 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-03-25 20:02 - 2021-04-10 07:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-03-25 20:02 - 2021-03-25 20:02 - 000000000 ____D C:\Program Files\VS Revo Group
2021-03-25 19:33 - 2021-03-27 21:37 - 000000000 ____D C:\Program Files\Riot Vanguard
2021-03-25 17:55 - 2021-03-25 18:02 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-03-24 22:38 - 2021-03-25 18:51 - 000001627 _____ C:\Users\Public\Desktop\VALORANT.lnk
2021-03-24 13:09 - 2021-03-24 13:09 - 000022448 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\eac_usermode_5166480229826.dll
2021-03-24 12:44 - 2021-03-24 12:44 - 000000000 ____D C:\Users\Petr\Documents\My Games
2021-03-24 12:24 - 2021-03-24 12:24 - 000000000 ____D C:\Users\Petr\AppData\Roaming\EasyAntiCheat
2021-03-24 12:24 - 2021-03-24 12:24 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-03-24 11:27 - 2021-03-24 11:27 - 000000222 _____ C:\Users\Petr\Desktop\Paladins.url
2021-03-23 17:01 - 2021-03-23 17:02 - 000469931 _____ C:\Users\Petr\Documents\Plná moc.pdf
2021-03-20 15:05 - 2021-04-16 20:19 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2021-03-18 14:50 - 2021-03-18 14:50 - 001368824 _____ C:\Users\Petr\Desktop\MZ 20-21.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-17 12:40 - 2020-09-29 21:05 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-17 12:31 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-17 10:41 - 2020-10-12 20:07 - 000000000 ____D C:\Program Files\CCleaner
2021-04-17 10:24 - 2020-09-29 19:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-17 09:33 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-17 09:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-17 09:32 - 2020-10-08 10:19 - 000004210 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B620A067-F333-4478-A6CC-B1B86B683051}
2021-04-17 09:32 - 2020-04-03 14:22 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-17 09:31 - 2020-09-29 21:03 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-04-16 23:16 - 2020-09-29 19:38 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-16 20:22 - 2018-06-08 08:10 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-16 12:18 - 2020-10-02 15:08 - 000000000 ____D C:\ProgramData\Riot Games
2021-04-16 11:34 - 2020-09-29 20:57 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-16 11:34 - 2020-09-29 20:57 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-16 10:45 - 2020-09-29 21:01 - 000000000 ____D C:\ProgramData\Avast Software
2021-04-16 10:41 - 2020-09-29 20:02 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-16 10:41 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-04-16 10:41 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-04-16 10:41 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-16 10:34 - 2020-09-29 21:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-16 10:34 - 2020-09-29 19:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-16 10:34 - 2020-06-25 20:19 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-15 23:18 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-15 23:15 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-15 23:15 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-15 23:15 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-15 23:06 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-15 22:39 - 2020-09-29 20:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-15 22:36 - 2020-09-29 20:41 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-15 19:11 - 2020-09-29 20:15 - 000000000 ____D C:\Users\Petr\AppData\Local\Packages
2021-04-14 07:48 - 2020-10-07 15:34 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-12 09:50 - 2020-09-29 20:19 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3289169553-1937731841-1937761989-1001
2021-04-12 09:50 - 2020-09-29 19:51 - 000002362 _____ C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 09:50 - 2018-06-07 09:45 - 000000000 ___RD C:\Users\Petr\OneDrive
2021-04-07 16:40 - 2020-09-30 16:20 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-07 15:57 - 2020-11-22 17:48 - 000000000 ____D C:\Users\Petr\AppData\Roaming\vlc
2021-04-06 18:17 - 2020-11-22 17:48 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-04-05 13:37 - 2020-09-29 21:02 - 000326976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-04-05 13:37 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-05 13:36 - 2020-10-23 10:38 - 000177872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000850120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000466696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000365520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000250328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000208552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000107808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000099288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000083368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000041304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-04-05 13:36 - 2020-09-29 21:02 - 000035680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-04-04 09:24 - 2020-05-14 18:49 - 000002238 ____H C:\Users\Petr\Documents\Default.rdp
2021-04-04 07:52 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-04-02 22:24 - 2020-09-29 19:29 - 000440424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-02 22:21 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-02 22:21 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-02 22:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-02 22:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-02 22:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-02 22:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-02 22:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-02 22:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-02 22:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-02 22:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-02 22:09 - 2020-09-29 19:37 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-02 11:37 - 2021-02-26 21:33 - 000000000 ____D C:\Users\Petr\AppData\Local\ElevatedDiagnostics
2021-04-01 12:01 - 2020-09-29 20:21 - 000000000 ____D C:\Users\Petr\AppData\Local\PlaceholderTileLogoFolder
2021-03-31 11:38 - 2021-03-02 12:15 - 000000000 ____D C:\Users\Petr\AppData\Local\Citrix
2021-03-25 21:05 - 2020-10-02 15:45 - 000000000 ____D C:\Users\Petr\AppData\Roaming\discord
2021-03-25 19:53 - 2020-10-16 15:45 - 000000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2021-03-25 19:53 - 2020-10-12 20:07 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-25 18:31 - 2020-10-02 15:18 - 000000000 ____D C:\Riot Games
2021-03-24 22:38 - 2020-10-02 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-03-24 21:57 - 2020-09-29 21:44 - 000000000 ____D C:\Users\Petr\AppData\Roaming\TeamViewer
2021-03-24 15:56 - 2020-09-29 19:51 - 000000000 ____D C:\Users\Petr
2021-03-24 13:15 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-03-24 12:23 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-24 12:21 - 2020-09-29 21:15 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-20 15:12 - 2020-10-02 15:08 - 000000000 ____D C:\Users\Petr\AppData\Local\Riot Games

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Petr (17-04-2021 12:46:04)
Running from C:\Users\Petr\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2020-09-29 18:12:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3289169553-1937731841-1937761989-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3289169553-1937731841-1937761989-503 - Limited - Disabled)
Guest (S-1-5-21-3289169553-1937731841-1937761989-501 - Limited - Disabled)
Petr (S-1-5-21-3289169553-1937731841-1937761989-1001 - Administrator - Enabled) => C:\Users\Petr
WDAGUtilityAccount (S-1-5-21-3289169553-1937731841-1937761989-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20149 - Adobe Systems Incorporated)
AIDA64 Extreme v5.80 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.80 - FinalWire Ltd.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.2.2455 - Avast Software)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.01 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Citrix Receiver 4.12 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.12.0.18020 - Citrix Systems, Inc.)
Discord (HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
League of Legends (HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Microsoft 365 Apps pro firmy - cs-cz (HKLM\...\O365BusinessRetail - cs-cz) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\Teams) (Version: 1.3.00.21759 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Online Plug-in (HKLM-x32\...\{2E9881CA-E41C-45E5-8055-61A4CC1BF93F}) (Version: 14.12.0.18020 - Citrix Systems, Inc.) Hidden
Revo Uninstaller 2.2.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.5 - VS Revo Group, Ltd.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Self-service Plug-in (HKLM-x32\...\{7A029AB7-8CC4-4FE8-904F-A090248C1BC7}) (Version: 4.12.0.18013 - Citrix Systems, Inc.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.14.5 - TeamViewer)
VALORANT (HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VariCAD Viewer 2021-1.02 CZ (HKLM\...\VariCADViewer_CZ) (Version: 2021-1.02 - VariCAD s.r.o)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\WhatsApp) (Version: 2.2047.11 - WhatsApp)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-23] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-02] (Microsoft Studios) [MS Ad]
Office -> C:\Program Files\WindowsApps\www.office.com-6A424043_1.0.0.0_neutral__hhrgrbe39qw14 [2021-03-28] (www.office.com)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-01] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3289169553-1937731841-1937761989-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3289169553-1937731841-1937761989-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Petr\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-05] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-04-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Chrome Remote Desktop.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-11-23] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-23] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2018-05-17] (Citrix Systems, Inc. -> Citrix Systems, Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\sharepoint.com -> hxxps://kbagrafitec-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\Control Panel\Desktop\\Wallpaper -> d:\petr\ovladače\img9.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3289169553-1937731841-1937761989-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C6D8BEF9-309F-475D-84EF-413F0B6F8BDA}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{55B8EBE7-EDA7-4FB3-BC13-E19B09F8FC82}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1E948168-8F27-4E81-A98A-1290AF1E15AE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{DB0FA376-32F5-4B6F-9081-0CE30AB85535}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{22B9B73B-FC0B-4B6B-A75D-46D71E3B73BE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F72A9C3C-0C15-4A98-8557-CA4A4D8FA84F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EEE1AE6D-2412-4BFB-94E9-23DD2D4B5E71}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC0A25A5-2C48-456E-9E3C-0AA29D1BF48B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{11E44AF9-E017-49BE-89BC-2B8A202D22B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\March of Empires\MOE.exe () [File not signed]
FirewallRules: [{758E3867-2B1E-4723-BD07-CAE59ED879C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\March of Empires\MOE.exe () [File not signed]
FirewallRules: [TCP Query User{01F3E7DD-ADB6-41E9-AFEA-6AD1BF728E3E}D:\denisa\hry\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\denisa\hry\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{DEEC8326-290E-4B89-884B-7A71B856A8B6}D:\denisa\hry\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\denisa\hry\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{0249CFDA-68B9-4D01-A4CB-6790486408FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RCCars\RCCars.exe (Computer Graphics Studio CREAT) [File not signed]
FirewallRules: [{F13F5722-9895-445D-A150-04CD78B6D9EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RCCars\RCCars.exe (Computer Graphics Studio CREAT) [File not signed]
FirewallRules: [{4601C5C9-9161-48AE-8F61-D9C8684BD2ED}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16363E17-B077-48A8-8B0F-CD523EFAC47D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A8BD3BCA-3DB9-4388-B910-041ED569EC83}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E7A93BA0-0C48-46D4-868E-A1FACCCD219D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17C1D05B-9AF3-4BF7-AC40-865C6A1B106D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5B61BE41-F952-419A-B191-2861D73ACE8F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{34FC3482-0147-4CE8-91E7-8A47BAF3E3F9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B952482E-BBAC-41D5-8169-F32351C4A80D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1FDFD9EC-24F2-42BE-AC2A-93703982C6F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{D11F8981-B382-4191-B7D1-0BB777A9828D}D:\denisa\hry\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\denisa\hry\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{E937AA7A-0E56-46D1-9F6E-2F98ED848B27}D:\denisa\hry\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\denisa\hry\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{A53295C4-4919-4CB1-8671-1E9DE6D39B12}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [UDP Query User{DDDFE386-26CE-48AA-9CEF-4E334EFD22C3}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [TCP Query User{43B4CAAC-1EBD-4F9B-8263-C60C33FE7D0A}C:\users\petr\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\petr\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{29B89ED9-89B9-42CB-896E-E507BE8A3BAC}C:\users\petr\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\petr\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{35CE8502-F883-4BEB-BF0C-C6D74CBB6218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{3AF0E729-AE1E-4D0D-A38F-4098A1BF7B5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{0044A0A8-320C-42F4-85C0-D511349F6338}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{69AEDED4-8D96-4C15-A08D-0503A67C73EB}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{42358730-F39B-408B-AA7C-571C4866AB81}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{799FBB0B-83CA-43C4-89A5-56F2F1B62B97}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{584A3A8D-2336-4527-96F8-9126DA631B9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0E2D55EB-F872-45FE-B976-89B3649D9A97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\PaladinsEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{B181658D-EC43-40AA-81A7-E9F050250102}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [UDP Query User{E03DA6CE-CA82-407C-A756-739CFD7EEFCD}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe (Hirez Studios, Inc.) [File not signed]
FirewallRules: [{1333CC64-1A5B-4DE2-A5DD-810E6AE5E656}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{F951A4FD-9654-4F4C-B216-608A46C55D58}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{5883C4D8-D3C8-483C-98D9-779D081B5046}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{CFEC17B5-C23E-41BC-9CA9-604BB02F65EB}] => (Allow) C:\Riot Games\Riot Client\RiotClientServices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{5D929ECD-A73C-4DFE-BF16-4C52EFC3867F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3D0D3426-9E2A-46F2-9B7D-FFCCE1CCC124}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22073611-8844-4D75-8C39-BB4420DD02CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7042D90A-49FB-44DD-8BA2-C083500E251A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F24FAC75-4CE1-4DC6-8EB0-DF168AFADE74}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B38962C5-FAD5-4EFA-A4BD-6698B58C521A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5DD69B65-CB0D-4B90-9216-6ED5FE18E669}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9EB56B38-9636-4D3F-80FE-F24B4ADE6FCA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D1BC181-47F5-4D80-854F-468E664FA23A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{666CF163-4C33-4EBF-8518-A49776DCAD79}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.77\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

28-03-2021 14:08:32 Instalační služba modulů systému Windows
02-04-2021 21:51:36 Instalační služba modulů systému Windows
10-04-2021 20:30:59 Naplánovaný kontrolní bod
15-04-2021 22:39:51 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============

Name: Mikrofon (High Definition Audio Device)
Description: Zvukový koncový bod
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Mikrofon (Steam Streaming Microphone)
Description: Zvukový koncový bod
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Mikrofon (High Definition Audio Device)
Description: Zvukový koncový bod
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/14/2021 10:06:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/14/2021 09:28:42 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/14/2021 09:28:41 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Uložiště (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/10/2021 07:28:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/10/2021 07:28:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/10/2021 07:25:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (04/10/2021 07:21:30 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (04/09/2021 08:41:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AUDIODG.EXE, verze: 10.0.19041.906, časové razítko: 0x985b4154
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.844, časové razítko: 0x60a6ca36
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000025bb6
ID chybujícího procesu: 0xb78
Čas spuštění chybující aplikace: 0x01d72d6e640c1a9c
Cesta k chybující aplikaci: C:\WINDOWS\system32\AUDIODG.EXE
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: b12496e2-7bf0-4c26-9539-ea6de280a1a1
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (04/16/2021 03:16:11 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GC5ULMC)
Description: Server {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/13/2021 05:39:55 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GC5ULMC)
Description: Server Windows.Media.Capture.Internal.AppCaptureShell se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/13/2021 11:30:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (04/13/2021 11:30:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (04/12/2021 08:27:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GC5ULMC)
Description: Server Windows.Media.Capture.Internal.AppCaptureShell se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/12/2021 06:47:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (04/10/2021 09:12:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/10/2021 09:12:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.


CodeIntegrity:
===============
Date: 2021-04-17 12:41:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V1.3 11/15/2010
Motherboard: MSI 760GM-P33 (MS-7623)
Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 40%
Total physical RAM: 8191.18 MB
Available physical RAM: 4879.41 MB
Total Virtual: 9471.18 MB
Available Virtual: 5824.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.47 GB) (Free:770.42 GB) NTFS
Drive d: (Uložiště) (Fixed) (Total:1863.01 GB) (Free:422 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{9b0c9b0c-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{9b0c9b0c-0000-0000-0000-90c0e8000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: F8F2D247)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9B0C9B0C)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=513 MB) - (Type=27)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PredyP
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 1227
Registrován: 24 kvě 2007 21:52
Bydliště: Východ Čech

Re: Prevence

#3 Příspěvek od PredyP »

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-08.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-17-2021
# Duration: 00:00:03
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1405 octets] - [10/04/2021 09:02:18]
AdwCleaner[C00].txt - [1595 octets] - [10/04/2021 09:12:26]
AdwCleaner[S01].txt - [1527 octets] - [17/04/2021 20:05:11]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#4 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {BCF44F93-4F4E-425D-BEF4-4322E7833227} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-07] (Google LLC -> Google LLC)
Task: {C2266C8D-28FB-4E73-8CF7-639634139751} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {E6AC6631-DCCA-4E46-8E29-9EE9B7ADF640} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-07] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 VIAHdAudAddService; \SystemRoot\system32\drivers\viahduaa.sys [X]

EmptyTemp:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PredyP
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 1227
Registrován: 24 kvě 2007 21:52
Bydliště: Východ Čech

Re: Prevence

#5 Příspěvek od PredyP »

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Petr (17-04-2021 20:30:41) Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {BCF44F93-4F4E-425D-BEF4-4322E7833227} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-07] (Google LLC -> Google LLC)
Task: {C2266C8D-28FB-4E73-8CF7-639634139751} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {E6AC6631-DCCA-4E46-8E29-9EE9B7ADF640} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-07] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S3 VIAHdAudAddService; \SystemRoot\system32\drivers\viahduaa.sys [X]

EmptyTemp:
*****************

HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCF44F93-4F4E-425D-BEF4-4322E7833227}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCF44F93-4F4E-425D-BEF4-4322E7833227}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2266C8D-28FB-4E73-8CF7-639634139751}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2266C8D-28FB-4E73-8CF7-639634139751}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E6AC6631-DCCA-4E46-8E29-9EE9B7ADF640}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6AC6631-DCCA-4E46-8E29-9EE9B7ADF640}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\VIAHdAudAddService => removed successfully
VIAHdAudAddService => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 74879036 B
Java, Flash, Steam htmlcache => 195133736 B
Windows/system/drivers => 10207813 B
Edge => 0 B
Chrome => 439182529 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 70084 B
NetworkService => 70084 B
Petr => 214876947 B

RecycleBin => 2401727967 B
EmptyTemp: => 3.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:31:56 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#6 Příspěvek od Diallix »

Ok, ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Uživatelský avatar
PredyP
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 1227
Registrován: 24 kvě 2007 21:52
Bydliště: Východ Čech

Re: Prevence

#7 Příspěvek od PredyP »

Neměl jsem problém. Děkuji za pomoc.
:worship: :worship: :worship:

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prevence

#8 Příspěvek od Diallix »

V pohode, nemate zaco :]]
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Zamčeno