Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zavirovany chrome/win 10 gatustox gestyy

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Zpráva
Autor
virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Zavirovany chrome/win 10 gatustox gestyy

#1 Příspěvek od virovymag »

Ahoj bohuzel mam dost podobny problem viz obrazek


Po nabehnuti win 10 mio hned nabehne sam Chrome se sadou viru zalozek gestyy , gatustox, ... prosim dokazete me jako nemehlo navadet co mam delat.
dekuju moc

Obrázek

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zavirovany chrome/win 10 gatustox gestyy

#2 Příspěvek od Rudy »

Zdravím! Dejte logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Re: Zavirovany chrome/win 10 gatustox gestyy

#3 Příspěvek od virovymag »

Dekuju moc za zajem.

frst
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-03-2020
Ran by Eva (administrator) on DESKTOP-47MPNF7 (LENOVO 80SM) (25-03-2020 17:43:24)
Running from C:\Users\Eva\Downloads
Loaded Profiles: Eva (Available Profiles: Eva)
Platform: Windows 10 Home Version 1809 17763.973 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Conexant Systems, Inc.) [File not signed] C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Temp\GUM173.tmp\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{A4CE0F7E-CEC0-42C6-9D08-345CABA93C08}\GoogleUpdateSetup.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Eva\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoUtility] => "C:\Program Files\Lenovo\LenovoUtility\utility.exe"
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831768 2016-08-29] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-25] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-25] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1139041B-F6F4-4219-A41A-6037733A9177} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {23822574-5917-40F1-9E1C-A03D1D9C5F65} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {28093651-BEA9-4BBC-956B-1706706CE719} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {305E98B6-2B34-4053-A96A-F1A1DACF0CF3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6d37756e-628b-46d5-a4ca-a40dd0aead8b => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {3B3A276A-A181-47B3-973B-815EF8C3F471} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d2c4a410-ed1a-4a98-a2e8-aeb52133e7cd => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {5725A494-DE1A-4E88-A6A8-3917547A2950} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3907094637-1769742579-2507837433-1001 => C:\Users\Eva\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {6438794C-2EEF-44F5-9839-9B6E84ADC29D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6148504 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A63C522-8E67-4E6D-A971-A2521BD49E5C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\03be25a7-c7e1-494b-b368-8ef17561acde => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {6E5B3033-8A98-4E3B-8A14-65A20C57B47E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => "%windir%\system32\WindowsPowerShell\v1.0\PowerShell.exe" "powershell -executionpolicy bypass -file %ProgramData%\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\data\Maintenance.ps1"
Task: {75FFC4CD-A751-48A1-9A9D-A8DBF9BAF6B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24707448 2020-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {797F8A5D-3624-477E-91D8-8FDC56E1960F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [54424 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {91812944-F03A-4313-9FA9-38A722985996} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A2632D8C-883D-48E8-884E-2046762C73F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {A57AAE03-B657-4FB4-8A05-E94B61C4BF9F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6148504 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CDF01B57-0470-47A6-83C0-52254DE42751} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {DA0B873B-A309-427F-9CF4-06CEA607D93D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E072E088-D5BA-422F-ADE3-0BDA58F8544D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24707448 2020-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2DC844C-FC5E-4B3F-AD4C-98BF8AE78054} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3e36c7bd-b3b8-4fdc-8575-38e3da7c62c0 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {E7DC05BA-2ED6-4699-ADC8-47FE4061BB21} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3B4DAD7-C08D-4AE4-A983-F9ABD5AEF85F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{c8e6eeab-2143-42f7-a2be-d7739bc8e95d}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default [2020-03-25]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Extension: (Prezentace) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-28]
CHR Extension: (Dokumenty) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-28]
CHR Extension: (Disk Google) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-28]
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-28]
CHR Extension: (Tabulky) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-02]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10628888 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [File not signed]
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
R2 SAService; C:\Windows\system32\SAsrv.exe [431960 2015-09-15] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258648 2018-01-06] (Synaptics Incorporated -> Synaptics Incorporated)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 UIUService; %SystemRoot%\system32\UIUSrv.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_851a79f66682d708\nvlddmkm.sys [14482360 2017-09-29] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2355544 2018-07-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [427520 2016-11-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3150336 2017-01-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-25 17:43 - 2020-03-25 17:45 - 000019609 _____ C:\Users\Eva\Downloads\FRST.txt
2020-03-25 17:42 - 2020-03-25 17:44 - 000000000 ____D C:\FRST
2020-03-25 17:42 - 2020-03-25 17:42 - 002279936 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2020-03-25 17:37 - 2020-03-25 17:43 - 000003474 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-25 17:37 - 2020-03-25 17:43 - 000003350 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-25 17:37 - 2020-03-25 17:37 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-25 17:37 - 2020-03-25 17:37 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-03-25 15:27 - 2020-03-25 15:37 - 000000000 ____D C:\ProgramData\HitmanPro
2020-03-25 14:58 - 2020-03-25 14:58 - 000000000 ____D C:\Users\Eva\AppData\Local\cache
2020-03-25 14:57 - 2020-03-25 14:57 - 000000000 ____D C:\Users\Eva\AppData\Local\mbamtray
2020-03-25 14:57 - 2020-03-25 14:57 - 000000000 ____D C:\Users\Eva\AppData\Local\mbam
2020-03-25 14:56 - 2020-03-25 14:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-25 14:01 - 2020-03-25 14:01 - 000000000 ____D C:\Users\Eva\AppData\Roaming\WiperSoft
2020-03-25 14:00 - 2020-03-25 16:47 - 000000000 ____D C:\Program Files\WiperSoft
2020-03-25 13:19 - 2020-03-25 13:19 - 000000000 ____D C:\Users\Eva\AppData\Roaming\WinRAR
2020-03-25 12:07 - 2020-03-25 12:07 - 000000000 ____D C:\Users\Eva\AppData\Local\ESET
2020-03-25 12:07 - 2020-03-25 12:07 - 000000000 ____D C:\Users\Eva\AppData\Local\D3DSCache
2020-03-25 11:55 - 2020-03-25 11:55 - 000000000 ____D C:\Users\Eva\AppData\Local\CEF
2020-03-25 11:53 - 2020-03-25 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-03-25 11:31 - 2020-03-25 11:31 - 000000000 ____D C:\Program Files\AVAST Software
2020-03-25 11:30 - 2020-03-25 12:26 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-25 10:51 - 2020-03-25 10:56 - 080151770 _____ C:\Users\Eva\Downloads\Office 2013 aktivátor.rar
2020-03-25 10:50 - 2020-03-25 10:50 - 000000111 _____ C:\Users\Eva\Downloads\activation key Office 2013.txt
2020-03-25 10:49 - 2020-03-25 10:49 - 000085402 _____ C:\Users\Eva\Downloads\[SkT]KMSpico_9.0.5.20131111_Final_-_Microsoft_Office_-_Windows_Activator_(2010-2013).torrent
2020-03-25 10:46 - 2020-03-25 10:46 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2020-03-25 10:43 - 2020-03-25 10:46 - 056210075 _____ C:\Users\Eva\Downloads\Office 2013 Activator.zip
2020-03-25 10:37 - 2020-03-25 10:37 - 000000000 ____D C:\Users\Eva\AppData\Local\Microsoft Help
2020-03-25 10:23 - 2020-03-25 10:24 - 003080123 _____ C:\Users\Eva\Downloads\Office 2016 instalátor + aktivátor (1).rar
2020-03-25 10:19 - 2020-03-25 17:29 - 000000000 ____D C:\Program Files (x86)\WinRAR
2020-03-25 10:19 - 2020-03-25 10:19 - 000001966 _____ C:\Users\Public\Desktop\WinRAR.lnk
2020-03-25 10:14 - 2020-03-25 10:14 - 007838463 _____ (RARLAB) C:\Users\Eva\Downloads\WinRAR 32-64bit v5.71.exe
2020-03-25 10:13 - 2020-03-25 10:13 - 003080123 _____ C:\Users\Eva\Downloads\Office 2016 instalátor + aktivátor.rar
2020-03-24 17:32 - 2020-03-24 17:32 - 000002846 _____ C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.docx.html
2020-03-24 17:32 - 2020-03-24 17:32 - 000000000 ____D C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.docx_files
2020-03-24 17:26 - 2020-03-24 17:26 - 000113332 _____ C:\Users\Eva\Downloads\sb045-20-AK.pdf
2020-03-24 17:22 - 2020-03-24 17:22 - 000162598 _____ C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.pdf
2020-03-24 08:43 - 2020-03-24 08:43 - 000196280 _____ C:\Users\Eva\Downloads\Elektronické podepisování LD a ZPK_v02.pdf
2020-03-24 08:43 - 2020-03-24 08:43 - 000196280 _____ C:\Users\Eva\Downloads\Elektronické podepisování LD a ZPK_v02 (1).pdf
2020-03-24 08:42 - 2020-03-24 08:42 - 000244275 _____ C:\Users\Eva\Downloads\010412 Eva Hrubonova zaznam.pdf
2020-03-22 18:24 - 2020-03-22 18:25 - 000196473 _____ C:\Users\Eva\Downloads\Mimořádné-opatření-doba-pro-seniory.pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (3).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (5).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (4).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (3).pdf
2020-03-19 15:17 - 2020-03-19 15:17 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (3).pdf
2020-03-19 15:16 - 2020-03-19 15:16 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318 (2).pdf
2020-03-19 15:15 - 2020-03-19 15:15 - 000289290 _____ C:\Users\Eva\Downloads\13288_2020-03-19_10-09-23 (1).pdf
2020-03-19 15:12 - 2020-03-19 15:12 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318 (1).pdf
2020-03-19 15:07 - 2020-03-19 15:07 - 000044225 _____ C:\Users\Eva\Downloads\Vaculíková.pdf
2020-03-19 15:06 - 2020-03-19 15:06 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318.pdf
2020-03-19 15:05 - 2020-03-19 15:05 - 000289290 _____ C:\Users\Eva\Downloads\13288_2020-03-19_10-09-23.pdf
2020-03-19 09:33 - 2020-03-19 09:33 - 000302908 _____ C:\Users\Eva\Downloads\Interni sdeleni - omezeni cinnosti 30 (1).pdf
2020-03-19 09:32 - 2020-03-19 09:32 - 000302908 _____ C:\Users\Eva\Downloads\Interni sdeleni - omezeni cinnosti 30.pdf
2020-03-19 09:31 - 2020-03-19 09:31 - 000285763 _____ C:\Users\Eva\Downloads\Interni sdeleni.pdf
2020-03-18 09:49 - 2020-03-18 09:49 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (2).pdf
2020-03-18 09:49 - 2020-03-18 09:49 - 000014157 _____ C:\Users\Eva\Downloads\Sešit1.xlsx
2020-03-18 09:49 - 2020-03-18 09:49 - 000014157 _____ C:\Users\Eva\Downloads\Sešit1 (1).xlsx
2020-03-18 09:48 - 2020-03-18 09:48 - 001924729 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 15.3.2020.pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 001924729 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 15.3.2020 (1).pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 000278020 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 13.3.2020.pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 000278020 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 13.3.2020 (1).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (4).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (3).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4.pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (2).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (1).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (2).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (1).pdf
2020-03-18 09:43 - 2020-03-18 09:43 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020.pdf
2020-03-18 09:43 - 2020-03-18 09:43 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (1).pdf
2020-03-17 16:45 - 2020-03-17 16:47 - 000000000 ____D C:\Users\Eva\AppData\Local\Brother
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\Users\Eva\AppData\Roaming\Brother
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\Users\Eva\AppData\Local\Nuance
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\ProgramData\Nuance
2020-03-17 16:43 - 2020-03-17 16:43 - 000000964 _____ C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2020-03-17 16:43 - 2020-03-17 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2020-03-17 16:43 - 2020-03-17 16:43 - 000000000 ____D C:\Program Files (x86)\Brother
2020-03-17 16:40 - 2020-03-17 16:40 - 000000000 ____D C:\ProgramData\Brother
2020-03-16 16:11 - 2020-03-16 16:11 - 000277580 _____ C:\Users\Eva\Downloads\7298 2020 koronavir.pdf
2020-03-16 16:11 - 2020-03-16 16:11 - 000277580 _____ C:\Users\Eva\Downloads\7298 2020 koronavir (1).pdf
2020-03-15 16:16 - 2020-03-15 16:16 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (2).pdf
2020-03-15 16:16 - 2020-03-15 16:16 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (1).pdf
2020-03-15 12:06 - 2020-03-15 12:06 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14.pdf
2020-03-14 18:39 - 2020-02-01 07:36 - 000801080 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2020-03-14 09:21 - 2020-03-14 09:21 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2020-03-14 09:10 - 2020-03-14 09:10 - 000001908 _____ C:\Windows\diagwrn.xml
2020-03-14 09:10 - 2020-03-14 09:10 - 000001908 _____ C:\Windows\diagerr.xml
2020-03-14 08:10 - 2020-03-14 08:10 - 000000000 ____D C:\Windows\Lenovo

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-25 17:45 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-03-25 17:45 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-03-25 17:41 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-25 17:39 - 2018-12-28 12:09 - 000000000 __SHD C:\Users\Eva\IntelGraphicsProfiles
2020-03-25 17:39 - 2018-12-28 11:40 - 000000000 ____D C:\ProgramData\NVIDIA
2020-03-25 17:39 - 2018-12-28 11:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-25 17:39 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-25 17:38 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI
2020-03-25 17:37 - 2018-12-28 11:34 - 000000000 ____D C:\Program Files (x86)\Google
2020-03-25 17:31 - 2018-12-28 11:13 - 000000000 ____D C:\Users\Eva
2020-03-25 17:29 - 2018-12-30 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2020-03-25 17:29 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\appcompat
2020-03-25 17:29 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Sysprep
2020-03-25 17:15 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\registration
2020-03-25 17:13 - 2018-12-30 22:28 - 000000000 ____D C:\Program Files\Microsoft Office
2020-03-25 17:13 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-03-25 16:23 - 2018-12-28 11:00 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-03-25 14:55 - 2018-12-28 11:14 - 000000000 ____D C:\Users\Eva\AppData\Local\Packages
2020-03-25 13:34 - 2018-12-28 10:59 - 000000000 ____D C:\Windows\Panther
2020-03-25 12:24 - 2018-12-28 11:34 - 000000000 ____D C:\Users\Eva\AppData\Local\PlaceholderTileLogoFolder
2020-03-25 09:29 - 2018-12-28 11:00 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-03-17 16:43 - 2018-12-28 12:12 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-15 11:50 - 2018-12-28 11:12 - 001693640 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-15 11:50 - 2018-09-15 18:32 - 000718198 _____ C:\Windows\system32\perfh005.dat
2020-03-15 11:50 - 2018-09-15 18:32 - 000145242 _____ C:\Windows\system32\perfc005.dat
2020-03-15 09:04 - 2019-12-02 16:58 - 000002359 _____ C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-15 09:04 - 2018-12-28 11:17 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3907094637-1769742579-2507837433-1001
2020-03-15 09:04 - 2018-12-28 11:17 - 000000000 ___RD C:\Users\Eva\OneDrive
2020-03-14 18:39 - 2018-12-30 22:37 - 000000000 ____D C:\Windows\system32\MRT
2020-03-14 18:37 - 2018-12-30 22:37 - 121542864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-03-14 09:20 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-03-14 09:11 - 2019-03-19 13:27 - 000000000 ___HD C:\$WINDOWS.~BT
2020-03-14 08:12 - 2018-12-28 11:50 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2020-03-14 06:40 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2020-03-14 06:39 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\SecureBootUpdates

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Re: Zavirovany chrome/win 10 gatustox gestyy

#4 Příspěvek od virovymag »

addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-03-2020
Ran by Eva (25-03-2020 17:46:19)
Running from C:\Users\Eva\Downloads
Windows 10 Home Version 1809 17763.973 (X64) (2018-12-28 10:10:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3907094637-1769742579-2507837433-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3907094637-1769742579-2507837433-503 - Limited - Disabled)
Eva (S-1-5-21-3907094637-1769742579-2507837433-1001 - Administrator - Enabled) => C:\Users\Eva
Guest (S-1-5-21-3907094637-1769742579-2507837433-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3907094637-1769742579-2507837433-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.64 - NVIDIA Corporation) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{82C288CC-A96D-43E3-9119-944DABF5DD61}) (Version: 0.8.0.74 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.149 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.12624.20320 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12624.20320 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\...\OneDriveSetup.exe) (Version: 20.028.0206.0009 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA Ovladače grafiky 382.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.64 - NVIDIA Corporation)
Odinstalace tiskárny EPSON XP-235 Series (HKLM\...\EPSON XP-235 Series) (Version: - Seiko Epson Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 382.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.64 - NVIDIA Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1720.1.0_x86__kgqvnymyfvs32 [2020-03-25] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2020-03-25] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2020-03-25] (Fitbit)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2020-03-25] (Netflix, Inc.)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.5.1.0_x64__nfy108tqq3p12 [2020-03-25] (Thumbmunkeys Ltd) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-06-19] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-02 18:03 - 2019-10-27 05:36 - 001261568 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A025784F-54AA-4419-8789-4F5602B4CCFC}] => (Allow) LPort=54950
FirewallRules: [{49B2C448-D7BE-4751-A6C0-139A3BB32968}] => (Allow) LPort=54955
FirewallRules: [{E3445AAD-1AAB-421E-ACA2-994B55D10FD1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

25-03-2020 10:30:27 Installed Microsoft Office Professional Plus 2013
25-03-2020 10:31:34 PROPLUS
25-03-2020 15:48:00 Operace obnovení

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 127.0.0.1

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[0]: ::1

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList.Length: 2

Error: (03/25/2020 05:39:17 PM) (Source: USBAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.


System errors:
=============
Error: (03/25/2020 05:43:16 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-47MPNF7)
Description: 0x8000002a31\??\C:\FRST\y3Hq7Na1Js\SOFTWARE

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.SecurityAppBroker
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXtkpga72yvgnjbh2szsk8vmsbpbz1gdw4.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXev0q5mj8fv73ggp36jh3aysp31079gw2.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXr00jd4y2rs4113e6sxhfbd9681pzfc60.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXvctmff39365zg14pgmystcwtys462fpa.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca


Windows Defender:
===================================
Date: 2020-03-25 16:59:17.480
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:BAT/AutoKMS
ID: 2147739951
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd; webfile:_C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd|https://proxycache32.uloz.to/Ps;Hs;up=0 ... 4873390179
Původ zjišťování: Internet
Typ zjišťování: Konkrétní
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: Unknown
Verze podpisu: AV: 1.311.1867.0, AS: 1.311.1867.0, NIS: 1.311.1867.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:19.847
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:19.560
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gendows
ID: 2147646077
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:17.981
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2013.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Windows.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:17.958
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2013.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 17:31:47.293
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2020-03-25 16:51:06.333
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2020-03-15 09:02:18.019
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2019-07-09 17:27:05.532
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1460.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-07-09 17:27:05.532
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1460.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-03-25 14:36:01.310
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 14:36:01.305
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:29:57.923
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:29:57.916
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:27:44.629
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:44.210
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:43.707
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:43.313
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 0XCN36WW 08/30/2016
Motherboard: LENOVO Toronto 5A2
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 67%
Total physical RAM: 4002 MB
Available physical RAM: 1281.7 MB
Total Virtual: 4706 MB
Available Virtual: 1591.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:884.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CEFACC11)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zavirovany chrome/win 10 gatustox gestyy

#5 Příspěvek od Rudy »

Nemáte zač. Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Re: Zavirovany chrome/win 10 gatustox gestyy

#6 Příspěvek od virovymag »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.3.0
# -------------------------------
# Build: 03-03-2020
# Database: 2020-03-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-25-2020
# Duration: 00:00:16
# OS: Windows 10 Home
# Scanned: 32067
# Detected: 10


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.WiperSoft C:\Program Files\WiperSoft
PUP.Optional.WiperSoft C:\Users\Eva\AppData\Roaming\WiperSoft

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\Eva\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoServiceBridge Folder C:\Users\Eva\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LenovoUtility



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zavirovany chrome/win 10 gatustox gestyy

#7 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Re: Zavirovany chrome/win 10 gatustox gestyy

#8 Příspěvek od virovymag »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-03-2020
Ran by Eva (25-03-2020 19:51:02)
Running from C:\Users\Eva\Downloads
Windows 10 Home Version 1809 17763.973 (X64) (2018-12-28 10:10:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3907094637-1769742579-2507837433-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3907094637-1769742579-2507837433-503 - Limited - Disabled)
Eva (S-1-5-21-3907094637-1769742579-2507837433-1001 - Administrator - Enabled) => C:\Users\Eva
Guest (S-1-5-21-3907094637-1769742579-2507837433-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3907094637-1769742579-2507837433-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.64 - NVIDIA Corporation) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{82C288CC-A96D-43E3-9119-944DABF5DD61}) (Version: 0.8.0.74 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.149 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.12624.20320 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12624.20320 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\...\OneDriveSetup.exe) (Version: 20.028.0206.0009 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA Ovladače grafiky 382.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.64 - NVIDIA Corporation)
Odinstalace tiskárny EPSON XP-235 Series (HKLM\...\EPSON XP-235 Series) (Version: - Seiko Epson Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 382.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.64 - NVIDIA Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1720.1.0_x86__kgqvnymyfvs32 [2020-03-25] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2020-03-25] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2020-03-25] (Fitbit)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2020-03-25] (Netflix, Inc.)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.5.1.0_x64__nfy108tqq3p12 [2020-03-25] (Thumbmunkeys Ltd) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-06-19] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-02 18:03 - 2019-10-27 05:36 - 001261568 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A025784F-54AA-4419-8789-4F5602B4CCFC}] => (Allow) LPort=54950
FirewallRules: [{49B2C448-D7BE-4751-A6C0-139A3BB32968}] => (Allow) LPort=54955
FirewallRules: [{E3445AAD-1AAB-421E-ACA2-994B55D10FD1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

25-03-2020 10:30:27 Installed Microsoft Office Professional Plus 2013
25-03-2020 10:31:34 PROPLUS
25-03-2020 15:48:00 Operace obnovení

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 127.0.0.1

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[0]: ::1

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList.Length: 2

Error: (03/25/2020 05:39:17 PM) (Source: USBAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.


System errors:
=============
Error: (03/25/2020 06:03:42 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-47MPNF7)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-47MPNF7\Eva (SID: S-1-5-21-3907094637-1769742579-2507837433-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:43:16 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-47MPNF7)
Description: 0x8000002a31\??\C:\FRST\y3Hq7Na1Js\SOFTWARE

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.SecurityAppBroker
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXtkpga72yvgnjbh2szsk8vmsbpbz1gdw4.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXev0q5mj8fv73ggp36jh3aysp31079gw2.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXr00jd4y2rs4113e6sxhfbd9681pzfc60.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca


Windows Defender:
===================================
Date: 2020-03-25 16:59:17.480
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:BAT/AutoKMS
ID: 2147739951
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd; webfile:_C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd|https://proxycache32.uloz.to/Ps;Hs;up=0 ... 4873390179
Původ zjišťování: Internet
Typ zjišťování: Konkrétní
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: Unknown
Verze podpisu: AV: 1.311.1867.0, AS: 1.311.1867.0, NIS: 1.311.1867.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:19.847
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:19.560
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gendows
ID: 2147646077
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:17.981
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2013.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Windows.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:17.958
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2013.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 17:31:47.293
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2020-03-25 16:51:06.333
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2020-03-15 09:02:18.019
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2019-07-09 17:27:05.532
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1460.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-07-09 17:27:05.532
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1460.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-03-25 14:36:01.310
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 14:36:01.305
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:29:57.923
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:29:57.916
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:27:44.629
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:44.210
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:43.707
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:43.313
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 0XCN36WW 08/30/2016
Motherboard: LENOVO Toronto 5A2
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 68%
Total physical RAM: 4002 MB
Available physical RAM: 1271.5 MB
Total Virtual: 4706 MB
Available Virtual: 1317.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:884.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CEFACC11)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Re: Zavirovany chrome/win 10 gatustox gestyy

#9 Příspěvek od virovymag »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-03-2020
Ran by Eva (administrator) on DESKTOP-47MPNF7 (LENOVO 80SM) (25-03-2020 19:49:03)
Running from C:\Users\Eva\Downloads
Loaded Profiles: Eva (Available Profiles: Eva)
Platform: Windows 10 Home Version 1809 17763.973 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Conexant Systems, Inc.) [File not signed] C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Eva\Desktop\adwcleaner_8.0.3.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Eva\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12003.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoUtility] => "C:\Program Files\Lenovo\LenovoUtility\utility.exe"
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831768 2016-08-29] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-25] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-25] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1139041B-F6F4-4219-A41A-6037733A9177} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {23822574-5917-40F1-9E1C-A03D1D9C5F65} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {28093651-BEA9-4BBC-956B-1706706CE719} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {305E98B6-2B34-4053-A96A-F1A1DACF0CF3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6d37756e-628b-46d5-a4ca-a40dd0aead8b => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {3B3A276A-A181-47B3-973B-815EF8C3F471} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d2c4a410-ed1a-4a98-a2e8-aeb52133e7cd => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {5725A494-DE1A-4E88-A6A8-3917547A2950} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3907094637-1769742579-2507837433-1001 => C:\Users\Eva\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {6438794C-2EEF-44F5-9839-9B6E84ADC29D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6148504 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A63C522-8E67-4E6D-A971-A2521BD49E5C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\03be25a7-c7e1-494b-b368-8ef17561acde => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {6E5B3033-8A98-4E3B-8A14-65A20C57B47E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => "%windir%\system32\WindowsPowerShell\v1.0\PowerShell.exe" "powershell -executionpolicy bypass -file %ProgramData%\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\data\Maintenance.ps1"
Task: {75FFC4CD-A751-48A1-9A9D-A8DBF9BAF6B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24707448 2020-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {797F8A5D-3624-477E-91D8-8FDC56E1960F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [54424 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {91812944-F03A-4313-9FA9-38A722985996} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A2632D8C-883D-48E8-884E-2046762C73F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {A57AAE03-B657-4FB4-8A05-E94B61C4BF9F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6148504 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CDF01B57-0470-47A6-83C0-52254DE42751} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {DA0B873B-A309-427F-9CF4-06CEA607D93D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E072E088-D5BA-422F-ADE3-0BDA58F8544D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24707448 2020-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2DC844C-FC5E-4B3F-AD4C-98BF8AE78054} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3e36c7bd-b3b8-4fdc-8575-38e3da7c62c0 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {E7DC05BA-2ED6-4699-ADC8-47FE4061BB21} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3B4DAD7-C08D-4AE4-A983-F9ABD5AEF85F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{c8e6eeab-2143-42f7-a2be-d7739bc8e95d}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default [2020-03-25]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Extension: (Prezentace) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-28]
CHR Extension: (Dokumenty) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-28]
CHR Extension: (Disk Google) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-28]
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-28]
CHR Extension: (Tabulky) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-02]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10628888 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [File not signed]
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
R2 SAService; C:\Windows\system32\SAsrv.exe [431960 2015-09-15] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258648 2018-01-06] (Synaptics Incorporated -> Synaptics Incorporated)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 UIUService; %SystemRoot%\system32\UIUSrv.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_851a79f66682d708\nvlddmkm.sys [14482360 2017-09-29] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2355544 2018-07-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [427520 2016-11-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3150336 2017-01-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-25 17:58 - 2020-03-25 17:59 - 000000000 ____D C:\AdwCleaner
2020-03-25 17:55 - 2020-03-25 17:56 - 008199856 _____ (Malwarebytes) C:\Users\Eva\Desktop\adwcleaner_8.0.3.exe
2020-03-25 17:48 - 2020-03-25 17:48 - 000032621 _____ C:\Users\Eva\Desktop\FRST.txt
2020-03-25 17:48 - 2020-03-25 17:48 - 000025149 _____ C:\Users\Eva\Desktop\Addition.txt
2020-03-25 17:46 - 2020-03-25 17:48 - 000025146 _____ C:\Users\Eva\Downloads\Addition.txt
2020-03-25 17:43 - 2020-03-25 19:50 - 000020346 _____ C:\Users\Eva\Downloads\FRST.txt
2020-03-25 17:42 - 2020-03-25 19:49 - 000000000 ____D C:\FRST
2020-03-25 17:42 - 2020-03-25 17:42 - 002279936 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2020-03-25 17:37 - 2020-03-25 17:43 - 000003474 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-25 17:37 - 2020-03-25 17:43 - 000003350 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-25 17:37 - 2020-03-25 17:37 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-25 17:37 - 2020-03-25 17:37 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-03-25 15:27 - 2020-03-25 15:37 - 000000000 ____D C:\ProgramData\HitmanPro
2020-03-25 14:58 - 2020-03-25 14:58 - 000000000 ____D C:\Users\Eva\AppData\Local\cache
2020-03-25 14:57 - 2020-03-25 14:57 - 000000000 ____D C:\Users\Eva\AppData\Local\mbamtray
2020-03-25 14:57 - 2020-03-25 14:57 - 000000000 ____D C:\Users\Eva\AppData\Local\mbam
2020-03-25 14:56 - 2020-03-25 14:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-25 14:01 - 2020-03-25 14:01 - 000000000 ____D C:\Users\Eva\AppData\Roaming\WiperSoft
2020-03-25 14:00 - 2020-03-25 16:47 - 000000000 ____D C:\Program Files\WiperSoft
2020-03-25 13:19 - 2020-03-25 13:19 - 000000000 ____D C:\Users\Eva\AppData\Roaming\WinRAR
2020-03-25 12:07 - 2020-03-25 12:07 - 000000000 ____D C:\Users\Eva\AppData\Local\ESET
2020-03-25 12:07 - 2020-03-25 12:07 - 000000000 ____D C:\Users\Eva\AppData\Local\D3DSCache
2020-03-25 11:55 - 2020-03-25 11:55 - 000000000 ____D C:\Users\Eva\AppData\Local\CEF
2020-03-25 11:53 - 2020-03-25 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-03-25 11:31 - 2020-03-25 11:31 - 000000000 ____D C:\Program Files\AVAST Software
2020-03-25 11:30 - 2020-03-25 12:26 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-25 10:51 - 2020-03-25 10:56 - 080151770 _____ C:\Users\Eva\Downloads\Office 2013 aktivátor.rar
2020-03-25 10:50 - 2020-03-25 10:50 - 000000111 _____ C:\Users\Eva\Downloads\activation key Office 2013.txt
2020-03-25 10:49 - 2020-03-25 10:49 - 000085402 _____ C:\Users\Eva\Downloads\[SkT]KMSpico_9.0.5.20131111_Final_-_Microsoft_Office_-_Windows_Activator_(2010-2013).torrent
2020-03-25 10:46 - 2020-03-25 10:46 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2020-03-25 10:43 - 2020-03-25 10:46 - 056210075 _____ C:\Users\Eva\Downloads\Office 2013 Activator.zip
2020-03-25 10:37 - 2020-03-25 10:37 - 000000000 ____D C:\Users\Eva\AppData\Local\Microsoft Help
2020-03-25 10:23 - 2020-03-25 10:24 - 003080123 _____ C:\Users\Eva\Downloads\Office 2016 instalátor + aktivátor (1).rar
2020-03-25 10:19 - 2020-03-25 17:29 - 000000000 ____D C:\Program Files (x86)\WinRAR
2020-03-25 10:19 - 2020-03-25 10:19 - 000001966 _____ C:\Users\Public\Desktop\WinRAR.lnk
2020-03-25 10:14 - 2020-03-25 10:14 - 007838463 _____ (RARLAB) C:\Users\Eva\Downloads\WinRAR 32-64bit v5.71.exe
2020-03-25 10:13 - 2020-03-25 10:13 - 003080123 _____ C:\Users\Eva\Downloads\Office 2016 instalátor + aktivátor.rar
2020-03-24 17:32 - 2020-03-24 17:32 - 000002846 _____ C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.docx.html
2020-03-24 17:32 - 2020-03-24 17:32 - 000000000 ____D C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.docx_files
2020-03-24 17:26 - 2020-03-24 17:26 - 000113332 _____ C:\Users\Eva\Downloads\sb045-20-AK.pdf
2020-03-24 17:22 - 2020-03-24 17:22 - 000162598 _____ C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.pdf
2020-03-24 08:43 - 2020-03-24 08:43 - 000196280 _____ C:\Users\Eva\Downloads\Elektronické podepisování LD a ZPK_v02.pdf
2020-03-24 08:43 - 2020-03-24 08:43 - 000196280 _____ C:\Users\Eva\Downloads\Elektronické podepisování LD a ZPK_v02 (1).pdf
2020-03-24 08:42 - 2020-03-24 08:42 - 000244275 _____ C:\Users\Eva\Downloads\010412 Eva Hrubonova zaznam.pdf
2020-03-22 18:24 - 2020-03-22 18:25 - 000196473 _____ C:\Users\Eva\Downloads\Mimořádné-opatření-doba-pro-seniory.pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (3).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (5).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (4).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (3).pdf
2020-03-19 15:17 - 2020-03-19 15:17 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (3).pdf
2020-03-19 15:16 - 2020-03-19 15:16 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318 (2).pdf
2020-03-19 15:15 - 2020-03-19 15:15 - 000289290 _____ C:\Users\Eva\Downloads\13288_2020-03-19_10-09-23 (1).pdf
2020-03-19 15:12 - 2020-03-19 15:12 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318 (1).pdf
2020-03-19 15:07 - 2020-03-19 15:07 - 000044225 _____ C:\Users\Eva\Downloads\Vaculíková.pdf
2020-03-19 15:06 - 2020-03-19 15:06 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318.pdf
2020-03-19 15:05 - 2020-03-19 15:05 - 000289290 _____ C:\Users\Eva\Downloads\13288_2020-03-19_10-09-23.pdf
2020-03-19 09:33 - 2020-03-19 09:33 - 000302908 _____ C:\Users\Eva\Downloads\Interni sdeleni - omezeni cinnosti 30 (1).pdf
2020-03-19 09:32 - 2020-03-19 09:32 - 000302908 _____ C:\Users\Eva\Downloads\Interni sdeleni - omezeni cinnosti 30.pdf
2020-03-19 09:31 - 2020-03-19 09:31 - 000285763 _____ C:\Users\Eva\Downloads\Interni sdeleni.pdf
2020-03-18 09:49 - 2020-03-18 09:49 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (2).pdf
2020-03-18 09:49 - 2020-03-18 09:49 - 000014157 _____ C:\Users\Eva\Downloads\Sešit1.xlsx
2020-03-18 09:49 - 2020-03-18 09:49 - 000014157 _____ C:\Users\Eva\Downloads\Sešit1 (1).xlsx
2020-03-18 09:48 - 2020-03-18 09:48 - 001924729 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 15.3.2020.pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 001924729 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 15.3.2020 (1).pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 000278020 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 13.3.2020.pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 000278020 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 13.3.2020 (1).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (4).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (3).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4.pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (2).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (1).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (2).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (1).pdf
2020-03-18 09:43 - 2020-03-18 09:43 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020.pdf
2020-03-18 09:43 - 2020-03-18 09:43 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (1).pdf
2020-03-17 16:45 - 2020-03-17 16:47 - 000000000 ____D C:\Users\Eva\AppData\Local\Brother
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\Users\Eva\AppData\Roaming\Brother
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\Users\Eva\AppData\Local\Nuance
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\ProgramData\Nuance
2020-03-17 16:43 - 2020-03-17 16:43 - 000000964 _____ C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2020-03-17 16:43 - 2020-03-17 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2020-03-17 16:43 - 2020-03-17 16:43 - 000000000 ____D C:\Program Files (x86)\Brother
2020-03-17 16:40 - 2020-03-17 16:40 - 000000000 ____D C:\ProgramData\Brother
2020-03-16 16:11 - 2020-03-16 16:11 - 000277580 _____ C:\Users\Eva\Downloads\7298 2020 koronavir.pdf
2020-03-16 16:11 - 2020-03-16 16:11 - 000277580 _____ C:\Users\Eva\Downloads\7298 2020 koronavir (1).pdf
2020-03-15 16:16 - 2020-03-15 16:16 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (2).pdf
2020-03-15 16:16 - 2020-03-15 16:16 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (1).pdf
2020-03-15 12:06 - 2020-03-15 12:06 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14.pdf
2020-03-14 18:39 - 2020-02-01 07:36 - 000801080 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2020-03-14 09:21 - 2020-03-14 09:21 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2020-03-14 09:10 - 2020-03-14 09:10 - 000001908 _____ C:\Windows\diagwrn.xml
2020-03-14 09:10 - 2020-03-14 09:10 - 000001908 _____ C:\Windows\diagerr.xml
2020-03-14 08:10 - 2020-03-14 08:10 - 000000000 ____D C:\Windows\Lenovo

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-25 19:47 - 2018-12-28 11:00 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-03-25 19:47 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-25 17:48 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-25 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-03-25 17:48 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-03-25 17:45 - 2018-12-28 11:12 - 001693640 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-25 17:45 - 2018-09-15 18:32 - 000718198 _____ C:\Windows\system32\perfh005.dat
2020-03-25 17:45 - 2018-09-15 18:32 - 000145242 _____ C:\Windows\system32\perfc005.dat
2020-03-25 17:39 - 2018-12-28 12:09 - 000000000 __SHD C:\Users\Eva\IntelGraphicsProfiles
2020-03-25 17:39 - 2018-12-28 11:40 - 000000000 ____D C:\ProgramData\NVIDIA
2020-03-25 17:39 - 2018-12-28 11:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-25 17:38 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI
2020-03-25 17:37 - 2018-12-28 11:34 - 000000000 ____D C:\Program Files (x86)\Google
2020-03-25 17:31 - 2018-12-28 11:13 - 000000000 ____D C:\Users\Eva
2020-03-25 17:29 - 2018-12-30 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2020-03-25 17:29 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\appcompat
2020-03-25 17:29 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Sysprep
2020-03-25 17:15 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\registration
2020-03-25 17:13 - 2018-12-30 22:28 - 000000000 ____D C:\Program Files\Microsoft Office
2020-03-25 17:13 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-03-25 14:55 - 2018-12-28 11:14 - 000000000 ____D C:\Users\Eva\AppData\Local\Packages
2020-03-25 13:34 - 2018-12-28 10:59 - 000000000 ____D C:\Windows\Panther
2020-03-25 12:24 - 2018-12-28 11:34 - 000000000 ____D C:\Users\Eva\AppData\Local\PlaceholderTileLogoFolder
2020-03-25 09:29 - 2018-12-28 11:00 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-03-17 16:43 - 2018-12-28 12:12 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-15 09:04 - 2019-12-02 16:58 - 000002359 _____ C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-15 09:04 - 2018-12-28 11:17 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3907094637-1769742579-2507837433-1001
2020-03-15 09:04 - 2018-12-28 11:17 - 000000000 ___RD C:\Users\Eva\OneDrive
2020-03-14 18:39 - 2018-12-30 22:37 - 000000000 ____D C:\Windows\system32\MRT
2020-03-14 18:37 - 2018-12-30 22:37 - 121542864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-03-14 09:20 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-03-14 09:11 - 2019-03-19 13:27 - 000000000 ___HD C:\$WINDOWS.~BT
2020-03-14 08:12 - 2018-12-28 11:50 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2020-03-14 06:40 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2020-03-14 06:39 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\SecureBootUpdates

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zavirovany chrome/win 10 gatustox gestyy

#10 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
Task: {52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {A2632D8C-883D-48E8-884E-2046762C73F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd
C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe
C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe
C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Re: Zavirovany chrome/win 10 gatustox gestyy

#11 Příspěvek od virovymag »

tak restart a open okno vyskocilo s chromem a tabama na divne reklamy, zde log

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-03-2020
Ran by Eva (25-03-2020 21:24:18) Run:1
Running from C:\Users\Eva\Desktop
Loaded Profiles: Eva (Available Profiles: Eva)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
Task: {52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {A2632D8C-883D-48E8-884E-2046762C73F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd
C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe
C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe
C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2632D8C-883D-48E8-884E-2046762C73F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2632D8C-883D-48E8-884E-2046762C73F5}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd" => not found
"C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe" => not found
"C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe" => not found
"C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe" => not found
"C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10731476 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 38585740 B
Edge => 1307457 B
Chrome => 188561255 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7456 B
NetworkService => 5911320 B
Eva => 107451302 B

RecycleBin => 0 B
EmptyTemp: => 343.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:25:24 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Zavirovany chrome/win 10 gatustox gestyy

#12 Příspěvek od Rudy »

OK, Zder smazáno, ještě vyčistíme samotné prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin
;






Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. 2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Re: Zavirovany chrome/win 10 gatustox gestyy

#13 Příspěvek od virovymag »

zoek jsem pustil vystupni log nemohu najit poradite prosim kde...zoek mam na plose...pro prubehu napsal
moc se omlouvam
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Eva on 25.03.2020 at 22:02:49,36.
Microsoft Windows 10 Home 10.0.17763 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Eva\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 22:03:26,31 =====


edit:dohledal jsem asi

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Eva on 25.03.2020 at 22:02:49,36.
Microsoft Windows 10 Home 10.0.17763 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Eva\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.03.2020 22:06:12 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\InstallShield Installation Information deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Eva\AppData\Local\DBG deleted successfully
C:\Users\Eva\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Users\Eva\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\DBG deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\InstallShield Installation Information not found
C:\PROGRA~3\Package Cache deleted
C:\Users\Eva\AppData\Local\cache deleted

==== Orphaned Tasks deleted from Registry ======================

Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask_Once deleted
Naposledy upravil(a) virovymag dne 25 bře 2020 22:23, celkem upraveno 1 x.

virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Re: Zavirovany chrome/win 10 gatustox gestyy

#14 Příspěvek od virovymag »

jrt


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Eva (Administrator) on 25.03.2020 at 22:08:58,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2020 at 22:11:37,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

virovymag
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 25 bře 2020 15:20

Re: Zavirovany chrome/win 10 gatustox gestyy

#15 Příspěvek od virovymag »

udelal jsem restart a po restartu open vyskoci chrome se "spamovou" zalozkou :cry:
nove frst a add v priloze
Přílohy
p.rar
add+frs
(13.31 KiB) Staženo 167 x

Odpovědět