Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Oznámení windows 10

To, co se nehodí jinam..

Moderátor: Moderátoři

Odpovědět
Zpráva
Autor
Toledo
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 30 črc 2013 19:12

Oznámení windows 10

#1 Příspěvek od Toledo »

Ahoj, chtěl bych se zeptat, v oznámení windows 10 se objevuje hláška "Obnovte licenci Norton nyní, čtvrtek optolov.ru" nebo "Obnovte licenci MaxAfee nyní". Ani Norton, ani MacAfee tady nikdy nainstalované nebylo, je tady Avast. Pak tam (údajně, podle uživatele) byla hláška "trojský kůň ZeuS.2020" (v oznámení windows). Jestli jste se s tím někdo setkali? Může být pc napadené? Díky za odpověď.
Přílohy
oznameni.png
oznameni.png (72.88 KiB) Zobrazeno 1838 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Oznámení windows 10

#2 Příspěvek od Rudy »

Zdravím!
Zda je PC napadeno musíme zjistit. Dejte logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Toledo
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 30 črc 2013 19:12

Re: Oznámení windows 10

#3 Příspěvek od Toledo »

Díky za echo, posílám logy.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021
Ran by Jarotek (administrator) on DOLE (09-04-2021 21:12:47)
Running from C:\Users\Jarotek\Downloads
Loaded Profiles: Jarotek
Platform: Windows 10 Pro Version 2004 19041.867 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Jarotek\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Seznam.cz, a.s. -> ) C:\Users\Jarotek\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Seznam.cz, a.s. -> ) C:\Users\Jarotek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-07-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [117472 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-233331455-379796158-1703670501-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Jarotek\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-233331455-379796158-1703670501-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Jarotek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
HKLM\...\Print\Monitors\EPSON WF-7515 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMHCE.DLL [120320 2011-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\89.1.8954.114\Installer\chrmstp.exe [2021-04-08] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-31] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\88.0.7844.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {080963EC-91A4-4081-A4BC-7D727CD39D8D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2731CD78-F15B-4447-AF5C-993F1DB4CF89} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {504E6C02-6720-4547-831D-06BC505473AE} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2256960 2021-03-31] (Avast Software s.r.o. -> AVAST Software)
Task: {6115A079-133F-443F-91C7-6349294F2902} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4686560 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
Task: {8F11131D-F32F-4907-8834-B5180E1658E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {AC5AFD37-8E28-4C4A-9D99-716FADC80E6C} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-28] (Avast Software s.r.o. -> AVAST Software)
Task: {B319C8AF-0972-4B1A-9797-008CEFDC98D8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {C16B2184-EC4A-466C-A6C1-9ADF32102692} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-28] (Avast Software s.r.o. -> AVAST Software)
Task: {D0E11190-2CAF-435D-92B7-88CA42A5D26D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DEB917B2-D142-4397-862C-313268804661} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.)
Task: {EB3898EC-36B6-41BD-8AFA-F77129E63317} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {F8BB8C31-E54C-4658-A7D2-8D5807BE1370} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2256960 2021-03-31] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [64192 2015-10-18] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [64192 2015-10-18] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [68288 2015-10-18] (VMware, Inc. -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [68288 2015-10-18] (VMware, Inc. -> VMware, Inc.)
Tcpip\..\Interfaces\{5906b1a8-69f6-44c5-b192-882e35df888d}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5906b1a8-69f6-44c5-b192-882e35df888d}: [DhcpNameServer] 192.168.2.1 8.8.8.8

Edge:
=======
DownloadDir: C:\Users\Jarotek\Downloads
Edge Session Restore: HKU\S-1-5-21-233331455-379796158-1703670501-1001 -> is enabled.
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jarotek\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-08]
Edge Session Restore: Default -> is enabled.

FireFox:
========
FF DefaultProfile: net5eagv.default
FF ProfilePath: C:\Users\Jarotek\AppData\Roaming\Mozilla\Firefox\Profiles\net5eagv.default [2021-04-09]
FF Homepage: Mozilla\Firefox\Profiles\net5eagv.default -> www.google.com
FF Session Restore: Mozilla\Firefox\Profiles\net5eagv.default -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\net5eagv.default -> Disabled: {ea614400-e918-4741-9a97-7a972ff7c30b}
FF Extension: (Seznam doplněk - Esko) - C:\Users\Jarotek\AppData\Roaming\Mozilla\Firefox\Profiles\net5eagv.default\Extensions\sko-extension@firma.seznam.cz.xpi [2020-11-27]
FF Extension: (Seznam doplněk - Email) - C:\Users\Jarotek\AppData\Roaming\Mozilla\Firefox\Profiles\net5eagv.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-12-05]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-28] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-28] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default [2021-04-08]
CHR Notifications: Default -> hxxps://optolov.ru; hxxps://www.gogy.com; hxxps://www.ufreegames.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Dokumenty) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Disk Google) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (Vyhledávání Google) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-01]
CHR Extension: (Tabulky) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-07]
CHR Profile: C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-04-28]
CHR Profile: C:\Users\Jarotek\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-28]
CHR HKU\S-1-5-21-233331455-379796158-1703670501-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-233331455-379796158-1703670501-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7887896 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-28] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [623216 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [353504 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-28] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\89.1.8954.114\elevation_service.exe [1504864 2021-03-31] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56920 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2015-07-06] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35680 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208552 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365520 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250328 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99288 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41304 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [177872 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524416 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107808 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83368 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850120 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [466696 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [216376 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-03-27] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 eusk3usb; C:\WINDOWS\System32\Drivers\eusk3usb-amd64.sys [76480 2011-02-10] (Aladdin Knowledge Systems LTD -> Aladdin Knowledge Systems Ltd.)
S3 i8042HDR; C:\WINDOWS\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Chicony Electronics Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [48832 2015-10-18] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [75512 2015-10-18] (VMware, Inc. -> VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-09 21:12 - 2021-04-09 21:13 - 000018996 _____ C:\Users\Jarotek\Downloads\FRST.txt
2021-04-09 21:12 - 2021-04-09 21:13 - 000000000 ____D C:\FRST
2021-04-09 21:08 - 2021-04-09 21:08 - 002298368 _____ (Farbar) C:\Users\Jarotek\Downloads\FRST64.exe
2021-03-27 15:25 - 2021-03-27 15:25 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-03-27 15:25 - 2021-03-27 15:25 - 000216376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-03-26 13:55 - 2021-03-26 13:55 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-26 10:20 - 2021-03-27 15:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-11 12:44 - 2021-03-11 12:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-11 12:44 - 2021-03-11 12:44 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-11 12:44 - 2021-03-11 12:44 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-11 12:44 - 2021-03-11 12:44 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-11 12:44 - 2021-03-11 12:44 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-11 12:44 - 2021-03-11 12:44 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-11 12:43 - 2021-03-11 12:43 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-11 12:43 - 2021-03-11 12:43 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-11 12:43 - 2021-03-11 12:43 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-11 12:43 - 2021-03-11 12:43 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-03-11 12:43 - 2021-03-11 12:43 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-11 12:43 - 2021-03-11 12:43 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-09 21:15 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-09 20:23 - 2015-07-05 15:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-09 20:22 - 2016-11-22 14:13 - 000000000 ____D C:\Users\Jarotek\AppData\LocalLow\Mozilla
2021-04-09 20:18 - 2018-04-05 12:55 - 000000000 ____D C:\Users\Jarotek\AppData\Local\AVAST Software
2021-04-09 20:11 - 2020-11-16 23:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-09 11:38 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-09 11:38 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-09 10:38 - 2019-10-22 14:43 - 000000000 ____D C:\Users\Jarotek\AppData\Roaming\Seznam.cz
2021-04-08 21:42 - 2017-02-18 14:41 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-08 20:27 - 2018-04-05 12:57 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-04-08 20:27 - 2018-04-05 12:57 - 000002463 _____ C:\ProgramData\Desktop\Avast Secure Browser.lnk
2021-04-08 18:40 - 2020-11-30 16:12 - 000003318 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6bc5dcff3d2bd
2021-04-08 18:40 - 2020-11-16 23:23 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-08 18:40 - 2020-11-16 23:23 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-04-08 18:40 - 2020-11-16 23:23 - 000003400 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-08 18:40 - 2020-11-16 23:23 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-08 18:40 - 2020-11-16 23:23 - 000003176 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-08 18:40 - 2020-11-16 23:23 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-233331455-379796158-1703670501-1001
2021-04-08 18:40 - 2020-11-16 23:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-04-06 15:09 - 2020-11-16 22:22 - 000002367 _____ C:\Users\Jarotek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-06 15:09 - 2015-07-05 13:12 - 000000000 ___RD C:\Users\Jarotek\OneDrive
2021-04-03 13:29 - 2020-06-09 18:44 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-03 13:29 - 2020-06-09 18:44 - 000002257 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-03-31 12:44 - 2015-07-28 13:51 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-31 12:44 - 2015-07-28 13:51 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-03-29 13:40 - 2015-07-05 15:30 - 000000000 ____D C:\Users\Jarotek\AppData\Local\VMware
2021-03-29 13:39 - 2015-07-05 15:19 - 000000000 ____D C:\UCTO2008
2021-03-29 13:26 - 2015-07-05 15:30 - 000000000 ____D C:\Users\Jarotek\AppData\Roaming\VMware
2021-03-29 13:26 - 2015-07-05 15:28 - 000000000 ____D C:\ProgramData\VMware
2021-03-27 15:32 - 2020-11-16 23:19 - 001701418 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-27 15:32 - 2019-12-07 16:43 - 000719492 _____ C:\WINDOWS\system32\perfh005.dat
2021-03-27 15:32 - 2019-12-07 16:43 - 000146196 _____ C:\WINDOWS\system32\perfc005.dat
2021-03-27 15:32 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-27 15:29 - 2015-07-05 13:52 - 000000000 ____D C:\ProgramData\AVAST Software
2021-03-27 15:27 - 2020-11-16 23:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-27 15:27 - 2020-11-16 23:05 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-27 15:27 - 2015-07-05 15:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-27 15:26 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-27 15:25 - 2020-11-16 23:23 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-03-27 15:25 - 2020-10-29 19:44 - 000524416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-03-27 15:25 - 2020-10-29 19:44 - 000177872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-03-27 15:25 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-27 15:25 - 2019-05-22 14:14 - 000365520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-03-27 15:25 - 2019-05-22 14:14 - 000250328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-03-27 15:25 - 2019-05-22 14:14 - 000099288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-03-27 15:25 - 2019-05-22 14:14 - 000035680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-03-27 15:25 - 2018-11-23 14:24 - 000041304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-03-27 15:25 - 2018-03-18 10:07 - 000208552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-03-27 15:25 - 2017-12-07 20:35 - 000850120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-03-27 15:25 - 2017-12-07 20:35 - 000466696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-03-27 15:25 - 2017-12-07 20:35 - 000326976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-03-27 15:25 - 2017-12-07 20:35 - 000107808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-03-27 15:25 - 2017-12-07 20:35 - 000083368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-03-26 13:55 - 2017-05-27 15:10 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-11 19:42 - 2020-11-16 23:05 - 000457568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-11 19:41 - 2019-12-07 16:47 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-11 19:41 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-11 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-11 18:01 - 2015-07-05 14:55 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-11 12:49 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-11 12:43 - 2015-06-30 14:26 - 000413702 __RSH C:\bootmgr
2021-03-10 15:05 - 2015-07-08 10:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-10 15:02 - 2015-07-08 10:59 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by Jarotek (09-04-2021 21:16:02)
Running from C:\Users\Jarotek\Downloads
Windows 10 Pro Version 2004 19041.867 (X64) (2020-11-16 21:24:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-233331455-379796158-1703670501-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-233331455-379796158-1703670501-503 - Limited - Disabled)
Guest (S-1-5-21-233331455-379796158-1703670501-501 - Limited - Disabled)
Jarotek (S-1-5-21-233331455-379796158-1703670501-1001 - Administrator - Enabled) => C:\Users\Jarotek
Ucto2008 (S-1-5-21-233331455-379796158-1703670501-1003 - Limited - Enabled) => C:\Users\Ucto2008
WDAGUtilityAccount (S-1-5-21-233331455-379796158-1703670501-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Application Compatibility Toolkit (HKLM\...\{D70F2D01-43C9-18A8-FC9C-3A088433BA65}) (Version: 10.1.18362.1 - Microsoft) Hidden
Appman Auto Sequencer (HKLM-x32\...\{DFA7F136-4F8F-8BF8-9B56-93D2E1ABA58C}) (Version: 10.1.18362.1 - Microsoft) Hidden
Appman Sequencer on amd64 (HKLM\...\{ED5F303A-CE84-920C-FC6B-D8ED846703F3}) (Version: 10.1.18362.1 - Microsoft) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.2.2455 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 89.1.8954.114 - Autoři prohlížeče Avast Secure Browser)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-7515 Series Printer Uninstall (HKLM\...\EPSON WF-7515 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC13154E5A00}) (Version: 19.021.20058 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Imaging And Configuration Designer (HKLM-x32\...\{9E0F0863-18F4-7511-08F0-9D500C09471B}) (Version: 10.1.18362.1 - Microsoft) Hidden
Imaging Designer (HKLM-x32\...\{F481EB0D-5D51-1175-42BF-3D879276F343}) (Version: 10.1.18362.1 - Microsoft) Hidden
Imaging Tools Support (HKLM-x32\...\{36C0B6BD-8792-4E01-8E57-A478426EB471}) (Version: 10.1.18362.1 - Microsoft) Hidden
Kits Configuration Installer (HKLM-x32\...\{63AAA877-5536-9481-2385-28A082100D78}) (Version: 10.1.18362.1 - Microsoft) Hidden
LiveUSB Creator (remove only) (HKLM-x32\...\LiveUSB Creator) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-233331455-379796158-1703670501-1001\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Mozilla Firefox 83.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 83.0 (x86 cs)) (Version: 83.0 - Mozilla)
Mozilla Firefox 87.0 (x64 cs) (HKLM\...\Mozilla Firefox 87.0 (x64 cs)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
NVIDIA Ovladač HD audia 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
OEM Test Certificates (HKLM-x32\...\{DB789F11-7F0F-C7F8-AF6F-357C44090C38}) (Version: 10.1.18362.1 - Microsoft) Hidden
Pomocník při upgradu na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17350 - Microsoft Corporation)
progeCAD 2014 Professional Czech (HKLM-x32\...\{3093B96C-64DE-4322-B53B-45167D0C4369}) (Version: 14.0.10.2 - Progecad s.r.l.)
progeCAD 2016 Professional Czech (HKLM-x32\...\{38CA9474-B1D4-49C6-BB79-E5E3940DC85A}) (Version: 16.0.6.6 - ProgeSOFT SA)
progeCAD 2017 Professional Czech (x64) verze 17.0.6.6 (HKLM\...\{4705B392-006B-4E88-9163-F48970958399}_is1) (Version: 17.0.6.6 - ProgeSOFT SA)
progeCAD 2019 Professional Czech (x64) verze 19.0.6.9 (HKLM\...\{027110D4-10F8-4154-9168-F296BD5D9F3E}_is1) (Version: 19.0.6.9 - ProgeSOFT SA)
progeCAD USB Drivers (HKLM-x32\...\{6088BED0-812F-11E0-6784-0519477518BE}) (Version: 12.0 - Progecad s.r.l.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Seznam Software (HKU\S-1-5-21-233331455-379796158-1703670501-1001\...\SeznamInstall) (Version: 2.1.35 - Seznam.cz)
Skype verze 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
Toolkit Documentation (HKLM-x32\...\{2BBA97A1-176F-DA72-96DE-0FEA66AF3EFF}) (Version: 10.1.18362.1 - Microsoft) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
UEV Tools on amd64 (HKLM\...\{B4764579-2C7A-CB37-365A-8B258E79676F}) (Version: 10.1.18362.1 - Microsoft) Hidden
User State Migration Tool (HKLM-x32\...\{BDA83650-1864-5EEC-C51B-820442B433E7}) (Version: 10.1.18362.1 - Microsoft) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{fb450356-9879-4b2e-8dc9-282709286661}) (Version: 10.1.18362.1 - Microsoft Corporation)
WPT Redistributables (HKLM-x32\...\{70D0B057-048B-F699-A2B0-AD325018802F}) (Version: 10.1.18362.1 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{EC12C121-3208-5E92-FCB0-0591769632F9}) (Version: 10.1.18362.1 - Microsoft) Hidden

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.1.14.0_x64__v10z8vjag6ke6 [2021-04-07] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-31] (Microsoft Corporation) [MS Ad]
Váš telefon -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.168.0_x64__8wekyb3d8bbwe [2021-04-09] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-233331455-379796158-1703670501-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\Jarotek\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-233331455-379796158-1703670501-1001_Classes\CLSID\{58DB921D-CFA1-418E-8789-DA0CFBAB1D21}\InprocServer32 -> C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\DwgPreviewEx.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-233331455-379796158-1703670501-1001_Classes\CLSID\{6A58E66D-AE86-4BEF-9BF5-A375DF185CEC}\localserver32 -> C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pcad.exe (progeSOFT SA -> ProgeSOFT sa)
CustomCLSID: HKU\S-1-5-21-233331455-379796158-1703670501-1001_Classes\CLSID\{DCCEA499-B586-410B-9959-771731445D06}\localserver32 -> C:\Program Files\PSOFT\progeCAD 2019 Professional CSY\pcad.exe (progeSOFT SA -> ProgeSOFT sa)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-03-27] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-03-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2009-02-09] (Autodesk, Inc -> Autodesk) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-03-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-10-18] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-10-18] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-03-27] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-11-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-03-27] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-02-09 10:26 - 2009-02-09 10:26 - 000180888 _____ (Autodesk, Inc -> Autodesk) [File not signed] C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
2009-02-09 10:06 - 2009-02-09 10:06 - 000045208 _____ (Autodesk, Inc -> Autodesk, Inc.) [File not signed] C:\Windows\system32\AcSignIcon.dll
2019-02-21 22:00 - 2019-02-21 22:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2015-09-12 11:39 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2015-09-12 11:39 - 2012-10-22 17:19 - 000219648 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-06-30 11:21 - 2019-05-05 17:47 - 000000827 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer\
HKU\S-1-5-21-233331455-379796158-1703670501-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
HKU\S-1-5-21-233331455-379796158-1703670501-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled)
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "StartCCC"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8E92BAC9-6F47-424E-9946-FA5DBC860766}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{413178C0-517A-4AC7-B3EB-7847EAF04CEC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{58DABB37-0DC2-41F5-B539-6D5D0C9CBB52}F:\archicad 12 cz\archicad.exe] => (Allow) F:\archicad 12 cz\archicad.exe => No File
FirewallRules: [TCP Query User{E0DB8245-590A-4935-B1EA-4ED8A5598353}F:\archicad 12 cz\archicad.exe] => (Allow) F:\archicad 12 cz\archicad.exe => No File
FirewallRules: [UDP Query User{D7DD90CB-50C9-4402-8238-72115B953889}D:\archicad_12_cz\archicad.exe] => (Allow) D:\archicad_12_cz\archicad.exe => No File
FirewallRules: [TCP Query User{E2EE17DC-21DC-4658-8AF2-D7FD5A7DC70F}D:\archicad_12_cz\archicad.exe] => (Allow) D:\archicad_12_cz\archicad.exe => No File
FirewallRules: [UDP Query User{849D6CB6-B34E-40C8-8A5C-2B550A19AD4A}D:\_stary_smazat_archicad 12 cz\archicad.exe] => (Block) D:\_stary_smazat_archicad 12 cz\archicad.exe => No File
FirewallRules: [TCP Query User{0BCEFF26-5D25-440B-A1C5-3021B79DA2BD}D:\_stary_smazat_archicad 12 cz\archicad.exe] => (Block) D:\_stary_smazat_archicad 12 cz\archicad.exe => No File
FirewallRules: [UDP Query User{826B0F00-1512-4E9C-BE3D-9598ACCFA03B}D:\archicad 12 cz\archicad.exe] => (Block) D:\archicad 12 cz\archicad.exe (Graphisoft R&D) [File not signed]
FirewallRules: [TCP Query User{AF81967C-D351-4B7A-AA9D-9C9972516B36}D:\archicad 12 cz\archicad.exe] => (Block) D:\archicad 12 cz\archicad.exe (Graphisoft R&D) [File not signed]
FirewallRules: [{8352D727-0118-4A36-A1E7-2CCF13DA0127}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AE9D33F8-37AA-4E1F-9234-1AE18DA6CFC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9099A993-9385-4E8C-8213-134C413BC38F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DE857D76-F8BF-4289-AE49-E63B87186D95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F1427FAE-5C28-42C4-8C1F-0110AB2556F2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe => No File
FirewallRules: [TCP Query User{992A9441-53BC-424F-9C57-DEBD289D1595}D:\instalace\jenda\archicad 12 cz\archicad.exe] => (Allow) D:\instalace\jenda\archicad 12 cz\archicad.exe (Graphisoft R&D) [File not signed]
FirewallRules: [UDP Query User{32F4472E-90A5-43EF-B876-C1A766A4D3E0}D:\instalace\jenda\archicad 12 cz\archicad.exe] => (Allow) D:\instalace\jenda\archicad 12 cz\archicad.exe (Graphisoft R&D) [File not signed]
FirewallRules: [{29C277E5-6B98-4361-A341-F841AB4EA82D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{14215FF6-4E1E-4F20-BB69-C1CC688E339C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2119FB5E-749C-46ED-B237-BAEF157EC050}C:1\archicad 12 cz\archicad.exe] => (Allow) C:1\archicad 12 cz\archicad.exe => No File
FirewallRules: [UDP Query User{600DD2EB-A6B1-4219-B30D-DB0FA602A07E}C:1\archicad 12 cz\archicad.exe] => (Allow) C:1\archicad 12 cz\archicad.exe => No File
FirewallRules: [{754AC799-DEA9-4A4E-876E-301989584292}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{EA912834-3DC3-4DB3-9FB0-A94F007A563B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{D2B40C0E-4C31-4585-8DB5-47377E2F37D1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C6B36194-407E-46D9-A42E-6BA3E5846BE2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9DBE964-2448-4E45-8C5E-34ECCD785B25}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BBDE41A4-A80F-4183-AEFF-7854602D81BB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{81889533-E6C8-42E6-81AD-3E7470116558}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{207364C0-D3B1-466B-B229-86B9BCAD8F83}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

19-03-2021 16:23:31 Naplánovaný kontrolní bod
28-03-2021 11:21:01 Naplánovaný kontrolní bod
06-04-2021 09:36:07 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/26/2021 09:16:34 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 29) (User: DOLE)
Description: Sledování změn možností kontroly pravopisu se nezdařilo: -2147023878. Kontrola pravopisu zůstane dostupná, ale nebudou ohlášeny žádné změny.

Error: (02/26/2021 02:23:26 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1000) (User: NT AUTHORITY)
Description: Přístup k datům o výkonu byl odepřen pro uživatele SYSTEM (hodnota z GetUsera() pro běžící vlákno), když došlo k příslušnému pokusu z modulu C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (hodnota z GetModuleFileName() pro binární soubor, který vystavil dotaz).

Error: (02/22/2021 04:41:51 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DOLE)
Description: Aktualizace vlastního uživatelského seznamu slov 2 se nezdařila: -2147024864. Kontrola pravopisu zůstane dostupná, ale tento uživatelský seznam slov nebude aktualizován.

Error: (01/31/2021 10:33:55 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 29) (User: DOLE)
Description: Sledování změn možností kontroly pravopisu se nezdařilo: -2147023878. Kontrola pravopisu zůstane dostupná, ale nebudou ohlášeny žádné změny.

Error: (01/11/2021 07:39:46 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 29) (User: DOLE)
Description: Sledování změn možností kontroly pravopisu se nezdařilo: -2147023878. Kontrola pravopisu zůstane dostupná, ale nebudou ohlášeny žádné změny.

Error: (12/28/2020 04:42:26 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DOLE)
Description: Aktualizace vlastního uživatelského seznamu slov 3 se nezdařila: -2147024864. Kontrola pravopisu zůstane dostupná, ale tento uživatelský seznam slov nebude aktualizován.

Error: (12/28/2020 04:42:26 PM) (Source: Microsoft-Windows-Spell-Checking) (EventID: 31) (User: DOLE)
Description: Aktualizace vlastního uživatelského seznamu slov 2 se nezdařila: -2147024864. Kontrola pravopisu zůstane dostupná, ale tento uživatelský seznam slov nebude aktualizován.

Error: (11/16/2020 11:17:32 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Pokus získat stav uzlu clusteru se nezdařil. Vrácený kód chyby: 0x8007085A


System errors:
=============
Error: (04/08/2021 08:41:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/08/2021 04:35:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/08/2021 04:33:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/07/2021 03:30:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/07/2021 03:28:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/06/2021 01:22:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/06/2021 09:25:47 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/06/2021 09:23:47 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.


CodeIntegrity:
===============
Date: 2021-04-09 20:53:23
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. GBT - 42302e31 07/14/2008
Motherboard: Gigabyte Technology Co., Ltd. GA-MA770-DS3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of memory in use: 87%
Total physical RAM: 4093.49 MB
Available physical RAM: 525.19 MB
Total Virtual: 7316.74 MB
Available Virtual: 1002.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:194.81 GB) (Free:109.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (VISTA D) (Fixed) (Total:274.87 GB) (Free:235.03 GB) NTFS

\\?\Volume{bbda227b-0000-0000-0000-e0b330000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: BBDA227B)
Partition 1: (Active) - (Size=194.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=514 MB) - (Type=27)
Partition 3: (Not Active) - (Size=274.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Oznámení windows 10

#4 Příspěvek od Rudy »

OK. Teď spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Toledo
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 30 črc 2013 19:12

Re: Oznámení windows 10

#5 Příspěvek od Toledo »

Nevím, jestli to proběhlo korektně, dal jsem "Spustit skenování" a potom "Karanténa", nic jiného tam nebylo. Do karantény šlo asi 29 souborů. Pak nenastal žádný restart, jen jsem dal zobrazil tento log:

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-03-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-09-2021
# Duration: 00:00:02
# OS: Windows 10 Pro
# Cleaned: 17
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Users\Jarotek\AppData\Roaming\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Seznam.cz
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email - bgjpfhpjcgdppjbgnpnjllokbmcdllig
Deleted Seznam doplněk - Esko - olfeabkoenfaoljndfecamgilllcpiak

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3560 octets] - [09/04/2021 22:29:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Toledo
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 30 črc 2013 19:12

Re: Oznámení windows 10

#6 Příspěvek od Toledo »

Už asi tuším, po spuštění chrome se na mně vyrojila záplava spamu, viz příloha. Jen ten vir se mi tam nelíbí.
Pak jsem šel do nastavení toho chromu a myslím, že to bude ono, asi stačí zakázat.
Přílohy
chrome.png
chrome.png (62.97 KiB) Zobrazeno 1828 x

Toledo
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 30 črc 2013 19:12

Re: Oznámení windows 10

#7 Příspěvek od Toledo »

.

Toledo
Návštěvník
Návštěvník
Příspěvky: 10
Registrován: 30 črc 2013 19:12

Re: Oznámení windows 10

#8 Příspěvek od Toledo »

.
Přílohy
plocha.png
plocha.png (178.44 KiB) Zobrazeno 1828 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118152
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Oznámení windows 10

#9 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět