Zavirovany chrome/win 10 gatustox gestyy

Zpráva

virovymag · #1 Příspěvek od **virovymag** » 25 bře 2020 16:27

Ahoj bohuzel mam dost podobny problem viz obrazek

Po nabehnuti win 10 mio hned nabehne sam Chrome se sadou viru zalozek gestyy , gatustox, ... prosim dokazete me jako nemehlo navadet co mam delat.
dekuju moc

#2 Příspěvek od **Rudy** » 25 bře 2020 17:18

Zdravím! Dejte logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

virovymag · #3 Příspěvek od **virovymag** » 25 bře 2020 17:49

Dekuju moc za zajem.

frst
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-03-2020
Ran by Eva (administrator) on DESKTOP-47MPNF7 (LENOVO 80SM) (25-03-2020 17:43:24)
Running from C:\Users\Eva\Downloads
Loaded Profiles: Eva (Available Profiles: Eva)
Platform: Windows 10 Home Version 1809 17763.973 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Conexant Systems, Inc.) [File not signed] C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Temp\GUM173.tmp\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{A4CE0F7E-CEC0-42C6-9D08-345CABA93C08}\GoogleUpdateSetup.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Eva\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoUtility] => "C:\Program Files\Lenovo\LenovoUtility\utility.exe"
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831768 2016-08-29] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-25] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-25] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1139041B-F6F4-4219-A41A-6037733A9177} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {23822574-5917-40F1-9E1C-A03D1D9C5F65} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {28093651-BEA9-4BBC-956B-1706706CE719} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {305E98B6-2B34-4053-A96A-F1A1DACF0CF3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6d37756e-628b-46d5-a4ca-a40dd0aead8b => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {3B3A276A-A181-47B3-973B-815EF8C3F471} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d2c4a410-ed1a-4a98-a2e8-aeb52133e7cd => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {5725A494-DE1A-4E88-A6A8-3917547A2950} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3907094637-1769742579-2507837433-1001 => C:\Users\Eva\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {6438794C-2EEF-44F5-9839-9B6E84ADC29D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6148504 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A63C522-8E67-4E6D-A971-A2521BD49E5C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\03be25a7-c7e1-494b-b368-8ef17561acde => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {6E5B3033-8A98-4E3B-8A14-65A20C57B47E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => "%windir%\system32\WindowsPowerShell\v1.0\PowerShell.exe" "powershell -executionpolicy bypass -file %ProgramData%\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\data\Maintenance.ps1"
Task: {75FFC4CD-A751-48A1-9A9D-A8DBF9BAF6B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24707448 2020-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {797F8A5D-3624-477E-91D8-8FDC56E1960F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [54424 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {91812944-F03A-4313-9FA9-38A722985996} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A2632D8C-883D-48E8-884E-2046762C73F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {A57AAE03-B657-4FB4-8A05-E94B61C4BF9F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6148504 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CDF01B57-0470-47A6-83C0-52254DE42751} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {DA0B873B-A309-427F-9CF4-06CEA607D93D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E072E088-D5BA-422F-ADE3-0BDA58F8544D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24707448 2020-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2DC844C-FC5E-4B3F-AD4C-98BF8AE78054} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3e36c7bd-b3b8-4fdc-8575-38e3da7c62c0 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {E7DC05BA-2ED6-4699-ADC8-47FE4061BB21} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3B4DAD7-C08D-4AE4-A983-F9ABD5AEF85F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{c8e6eeab-2143-42f7-a2be-d7739bc8e95d}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default [2020-03-25]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Extension: (Prezentace) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-28]
CHR Extension: (Dokumenty) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-28]
CHR Extension: (Disk Google) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-28]
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-28]
CHR Extension: (Tabulky) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-02]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10628888 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [File not signed]
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
R2 SAService; C:\Windows\system32\SAsrv.exe [431960 2015-09-15] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258648 2018-01-06] (Synaptics Incorporated -> Synaptics Incorporated)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 UIUService; %SystemRoot%\system32\UIUSrv.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_851a79f66682d708\nvlddmkm.sys [14482360 2017-09-29] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2355544 2018-07-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [427520 2016-11-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3150336 2017-01-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-25 17:43 - 2020-03-25 17:45 - 000019609 _____ C:\Users\Eva\Downloads\FRST.txt
2020-03-25 17:42 - 2020-03-25 17:44 - 000000000 ____D C:\FRST
2020-03-25 17:42 - 2020-03-25 17:42 - 002279936 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2020-03-25 17:37 - 2020-03-25 17:43 - 000003474 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-25 17:37 - 2020-03-25 17:43 - 000003350 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-25 17:37 - 2020-03-25 17:37 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-25 17:37 - 2020-03-25 17:37 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-03-25 15:27 - 2020-03-25 15:37 - 000000000 ____D C:\ProgramData\HitmanPro
2020-03-25 14:58 - 2020-03-25 14:58 - 000000000 ____D C:\Users\Eva\AppData\Local\cache
2020-03-25 14:57 - 2020-03-25 14:57 - 000000000 ____D C:\Users\Eva\AppData\Local\mbamtray
2020-03-25 14:57 - 2020-03-25 14:57 - 000000000 ____D C:\Users\Eva\AppData\Local\mbam
2020-03-25 14:56 - 2020-03-25 14:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-25 14:01 - 2020-03-25 14:01 - 000000000 ____D C:\Users\Eva\AppData\Roaming\WiperSoft
2020-03-25 14:00 - 2020-03-25 16:47 - 000000000 ____D C:\Program Files\WiperSoft
2020-03-25 13:19 - 2020-03-25 13:19 - 000000000 ____D C:\Users\Eva\AppData\Roaming\WinRAR
2020-03-25 12:07 - 2020-03-25 12:07 - 000000000 ____D C:\Users\Eva\AppData\Local\ESET
2020-03-25 12:07 - 2020-03-25 12:07 - 000000000 ____D C:\Users\Eva\AppData\Local\D3DSCache
2020-03-25 11:55 - 2020-03-25 11:55 - 000000000 ____D C:\Users\Eva\AppData\Local\CEF
2020-03-25 11:53 - 2020-03-25 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-03-25 11:31 - 2020-03-25 11:31 - 000000000 ____D C:\Program Files\AVAST Software
2020-03-25 11:30 - 2020-03-25 12:26 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-25 10:51 - 2020-03-25 10:56 - 080151770 _____ C:\Users\Eva\Downloads\Office 2013 aktivátor.rar
2020-03-25 10:50 - 2020-03-25 10:50 - 000000111 _____ C:\Users\Eva\Downloads\activation key Office 2013.txt
2020-03-25 10:49 - 2020-03-25 10:49 - 000085402 _____ C:\Users\Eva\Downloads\[SkT]KMSpico_9.0.5.20131111_Final_-_Microsoft_Office_-_Windows_Activator_(2010-2013).torrent
2020-03-25 10:46 - 2020-03-25 10:46 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2020-03-25 10:43 - 2020-03-25 10:46 - 056210075 _____ C:\Users\Eva\Downloads\Office 2013 Activator.zip
2020-03-25 10:37 - 2020-03-25 10:37 - 000000000 ____D C:\Users\Eva\AppData\Local\Microsoft Help
2020-03-25 10:23 - 2020-03-25 10:24 - 003080123 _____ C:\Users\Eva\Downloads\Office 2016 instalátor + aktivátor (1).rar
2020-03-25 10:19 - 2020-03-25 17:29 - 000000000 ____D C:\Program Files (x86)\WinRAR
2020-03-25 10:19 - 2020-03-25 10:19 - 000001966 _____ C:\Users\Public\Desktop\WinRAR.lnk
2020-03-25 10:14 - 2020-03-25 10:14 - 007838463 _____ (RARLAB) C:\Users\Eva\Downloads\WinRAR 32-64bit v5.71.exe
2020-03-25 10:13 - 2020-03-25 10:13 - 003080123 _____ C:\Users\Eva\Downloads\Office 2016 instalátor + aktivátor.rar
2020-03-24 17:32 - 2020-03-24 17:32 - 000002846 _____ C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.docx.html
2020-03-24 17:32 - 2020-03-24 17:32 - 000000000 ____D C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.docx_files
2020-03-24 17:26 - 2020-03-24 17:26 - 000113332 _____ C:\Users\Eva\Downloads\sb045-20-AK.pdf
2020-03-24 17:22 - 2020-03-24 17:22 - 000162598 _____ C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.pdf
2020-03-24 08:43 - 2020-03-24 08:43 - 000196280 _____ C:\Users\Eva\Downloads\Elektronické podepisování LD a ZPK_v02.pdf
2020-03-24 08:43 - 2020-03-24 08:43 - 000196280 _____ C:\Users\Eva\Downloads\Elektronické podepisování LD a ZPK_v02 (1).pdf
2020-03-24 08:42 - 2020-03-24 08:42 - 000244275 _____ C:\Users\Eva\Downloads\010412 Eva Hrubonova zaznam.pdf
2020-03-22 18:24 - 2020-03-22 18:25 - 000196473 _____ C:\Users\Eva\Downloads\Mimořádné-opatření-doba-pro-seniory.pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (3).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (5).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (4).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (3).pdf
2020-03-19 15:17 - 2020-03-19 15:17 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (3).pdf
2020-03-19 15:16 - 2020-03-19 15:16 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318 (2).pdf
2020-03-19 15:15 - 2020-03-19 15:15 - 000289290 _____ C:\Users\Eva\Downloads\13288_2020-03-19_10-09-23 (1).pdf
2020-03-19 15:12 - 2020-03-19 15:12 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318 (1).pdf
2020-03-19 15:07 - 2020-03-19 15:07 - 000044225 _____ C:\Users\Eva\Downloads\Vaculíková.pdf
2020-03-19 15:06 - 2020-03-19 15:06 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318.pdf
2020-03-19 15:05 - 2020-03-19 15:05 - 000289290 _____ C:\Users\Eva\Downloads\13288_2020-03-19_10-09-23.pdf
2020-03-19 09:33 - 2020-03-19 09:33 - 000302908 _____ C:\Users\Eva\Downloads\Interni sdeleni - omezeni cinnosti 30 (1).pdf
2020-03-19 09:32 - 2020-03-19 09:32 - 000302908 _____ C:\Users\Eva\Downloads\Interni sdeleni - omezeni cinnosti 30.pdf
2020-03-19 09:31 - 2020-03-19 09:31 - 000285763 _____ C:\Users\Eva\Downloads\Interni sdeleni.pdf
2020-03-18 09:49 - 2020-03-18 09:49 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (2).pdf
2020-03-18 09:49 - 2020-03-18 09:49 - 000014157 _____ C:\Users\Eva\Downloads\Sešit1.xlsx
2020-03-18 09:49 - 2020-03-18 09:49 - 000014157 _____ C:\Users\Eva\Downloads\Sešit1 (1).xlsx
2020-03-18 09:48 - 2020-03-18 09:48 - 001924729 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 15.3.2020.pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 001924729 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 15.3.2020 (1).pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 000278020 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 13.3.2020.pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 000278020 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 13.3.2020 (1).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (4).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (3).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4.pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (2).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (1).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (2).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (1).pdf
2020-03-18 09:43 - 2020-03-18 09:43 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020.pdf
2020-03-18 09:43 - 2020-03-18 09:43 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (1).pdf
2020-03-17 16:45 - 2020-03-17 16:47 - 000000000 ____D C:\Users\Eva\AppData\Local\Brother
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\Users\Eva\AppData\Roaming\Brother
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\Users\Eva\AppData\Local\Nuance
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\ProgramData\Nuance
2020-03-17 16:43 - 2020-03-17 16:43 - 000000964 _____ C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2020-03-17 16:43 - 2020-03-17 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2020-03-17 16:43 - 2020-03-17 16:43 - 000000000 ____D C:\Program Files (x86)\Brother
2020-03-17 16:40 - 2020-03-17 16:40 - 000000000 ____D C:\ProgramData\Brother
2020-03-16 16:11 - 2020-03-16 16:11 - 000277580 _____ C:\Users\Eva\Downloads\7298 2020 koronavir.pdf
2020-03-16 16:11 - 2020-03-16 16:11 - 000277580 _____ C:\Users\Eva\Downloads\7298 2020 koronavir (1).pdf
2020-03-15 16:16 - 2020-03-15 16:16 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (2).pdf
2020-03-15 16:16 - 2020-03-15 16:16 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (1).pdf
2020-03-15 12:06 - 2020-03-15 12:06 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14.pdf
2020-03-14 18:39 - 2020-02-01 07:36 - 000801080 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2020-03-14 09:21 - 2020-03-14 09:21 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2020-03-14 09:10 - 2020-03-14 09:10 - 000001908 _____ C:\Windows\diagwrn.xml
2020-03-14 09:10 - 2020-03-14 09:10 - 000001908 _____ C:\Windows\diagerr.xml
2020-03-14 08:10 - 2020-03-14 08:10 - 000000000 ____D C:\Windows\Lenovo

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-25 17:45 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-03-25 17:45 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-03-25 17:41 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-25 17:39 - 2018-12-28 12:09 - 000000000 __SHD C:\Users\Eva\IntelGraphicsProfiles
2020-03-25 17:39 - 2018-12-28 11:40 - 000000000 ____D C:\ProgramData\NVIDIA
2020-03-25 17:39 - 2018-12-28 11:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-25 17:39 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-25 17:38 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI
2020-03-25 17:37 - 2018-12-28 11:34 - 000000000 ____D C:\Program Files (x86)\Google
2020-03-25 17:31 - 2018-12-28 11:13 - 000000000 ____D C:\Users\Eva
2020-03-25 17:29 - 2018-12-30 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2020-03-25 17:29 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\appcompat
2020-03-25 17:29 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Sysprep
2020-03-25 17:15 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\registration
2020-03-25 17:13 - 2018-12-30 22:28 - 000000000 ____D C:\Program Files\Microsoft Office
2020-03-25 17:13 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-03-25 16:23 - 2018-12-28 11:00 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-03-25 14:55 - 2018-12-28 11:14 - 000000000 ____D C:\Users\Eva\AppData\Local\Packages
2020-03-25 13:34 - 2018-12-28 10:59 - 000000000 ____D C:\Windows\Panther
2020-03-25 12:24 - 2018-12-28 11:34 - 000000000 ____D C:\Users\Eva\AppData\Local\PlaceholderTileLogoFolder
2020-03-25 09:29 - 2018-12-28 11:00 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-03-17 16:43 - 2018-12-28 12:12 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-15 11:50 - 2018-12-28 11:12 - 001693640 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-15 11:50 - 2018-09-15 18:32 - 000718198 _____ C:\Windows\system32\perfh005.dat
2020-03-15 11:50 - 2018-09-15 18:32 - 000145242 _____ C:\Windows\system32\perfc005.dat
2020-03-15 09:04 - 2019-12-02 16:58 - 000002359 _____ C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-15 09:04 - 2018-12-28 11:17 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3907094637-1769742579-2507837433-1001
2020-03-15 09:04 - 2018-12-28 11:17 - 000000000 ___RD C:\Users\Eva\OneDrive
2020-03-14 18:39 - 2018-12-30 22:37 - 000000000 ____D C:\Windows\system32\MRT
2020-03-14 18:37 - 2018-12-30 22:37 - 121542864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-03-14 09:20 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-03-14 09:11 - 2019-03-19 13:27 - 000000000 ___HD C:\$WINDOWS.~BT
2020-03-14 08:12 - 2018-12-28 11:50 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2020-03-14 06:40 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2020-03-14 06:39 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\SecureBootUpdates

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

virovymag · #4 Příspěvek od **virovymag** » 25 bře 2020 17:50

addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-03-2020
Ran by Eva (25-03-2020 17:46:19)
Running from C:\Users\Eva\Downloads
Windows 10 Home Version 1809 17763.973 (X64) (2018-12-28 10:10:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3907094637-1769742579-2507837433-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3907094637-1769742579-2507837433-503 - Limited - Disabled)
Eva (S-1-5-21-3907094637-1769742579-2507837433-1001 - Administrator - Enabled) => C:\Users\Eva
Guest (S-1-5-21-3907094637-1769742579-2507837433-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3907094637-1769742579-2507837433-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.64 - NVIDIA Corporation) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{82C288CC-A96D-43E3-9119-944DABF5DD61}) (Version: 0.8.0.74 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.149 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.12624.20320 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12624.20320 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\...\OneDriveSetup.exe) (Version: 20.028.0206.0009 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA Ovladače grafiky 382.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.64 - NVIDIA Corporation)
Odinstalace tiskárny EPSON XP-235 Series (HKLM\...\EPSON XP-235 Series) (Version: - Seiko Epson Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 382.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.64 - NVIDIA Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1720.1.0_x86__kgqvnymyfvs32 [2020-03-25] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2020-03-25] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2020-03-25] (Fitbit)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2020-03-25] (Netflix, Inc.)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.5.1.0_x64__nfy108tqq3p12 [2020-03-25] (Thumbmunkeys Ltd) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-06-19] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-02 18:03 - 2019-10-27 05:36 - 001261568 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A025784F-54AA-4419-8789-4F5602B4CCFC}] => (Allow) LPort=54950
FirewallRules: [{49B2C448-D7BE-4751-A6C0-139A3BB32968}] => (Allow) LPort=54955
FirewallRules: [{E3445AAD-1AAB-421E-ACA2-994B55D10FD1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

25-03-2020 10:30:27 Installed Microsoft Office Professional Plus 2013
25-03-2020 10:31:34 PROPLUS
25-03-2020 15:48:00 Operace obnovení

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 127.0.0.1

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[0]: ::1

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList.Length: 2

Error: (03/25/2020 05:39:17 PM) (Source: USBAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

System errors:
=============
Error: (03/25/2020 05:43:16 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-47MPNF7)
Description: 0x8000002a31\??\C:\FRST\y3Hq7Na1Js\SOFTWARE

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.SecurityAppBroker
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXtkpga72yvgnjbh2szsk8vmsbpbz1gdw4.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXev0q5mj8fv73ggp36jh3aysp31079gw2.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXr00jd4y2rs4113e6sxhfbd9681pzfc60.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXvctmff39365zg14pgmystcwtys462fpa.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca

Windows Defender:
===================================
Date: 2020-03-25 16:59:17.480
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:BAT/AutoKMS
ID: 2147739951
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd; webfile:_C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd|https://proxycache32.uloz.to/Ps;Hs;up=0 ... 4873390179
Původ zjišťování: Internet
Typ zjišťování: Konkrétní
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: Unknown
Verze podpisu: AV: 1.311.1867.0, AS: 1.311.1867.0, NIS: 1.311.1867.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:19.847
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:19.560
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gendows
ID: 2147646077
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:17.981
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2013.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Windows.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:17.958
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2013.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 17:31:47.293
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2020-03-25 16:51:06.333
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2020-03-15 09:02:18.019
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2019-07-09 17:27:05.532
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1460.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-07-09 17:27:05.532
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1460.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-03-25 14:36:01.310
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 14:36:01.305
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:29:57.923
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:29:57.916
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:27:44.629
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:44.210
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:43.707
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:43.313
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 0XCN36WW 08/30/2016
Motherboard: LENOVO Toronto 5A2
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 67%
Total physical RAM: 4002 MB
Available physical RAM: 1281.7 MB
Total Virtual: 4706 MB
Available Virtual: 1591.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:884.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CEFACC11)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

#5 Příspěvek od **Rudy** » 25 bře 2020 17:54

Nemáte zač. Teď spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

virovymag · #6 Příspěvek od **virovymag** » 25 bře 2020 18:00

# -------------------------------
# Malwarebytes AdwCleaner 8.0.3.0
# -------------------------------
# Build: 03-03-2020
# Database: 2020-03-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-25-2020
# Duration: 00:00:16
# OS: Windows 10 Home
# Scanned: 32067
# Detected: 10

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.WiperSoft C:\Program Files\WiperSoft
PUP.Optional.WiperSoft C:\Users\Eva\AppData\Roaming\WiperSoft

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\Eva\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoServiceBridge Folder C:\Users\Eva\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Preinstalled.LenovoUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|LenovoUtility

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

#7 Příspěvek od **Rudy** » 25 bře 2020 19:05

Dejte nové logy FRST+Addition.

virovymag · #8 Příspěvek od **virovymag** » 25 bře 2020 20:04

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-03-2020
Ran by Eva (25-03-2020 19:51:02)
Running from C:\Users\Eva\Downloads
Windows 10 Home Version 1809 17763.973 (X64) (2018-12-28 10:10:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3907094637-1769742579-2507837433-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3907094637-1769742579-2507837433-503 - Limited - Disabled)
Eva (S-1-5-21-3907094637-1769742579-2507837433-1001 - Administrator - Enabled) => C:\Users\Eva
Guest (S-1-5-21-3907094637-1769742579-2507837433-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3907094637-1769742579-2507837433-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.64 - NVIDIA Corporation) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{82C288CC-A96D-43E3-9119-944DABF5DD61}) (Version: 0.8.0.74 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.149 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.12624.20320 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.12624.20320 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\...\OneDriveSetup.exe) (Version: 20.028.0206.0009 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA Ovladače grafiky 382.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.64 - NVIDIA Corporation)
Odinstalace tiskárny EPSON XP-235 Series (HKLM\...\EPSON XP-235 Series) (Version: - Seiko Epson Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 382.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 382.64 - NVIDIA Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden

Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1720.1.0_x86__kgqvnymyfvs32 [2020-03-25] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.0.2204.0_x64__rz1tebttyb220 [2020-03-25] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2020-03-25] (Fitbit)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Studios) [MS Ad]
Microsoft Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2020-03-25] (Netflix, Inc.)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.5.1.0_x64__nfy108tqq3p12 [2020-03-25] (Thumbmunkeys Ltd) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxDTCM.dll [2018-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-06-19] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-12-02 18:03 - 2019-10-27 05:36 - 001261568 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3907094637-1769742579-2507837433-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A025784F-54AA-4419-8789-4F5602B4CCFC}] => (Allow) LPort=54950
FirewallRules: [{49B2C448-D7BE-4751-A6C0-139A3BB32968}] => (Allow) LPort=54955
FirewallRules: [{E3445AAD-1AAB-421E-ACA2-994B55D10FD1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

25-03-2020 10:30:27 Installed Microsoft Office Professional Plus 2013
25-03-2020 10:31:34 PROPLUS
25-03-2020 15:48:00 Operace obnovení

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 127.0.0.1

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[0]: ::1

Error: (03/25/2020 05:39:19 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList.Length: 2

Error: (03/25/2020 05:39:17 PM) (Source: USBAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

System errors:
=============
Error: (03/25/2020 06:03:42 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-47MPNF7)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-47MPNF7\Eva (SID: S-1-5-21-3907094637-1769742579-2507837433-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:43:16 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: DESKTOP-47MPNF7)
Description: 0x8000002a31\??\C:\FRST\y3Hq7Na1Js\SOFTWARE

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.SecurityAppBroker
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscBrokerManager
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:42:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
Windows.SecurityCenter.WscDataProtection
a APPID
Není k dispozici
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXtkpga72yvgnjbh2szsk8vmsbpbz1gdw4.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXev0q5mj8fv73ggp36jh3aysp31079gw2.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Error: (03/25/2020 05:41:21 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-47MPNF7)
Description: Nelze spustit server DCOM: Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe!App.AppXr00jd4y2rs4113e6sxhfbd9681pzfc60.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
0
při provádění příkazu:
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca

Windows Defender:
===================================
Date: 2020-03-25 16:59:17.480
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:BAT/AutoKMS
ID: 2147739951
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd; webfile:_C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd|https://proxycache32.uloz.to/Ps;Hs;up=0 ... 4873390179
Původ zjišťování: Internet
Typ zjišťování: Konkrétní
Zdroj zjišťování: Soubory ke stažení a přílohy
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: Unknown
Verze podpisu: AV: 1.311.1867.0, AS: 1.311.1867.0, NIS: 1.311.1867.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:19.847
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Occamy.C
ID: 2147726780
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe
Původ zjišťování: Místní počítač
Typ zjišťování: FastPath
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:19.560
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Gendows
ID: 2147646077
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:17.981
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2013.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Windows.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 11:26:17.958
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/Keygen
ID: 2147593794
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd; file:_C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2013.cmd
Původ zjišťování: Místní počítač
Typ zjišťování: Konkrétní
Zdroj zjišťování: Ochrana v reálném čase
Uživatel: DESKTOP-47MPNF7\Eva
Název procesu: C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
Verze podpisu: AV: 1.313.37.0, AS: 1.313.37.0, NIS: 1.313.37.0
Verze modulu: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-03-25 17:31:47.293
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2020-03-25 16:51:06.333
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2020-03-15 09:02:18.019
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2019-07-09 17:27:05.532
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1460.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

Date: 2019-07-09 17:27:05.532
Description:
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu:
Předchozí verze podpisu: 1.295.1460.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ podpisu: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16000.6
Kód chyby: 0x80072ee7
Popis chyby :Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-03-25 14:36:01.310
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 14:36:01.305
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:29:57.923
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:29:57.916
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-03-25 13:27:44.629
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:44.210
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:43.707
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-25 13:27:43.313
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 0XCN36WW 08/30/2016
Motherboard: LENOVO Toronto 5A2
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 68%
Total physical RAM: 4002 MB
Available physical RAM: 1271.5 MB
Total Virtual: 4706 MB
Available Virtual: 1317.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:884.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CEFACC11)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

virovymag · #9 Příspěvek od **virovymag** » 25 bře 2020 20:04

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-03-2020
Ran by Eva (administrator) on DESKTOP-47MPNF7 (LENOVO 80SM) (25-03-2020 19:49:03)
Running from C:\Users\Eva\Downloads
Loaded Profiles: Eva (Available Profiles: Eva)
Platform: Windows 10 Home Version 1809 17763.973 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Conexant Systems, Inc.) [File not signed] C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Eva\Desktop\adwcleaner_8.0.3.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Eva\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12003.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoUtility] => "C:\Program Files\Lenovo\LenovoUtility\utility.exe"
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [602968 2015-12-07] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831768 2016-08-29] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\Installer\chrmstp.exe [2020-03-25] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-25] () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1139041B-F6F4-4219-A41A-6037733A9177} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {23822574-5917-40F1-9E1C-A03D1D9C5F65} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {28093651-BEA9-4BBC-956B-1706706CE719} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {305E98B6-2B34-4053-A96A-F1A1DACF0CF3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6d37756e-628b-46d5-a4ca-a40dd0aead8b => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {3B3A276A-A181-47B3-973B-815EF8C3F471} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d2c4a410-ed1a-4a98-a2e8-aeb52133e7cd => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {5725A494-DE1A-4E88-A6A8-3917547A2950} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3907094637-1769742579-2507837433-1001 => C:\Users\Eva\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {6438794C-2EEF-44F5-9839-9B6E84ADC29D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6148504 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {6A63C522-8E67-4E6D-A971-A2521BD49E5C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\03be25a7-c7e1-494b-b368-8ef17561acde => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {6E5B3033-8A98-4E3B-8A14-65A20C57B47E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => "%windir%\system32\WindowsPowerShell\v1.0\PowerShell.exe" "powershell -executionpolicy bypass -file %ProgramData%\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\data\Maintenance.ps1"
Task: {75FFC4CD-A751-48A1-9A9D-A8DBF9BAF6B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24707448 2020-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {797F8A5D-3624-477E-91D8-8FDC56E1960F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [54424 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {91812944-F03A-4313-9FA9-38A722985996} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {A2632D8C-883D-48E8-884E-2046762C73F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {A57AAE03-B657-4FB4-8A05-E94B61C4BF9F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6148504 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CDF01B57-0470-47A6-83C0-52254DE42751} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {DA0B873B-A309-427F-9CF4-06CEA607D93D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E072E088-D5BA-422F-ADE3-0BDA58F8544D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24707448 2020-03-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2DC844C-FC5E-4B3F-AD4C-98BF8AE78054} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3e36c7bd-b3b8-4fdc-8575-38e3da7c62c0 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
Task: {E7DC05BA-2ED6-4699-ADC8-47FE4061BB21} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158544 2020-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3B4DAD7-C08D-4AE4-A983-F9ABD5AEF85F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{c8e6eeab-2143-42f7-a2be-d7739bc8e95d}: [DhcpNameServer] 213.46.172.36 213.46.172.37

Internet Explorer:
==================
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-03-14] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-12-21] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default [2020-03-25]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Extension: (Prezentace) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-28]
CHR Extension: (Dokumenty) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-28]
CHR Extension: (Disk Google) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-28]
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-28]
CHR Extension: (Tabulky) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-12-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-02]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-09]
CHR Extension: (Chrome Media Router) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10628888 2020-03-24] (Microsoft Corporation -> Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SAII\CxUtilSvc.exe [132096 2016-05-12] (Conexant Systems, Inc.) [File not signed]
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [194048 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80536 2020-02-11] (Lenovo -> Lenovo Group Ltd.)
R2 SAService; C:\Windows\system32\SAsrv.exe [431960 2015-09-15] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258648 2018-01-06] (Synaptics Incorporated -> Synaptics Incorporated)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 UIUService; %SystemRoot%\system32\UIUSrv.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_851a79f66682d708\nvlddmkm.sys [14482360 2017-09-29] (NVIDIA Corporation -> NVIDIA Corporation)
R3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2355544 2018-07-29] (Qualcomm Atheros -> Qualcomm Atheros, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [427520 2016-11-16] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3150336 2017-01-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [391392 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-25 17:58 - 2020-03-25 17:59 - 000000000 ____D C:\AdwCleaner
2020-03-25 17:55 - 2020-03-25 17:56 - 008199856 _____ (Malwarebytes) C:\Users\Eva\Desktop\adwcleaner_8.0.3.exe
2020-03-25 17:48 - 2020-03-25 17:48 - 000032621 _____ C:\Users\Eva\Desktop\FRST.txt
2020-03-25 17:48 - 2020-03-25 17:48 - 000025149 _____ C:\Users\Eva\Desktop\Addition.txt
2020-03-25 17:46 - 2020-03-25 17:48 - 000025146 _____ C:\Users\Eva\Downloads\Addition.txt
2020-03-25 17:43 - 2020-03-25 19:50 - 000020346 _____ C:\Users\Eva\Downloads\FRST.txt
2020-03-25 17:42 - 2020-03-25 19:49 - 000000000 ____D C:\FRST
2020-03-25 17:42 - 2020-03-25 17:42 - 002279936 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2020-03-25 17:37 - 2020-03-25 17:43 - 000003474 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-25 17:37 - 2020-03-25 17:43 - 000003350 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-25 17:37 - 2020-03-25 17:37 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-25 17:37 - 2020-03-25 17:37 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-03-25 15:27 - 2020-03-25 15:37 - 000000000 ____D C:\ProgramData\HitmanPro
2020-03-25 14:58 - 2020-03-25 14:58 - 000000000 ____D C:\Users\Eva\AppData\Local\cache
2020-03-25 14:57 - 2020-03-25 14:57 - 000000000 ____D C:\Users\Eva\AppData\Local\mbamtray
2020-03-25 14:57 - 2020-03-25 14:57 - 000000000 ____D C:\Users\Eva\AppData\Local\mbam
2020-03-25 14:56 - 2020-03-25 14:56 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-25 14:01 - 2020-03-25 14:01 - 000000000 ____D C:\Users\Eva\AppData\Roaming\WiperSoft
2020-03-25 14:00 - 2020-03-25 16:47 - 000000000 ____D C:\Program Files\WiperSoft
2020-03-25 13:19 - 2020-03-25 13:19 - 000000000 ____D C:\Users\Eva\AppData\Roaming\WinRAR
2020-03-25 12:07 - 2020-03-25 12:07 - 000000000 ____D C:\Users\Eva\AppData\Local\ESET
2020-03-25 12:07 - 2020-03-25 12:07 - 000000000 ____D C:\Users\Eva\AppData\Local\D3DSCache
2020-03-25 11:55 - 2020-03-25 11:55 - 000000000 ____D C:\Users\Eva\AppData\Local\CEF
2020-03-25 11:53 - 2020-03-25 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-03-25 11:31 - 2020-03-25 11:31 - 000000000 ____D C:\Program Files\AVAST Software
2020-03-25 11:30 - 2020-03-25 12:26 - 000000000 ____D C:\ProgramData\AVAST Software
2020-03-25 10:51 - 2020-03-25 10:56 - 080151770 _____ C:\Users\Eva\Downloads\Office 2013 aktivátor.rar
2020-03-25 10:50 - 2020-03-25 10:50 - 000000111 _____ C:\Users\Eva\Downloads\activation key Office 2013.txt
2020-03-25 10:49 - 2020-03-25 10:49 - 000085402 _____ C:\Users\Eva\Downloads\[SkT]KMSpico_9.0.5.20131111_Final_-_Microsoft_Office_-_Windows_Activator_(2010-2013).torrent
2020-03-25 10:46 - 2020-03-25 10:46 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
2020-03-25 10:43 - 2020-03-25 10:46 - 056210075 _____ C:\Users\Eva\Downloads\Office 2013 Activator.zip
2020-03-25 10:37 - 2020-03-25 10:37 - 000000000 ____D C:\Users\Eva\AppData\Local\Microsoft Help
2020-03-25 10:23 - 2020-03-25 10:24 - 003080123 _____ C:\Users\Eva\Downloads\Office 2016 instalátor + aktivátor (1).rar
2020-03-25 10:19 - 2020-03-25 17:29 - 000000000 ____D C:\Program Files (x86)\WinRAR
2020-03-25 10:19 - 2020-03-25 10:19 - 000001966 _____ C:\Users\Public\Desktop\WinRAR.lnk
2020-03-25 10:14 - 2020-03-25 10:14 - 007838463 _____ (RARLAB) C:\Users\Eva\Downloads\WinRAR 32-64bit v5.71.exe
2020-03-25 10:13 - 2020-03-25 10:13 - 003080123 _____ C:\Users\Eva\Downloads\Office 2016 instalátor + aktivátor.rar
2020-03-24 17:32 - 2020-03-24 17:32 - 000002846 _____ C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.docx.html
2020-03-24 17:32 - 2020-03-24 17:32 - 000000000 ____D C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.docx_files
2020-03-24 17:26 - 2020-03-24 17:26 - 000113332 _____ C:\Users\Eva\Downloads\sb045-20-AK.pdf
2020-03-24 17:22 - 2020-03-24 17:22 - 000162598 _____ C:\Users\Eva\Desktop\Výkaz o provedení práce z domova za měsíc březen 2020 - VZOR.pdf
2020-03-24 08:43 - 2020-03-24 08:43 - 000196280 _____ C:\Users\Eva\Downloads\Elektronické podepisování LD a ZPK_v02.pdf
2020-03-24 08:43 - 2020-03-24 08:43 - 000196280 _____ C:\Users\Eva\Downloads\Elektronické podepisování LD a ZPK_v02 (1).pdf
2020-03-24 08:42 - 2020-03-24 08:42 - 000244275 _____ C:\Users\Eva\Downloads\010412 Eva Hrubonova zaznam.pdf
2020-03-22 18:24 - 2020-03-22 18:25 - 000196473 _____ C:\Users\Eva\Downloads\Mimořádné-opatření-doba-pro-seniory.pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (3).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (5).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (4).pdf
2020-03-19 15:20 - 2020-03-19 15:20 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (3).pdf
2020-03-19 15:17 - 2020-03-19 15:17 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (3).pdf
2020-03-19 15:16 - 2020-03-19 15:16 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318 (2).pdf
2020-03-19 15:15 - 2020-03-19 15:15 - 000289290 _____ C:\Users\Eva\Downloads\13288_2020-03-19_10-09-23 (1).pdf
2020-03-19 15:12 - 2020-03-19 15:12 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318 (1).pdf
2020-03-19 15:07 - 2020-03-19 15:07 - 000044225 _____ C:\Users\Eva\Downloads\Vaculíková.pdf
2020-03-19 15:06 - 2020-03-19 15:06 - 000067130 _____ C:\Users\Eva\Downloads\K181_300070002629881_20200318.pdf
2020-03-19 15:05 - 2020-03-19 15:05 - 000289290 _____ C:\Users\Eva\Downloads\13288_2020-03-19_10-09-23.pdf
2020-03-19 09:33 - 2020-03-19 09:33 - 000302908 _____ C:\Users\Eva\Downloads\Interni sdeleni - omezeni cinnosti 30 (1).pdf
2020-03-19 09:32 - 2020-03-19 09:32 - 000302908 _____ C:\Users\Eva\Downloads\Interni sdeleni - omezeni cinnosti 30.pdf
2020-03-19 09:31 - 2020-03-19 09:31 - 000285763 _____ C:\Users\Eva\Downloads\Interni sdeleni.pdf
2020-03-18 09:49 - 2020-03-18 09:49 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (2).pdf
2020-03-18 09:49 - 2020-03-18 09:49 - 000014157 _____ C:\Users\Eva\Downloads\Sešit1.xlsx
2020-03-18 09:49 - 2020-03-18 09:49 - 000014157 _____ C:\Users\Eva\Downloads\Sešit1 (1).xlsx
2020-03-18 09:48 - 2020-03-18 09:48 - 001924729 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 15.3.2020.pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 001924729 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 15.3.2020 (1).pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 000278020 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 13.3.2020.pdf
2020-03-18 09:48 - 2020-03-18 09:48 - 000278020 _____ C:\Users\Eva\Downloads\usnesení vlády ze dne 13.3.2020 (1).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (4).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (3).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4.pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (2).pdf
2020-03-18 09:46 - 2020-03-18 09:46 - 000068443 _____ C:\Users\Eva\Downloads\30007_2020_4 (1).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (2).pdf
2020-03-18 09:45 - 2020-03-18 09:45 - 000272104 _____ C:\Users\Eva\Downloads\Interni sdeleni (1) (1).pdf
2020-03-18 09:43 - 2020-03-18 09:43 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020.pdf
2020-03-18 09:43 - 2020-03-18 09:43 - 000291630 _____ C:\Users\Eva\Downloads\BV 16.3.2020 (1).pdf
2020-03-17 16:45 - 2020-03-17 16:47 - 000000000 ____D C:\Users\Eva\AppData\Local\Brother
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\Users\Eva\AppData\Roaming\Brother
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\Users\Eva\AppData\Local\Nuance
2020-03-17 16:44 - 2020-03-17 16:44 - 000000000 ____D C:\ProgramData\Nuance
2020-03-17 16:43 - 2020-03-17 16:43 - 000000964 _____ C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2020-03-17 16:43 - 2020-03-17 16:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2020-03-17 16:43 - 2020-03-17 16:43 - 000000000 ____D C:\Program Files (x86)\Brother
2020-03-17 16:40 - 2020-03-17 16:40 - 000000000 ____D C:\ProgramData\Brother
2020-03-16 16:11 - 2020-03-16 16:11 - 000277580 _____ C:\Users\Eva\Downloads\7298 2020 koronavir.pdf
2020-03-16 16:11 - 2020-03-16 16:11 - 000277580 _____ C:\Users\Eva\Downloads\7298 2020 koronavir (1).pdf
2020-03-15 16:16 - 2020-03-15 16:16 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (2).pdf
2020-03-15 16:16 - 2020-03-15 16:16 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14 (1).pdf
2020-03-15 12:06 - 2020-03-15 12:06 - 000226466 _____ C:\Users\Eva\Downloads\Dohoda_o_vykonu_statni_sluzby_z_jineho_mista_2020_03_14.pdf
2020-03-14 18:39 - 2020-02-01 07:36 - 000801080 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2020-03-14 09:21 - 2020-03-14 09:21 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2020-03-14 09:10 - 2020-03-14 09:10 - 000001908 _____ C:\Windows\diagwrn.xml
2020-03-14 09:10 - 2020-03-14 09:10 - 000001908 _____ C:\Windows\diagerr.xml
2020-03-14 08:10 - 2020-03-14 08:10 - 000000000 ____D C:\Windows\Lenovo

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-25 19:47 - 2018-12-28 11:00 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-03-25 19:47 - 2018-09-15 08:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-25 17:48 - 2018-09-15 08:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-25 17:48 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\AppReadiness
2020-03-25 17:48 - 2018-09-15 08:31 - 000000000 ____D C:\Windows\INF
2020-03-25 17:45 - 2018-12-28 11:12 - 001693640 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-25 17:45 - 2018-09-15 18:32 - 000718198 _____ C:\Windows\system32\perfh005.dat
2020-03-25 17:45 - 2018-09-15 18:32 - 000145242 _____ C:\Windows\system32\perfc005.dat
2020-03-25 17:39 - 2018-12-28 12:09 - 000000000 __SHD C:\Users\Eva\IntelGraphicsProfiles
2020-03-25 17:39 - 2018-12-28 11:40 - 000000000 ____D C:\ProgramData\NVIDIA
2020-03-25 17:39 - 2018-12-28 11:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-25 17:38 - 2018-09-15 07:09 - 000524288 _____ C:\Windows\system32\config\BBI
2020-03-25 17:37 - 2018-12-28 11:34 - 000000000 ____D C:\Program Files (x86)\Google
2020-03-25 17:31 - 2018-12-28 11:13 - 000000000 ____D C:\Users\Eva
2020-03-25 17:29 - 2018-12-30 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2020-03-25 17:29 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\appcompat
2020-03-25 17:29 - 2018-09-15 07:09 - 000000000 ____D C:\Windows\system32\Sysprep
2020-03-25 17:15 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\registration
2020-03-25 17:13 - 2018-12-30 22:28 - 000000000 ____D C:\Program Files\Microsoft Office
2020-03-25 17:13 - 2018-09-15 08:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-03-25 14:55 - 2018-12-28 11:14 - 000000000 ____D C:\Users\Eva\AppData\Local\Packages
2020-03-25 13:34 - 2018-12-28 10:59 - 000000000 ____D C:\Windows\Panther
2020-03-25 12:24 - 2018-12-28 11:34 - 000000000 ____D C:\Users\Eva\AppData\Local\PlaceholderTileLogoFolder
2020-03-25 09:29 - 2018-12-28 11:00 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-03-17 16:43 - 2018-12-28 12:12 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-15 09:04 - 2019-12-02 16:58 - 000002359 _____ C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-15 09:04 - 2018-12-28 11:17 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3907094637-1769742579-2507837433-1001
2020-03-15 09:04 - 2018-12-28 11:17 - 000000000 ___RD C:\Users\Eva\OneDrive
2020-03-14 18:39 - 2018-12-30 22:37 - 000000000 ____D C:\Windows\system32\MRT
2020-03-14 18:37 - 2018-12-30 22:37 - 121542864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-03-14 09:20 - 2018-09-15 07:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-03-14 09:11 - 2019-03-19 13:27 - 000000000 ___HD C:\$WINDOWS.~BT
2020-03-14 08:12 - 2018-12-28 11:50 - 000000000 ____D C:\Windows\system32\Tasks\Lenovo
2020-03-14 06:40 - 2018-09-15 08:23 - 000000000 ____D C:\Windows\CbsTemp
2020-03-14 06:39 - 2018-09-15 08:33 - 000000000 ____D C:\Windows\system32\SecureBootUpdates

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#10 Příspěvek od **Rudy** » 25 bře 2020 21:04

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
Task: {52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {A2632D8C-883D-48E8-884E-2046762C73F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd
C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe
C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe
C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

virovymag · #11 Příspěvek od **virovymag** » 25 bře 2020 21:28

tak restart a open okno vyskocilo s chromem a tabama na divne reklamy, zde log

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-03-2020
Ran by Eva (25-03-2020 21:24:18) Run:1
Running from C:\Users\Eva\Desktop
Loaded Profiles: Eva (Available Profiles: Eva)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
Task: {52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
Task: {A2632D8C-883D-48E8-884E-2046762C73F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-25] (Google LLC -> Google LLC)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd
C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe
C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe
C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe
C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52B85F3B-A6DB-4DF2-839C-C5AB6A7531BC}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2632D8C-883D-48E8-884E-2046762C73F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2632D8C-883D-48E8-884E-2046762C73F5}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"C:\Users\Eva\Downloads\MS office 2016 aktivator STAČÍ SPUSTIT JAKO SPRAVCE !!!.cmd" => not found
"C:\Users\Eva\AppData\Local\Temp\KMSnano\KMSELDI.exe" => not found
"C:\Users\Eva\AppData\Local\Temp\KMSnano\KMS Client.exe" => not found
"C:\Users\Eva\Desktop\Office 2013 aktivátor\v9-autoact\KMSnano.exe" => not found
"C:\Users\Eva\AppData\Local\Temp\KMSnano\Activate_Office2010.cmd" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10731476 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 38585740 B
Edge => 1307457 B
Chrome => 188561255 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7456 B
NetworkService => 5911320 B
Eva => 107451302 B

RecycleBin => 0 B
EmptyTemp: => 343.7 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:25:24 ====

#12 Příspěvek od **Rudy** » 25 bře 2020 21:58

OK, Zder smazáno, ještě vyčistíme samotné prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin

;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. 2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

virovymag · #13 Příspěvek od **virovymag** » 25 bře 2020 22:07

zoek jsem pustil vystupni log nemohu najit poradite prosim kde...zoek mam na plose...pro prubehu napsal
moc se omlouvam
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Eva on 25.03.2020 at 22:02:49,36.
Microsoft Windows 10 Home 10.0.17763 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Eva\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 22:03:26,31 =====

edit:dohledal jsem asi

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Eva on 25.03.2020 at 22:02:49,36.
Microsoft Windows 10 Home 10.0.17763 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Eva\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.03.2020 22:06:12 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\InstallShield Installation Information deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Eva\AppData\Local\DBG deleted successfully
C:\Users\Eva\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Users\Eva\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\DBG deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\InstallShield Installation Information not found
C:\PROGRA~3\Package Cache deleted
C:\Users\Eva\AppData\Local\cache deleted

==== Orphaned Tasks deleted from Registry ======================

Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask_Once deleted

virovymag · #14 Příspěvek od **virovymag** » 25 bře 2020 22:12

jrt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Eva (Administrator) on 25.03.2020 at 22:08:58,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2020 at 22:11:37,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

virovymag · #15 Příspěvek od **virovymag** » 25 bře 2020 22:30

udelal jsem restart a po restartu open vyskoci chrome se "spamovou" zalozkou

nove frst a add v priloze

VIRY.CZ

Zavirovany chrome/win 10 gatustox gestyy

Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy

Re: Zavirovany chrome/win 10 gatustox gestyy