Prosím o kontrolu logu_Trojan:Script/Wacatac.B!ml

[pavuky]

Zdravím Vás. Kamarádka měla v notebooku prošlej Avast a McAfee. Když jsem je odstranil, Defender zachytil ,,Trojan:Script/Wacatac.B!ml,, a ,,Trojan:MSIL/CoinMiner,,.
Jsou v karanténě, ale notebook stále jede na 80% procesoru (i když se na noteb. nepracuje) a to samé u paměti. Prosím proto o kontrolu logu, případně návrh řešení. Děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by Maruška (administrator) on LAPTOP-37JKCA9B (HP HP Laptop 15-rb0xx) (08-12-2020 03:58:21)
Running from C:\Users\Maruška\Downloads
Loaded Profiles: Maruška
Platform: Windows 10 Home Version 1909 18363.1198 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0335631.inf_amd64_f6c8f014e1f36971\B335869\atiesrxx.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_3b1a7f8fd6029daa\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_66856cbf5000451f\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_66856cbf5000451f\x64\BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_66856cbf5000451f\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_66856cbf5000451f\x64\SysInfoCap.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\commsapps.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13228.41011.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(VS Revo Group Ltd. -> VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-04-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-18] (Realtek Semiconductor Corp. -> Realtek)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\Avast Software\Avast\AvLaunch.exe" /gui
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {226f610b-7907-11ea-ac2b-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {226f7c8e-7907-11ea-ac2b-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {2e246c0b-0d9e-11eb-ac3b-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {4ee6cfa6-d1ae-11e9-ac1d-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\Canon iP2800 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC1.DLL [30208 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP2800 series: C:\WINDOWS\system32\CNMLMC1.DLL [391168 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B92F1B2-75A6-44CE-B663-DA7752BE187D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0BCC9284-3F9D-43CE-A2EC-FF0DF1389A43} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2B6606BD-44C6-4BE2-852F-2C37202586BC} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
Task: {655BF991-1207-4E82-90F8-2B8AFC4E8138} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Task: {722ACB98-6406-41C8-AB2E-27C13988D3DF} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [63880 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {ACBD2EF0-25B2-4F7B-9F7C-023A2D8231AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B83DFBD8-811A-4AF0-A738-340AFC1A5589} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [135000 2020-09-30] (HP Inc. -> HP Inc.)
Task: {BFA445F0-5E55-4B98-A197-DC24E2FA265E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {C2170ED4-D5A8-4FB8-A288-9C5CF9942DFB} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {DF97E0EE-6C94-478A-B6E1-F4CBD0B1B274} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{81387fd2-224d-423f-a351-ab9c7d4b9b5f}: [DhcpNameServer] 10.0.0.138

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Maruška\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-08]

FireFox:
========
FF DefaultProfile: s4lgm2rz.default
FF ProfilePath: C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\s4lgm2rz.default [2020-12-08]
FF ProfilePath: C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\1rpf8yj0.default-release [2020-12-08]
FF Homepage: Mozilla\Firefox\Profiles\1rpf8yj0.default-release -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\1rpf8yj0.default-release -> hxxps://www.facebook.com; hxxps://www.freefilm.to; hxxps://www.youtube.com; hxxps://www.megaknihy.cz; hxxps://www.bubulakovo.cz; hxxps://www.regiojet.cz; hxxps://www.botovo.cz; hxxps://www.floryday.com
FF Extension: (Adblock) - C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\1rpf8yj0.default-release\Extensions\adblock-for-ff-lite@addons.xpi [2020-12-08]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\1rpf8yj0.default-release\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2019-08-13]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\1rpf8yj0.default-release\Extensions\langpack-cs@firefox.mozilla.org.xpi [2020-11-27]
FF Extension: (No Name) - C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\1rpf8yj0.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 0198501607380213mcinstcleanup; C:\ProgramData\McInstTemp0198501607380213\mcinst.exe [941448 2019-08-14] (McAfee, LLC. -> McAfee, LLC.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_66856cbf5000451f\x64\AppHelperCap.exe [601368 2020-10-18] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_66856cbf5000451f\x64\NetworkCap.exe [599832 2020-10-18] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_66856cbf5000451f\x64\SysInfoCap.exe [600344 2020-10-18] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_3b1a7f8fd6029daa\x64\TouchpointAnalyticsClientService.exe [465168 2020-11-02] (HP Inc. -> HP Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 avast! Tools; "C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521752 2020-11-27] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-03-20] (Microsoft Corporation) [File not signed]
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [23960 2018-07-06] (HP Inc. -> HP Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-08 03:55 - 2020-12-08 03:58 - 000034477 _____ C:\Users\Maruška\Downloads\Addition.txt
2020-12-08 03:49 - 2020-12-08 03:59 - 000012933 _____ C:\Users\Maruška\Downloads\FRST.txt
2020-12-08 03:49 - 2020-12-08 03:58 - 000000000 ____D C:\FRST
2020-12-08 03:44 - 2020-12-08 03:44 - 002288640 _____ (Farbar) C:\Users\Maruška\Downloads\FRST64.exe
2020-12-08 02:23 - 2020-12-08 02:43 - 000000000 ____D C:\AdwCleaner
2020-12-08 02:22 - 2020-12-08 02:23 - 008447152 _____ (Malwarebytes) C:\Users\Maruška\Downloads\adwcleaner_8.0.8.exe
2020-12-08 01:40 - 2020-12-08 01:45 - 000000000 ____D C:\WINDOWS\pss
2020-12-08 01:26 - 2020-12-08 01:43 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-08 01:14 - 2020-12-08 01:14 - 000062124 _____ C:\Users\Maruška\AppData\Roaming\salmaomar.txt
2020-12-08 01:13 - 2020-12-08 01:13 - 005277696 _____ C:\Users\Maruška\AppData\Roaming\salmagamalx.txt
2020-12-08 01:06 - 2020-12-08 01:14 - 000000000 ____D C:\Users\Maruška\Downloads\já
2020-12-08 00:00 - 2020-12-08 00:00 - 000001129 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2020-12-08 00:00 - 2020-12-08 00:00 - 000001129 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2020-12-08 00:00 - 2020-12-08 00:00 - 000000000 ____D C:\Users\Maruška\AppData\Local\VS Revo Group
2020-12-08 00:00 - 2020-12-08 00:00 - 000000000 ____D C:\ProgramData\VS Revo Group
2020-12-08 00:00 - 2020-12-08 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2020-12-08 00:00 - 2020-12-08 00:00 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-08 00:00 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2020-12-07 23:30 - 2020-12-07 23:30 - 000000000 ____D C:\ProgramData\McInstTemp0198501607380213
2020-12-07 22:54 - 2020-12-07 22:54 - 000000000 ____D C:\Users\Maruška\AppData\Local\mbam
2020-12-07 22:53 - 2020-12-07 22:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-07 22:49 - 2020-12-08 00:14 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-07 20:09 - 2020-12-07 20:09 - 000000659 _____ C:\Users\Maruška\Desktop\ESET Online Scanner.lnk
2020-12-07 20:08 - 2020-12-07 20:09 - 000000787 _____ C:\Users\Maruška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-12-07 20:08 - 2020-12-07 20:08 - 000000000 ____D C:\Users\Maruška\AppData\Local\ESET
2020-12-07 20:07 - 2020-12-07 20:08 - 015012440 _____ (ESET spol. s r.o.) C:\Users\Maruška\Downloads\esetonlinescanner.exe
2020-12-06 11:57 - 2020-12-06 12:06 - 1922495892 _____ C:\Users\Maruška\Downloads\Pod vodou - Underwater.2020.1080p.BluRay.CZ.dabing.5.1.mkv
2020-12-05 13:56 - 2020-12-05 14:07 - 1964388506 _____ C:\Users\Maruška\Downloads\MEG Monstrum z hlubin _ The Meg (2018) Thriller Cz dab 1920x800p.mkv
2020-12-01 21:15 - 2020-12-01 21:33 - 1103158466 _____ C:\Users\Maruška\Downloads\Run.2020.1080p.cz titulky .mkv
2020-11-28 15:47 - 2020-11-28 15:47 - 011375836 _____ C:\Users\Maruška\Downloads\1-Mikina-z-něm.stránek-návod.pdf
2020-11-28 15:47 - 2020-11-28 15:47 - 000129743 _____ C:\Users\Maruška\Downloads\1-Mikina-z-něm.stránek-68-104.pdf
2020-11-28 15:42 - 2020-11-28 15:42 - 011541762 _____ C:\Users\Maruška\Downloads\prilohy_28385.zip
2020-11-28 15:42 - 2020-11-28 15:42 - 000187370 _____ C:\Users\Maruška\Downloads\1-Mikina-z-něm.stránek-110-170-f-2.pdf
2020-11-27 08:13 - 2020-11-27 08:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-11-24 17:57 - 2020-11-24 18:06 - 2388622952 _____ C:\Users\Maruška\Downloads\Scooby doo (2020) CZ a SK DABING.mkv
2020-11-22 19:00 - 2020-11-22 19:12 - 2525726549 _____ C:\Users\Maruška\Downloads\V zajetí - Run - (CZ tit.) 2020 - 1080p.mkv
2020-11-20 19:48 - 2020-12-07 22:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-19 17:50 - 2020-11-19 17:54 - 1310067279 _____ C:\Users\Maruška\Downloads\Pokémon_Detective Pikachu_CZ Dabing_BSfilm.mkv
2020-11-17 18:01 - 2020-11-17 18:06 - 979054454 _____ C:\Users\Maruška\Downloads\Spláchnutej (2006) cz.avi
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-12 19:46 - 2020-11-12 19:46 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-12 19:45 - 2020-11-12 19:45 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-11-12 19:42 - 2020-11-12 19:42 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-12 19:41 - 2020-11-12 19:41 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-12 19:41 - 2020-11-12 19:41 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-09 18:30 - 2020-11-09 18:41 - 000110526 _____ C:\Users\Maruška\Downloads\GDPR - souhlas se zpracováním osobních údajů HPP.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-08 04:01 - 2019-08-13 10:40 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-08 04:00 - 2019-08-13 10:40 - 000000000 ____D C:\Users\Maruška\AppData\LocalLow\Mozilla
2020-12-08 03:18 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-08 03:17 - 2019-08-13 10:24 - 000000000 ____D C:\Users\Maruška\AppData\Local\Packages
2020-12-08 03:17 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-08 02:50 - 2020-03-21 00:08 - 001708148 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-08 02:50 - 2019-03-19 12:55 - 000717602 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-08 02:50 - 2019-03-19 12:55 - 000154680 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-08 02:50 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-12-08 02:46 - 2020-03-21 00:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-08 02:44 - 2019-03-19 05:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-12-08 02:44 - 2019-01-13 20:47 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2020-12-08 02:43 - 2019-08-13 10:28 - 000000000 ____D C:\Users\Maruška\AppData\Roaming\Hewlett-Packard
2020-12-08 02:43 - 2018-11-27 03:55 - 000000000 ____D C:\ProgramData\HP
2020-12-08 02:43 - 2018-11-27 03:55 - 000000000 ____D C:\Program Files (x86)\HP
2020-12-08 02:43 - 2018-11-27 03:54 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2020-12-08 02:43 - 2018-11-27 03:54 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2020-12-08 02:43 - 2018-11-13 02:32 - 000000000 ___HD C:\hp
2020-12-08 02:37 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-08 02:13 - 2020-11-04 07:43 - 000000000 ____D C:\Users\Maruška\AppData\Local\CrashDumps
2020-12-08 01:54 - 2018-10-11 06:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-08 01:00 - 2019-08-13 10:24 - 000000000 ____D C:\Users\Maruška\AppData\Local\D3DSCache
2020-12-08 00:56 - 2019-01-13 21:10 - 000000000 ____D C:\ProgramData\McAfee
2020-12-08 00:56 - 2019-01-13 21:10 - 000000000 ____D C:\Program Files\Common Files\mcafee
2020-12-08 00:55 - 2020-03-20 23:56 - 000000000 ____D C:\Users\Maruška
2020-12-08 00:45 - 2020-09-26 14:34 - 000000000 ____D C:\Program Files (x86)\Steam
2020-12-08 00:45 - 2020-03-09 16:08 - 000000000 ___DC C:\WINDOWS\Panther
2020-12-08 00:45 - 2019-11-28 19:42 - 000000000 ____D C:\Users\Maruška\Desktop\Iowa
2020-12-08 00:33 - 2020-06-06 23:02 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-08 00:33 - 2020-06-06 23:02 - 000003348 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-08 00:33 - 2020-03-21 00:21 - 000002922 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3457819308-1348416728-1505589383-1001
2020-12-07 23:55 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-07 23:43 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-07 23:38 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-12-07 23:37 - 2020-03-21 00:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-12-07 23:31 - 2020-10-04 08:02 - 000000000 ____D C:\Users\Maru�ka
2020-12-07 22:39 - 2020-03-20 23:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-07 22:39 - 2019-08-13 10:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-07 22:13 - 2020-06-06 23:03 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-07 22:13 - 2020-06-06 23:03 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-07 22:13 - 2020-06-06 23:03 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-12-02 16:47 - 2020-02-13 18:22 - 000000000 ____D C:\Users\Maruška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-12-01 21:10 - 2020-11-03 12:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-12-01 21:10 - 2020-03-21 00:21 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3457819308-1348416728-1505589383-500
2020-12-01 21:10 - 2020-03-21 00:21 - 000002202 _____ C:\WINDOWS\system32\Tasks\StartCN
2020-12-01 21:10 - 2020-03-21 00:21 - 000002116 _____ C:\WINDOWS\system32\Tasks\StartDVR
2020-11-27 11:46 - 2020-11-03 12:43 - 000521752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2020-11-27 08:13 - 2019-08-13 10:40 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-23 08:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-11-18 07:30 - 2020-09-30 21:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-13 21:23 - 2019-08-14 11:05 - 000000000 ____D C:\Users\Maruška\AppData\Local\HP_Inc
2020-11-13 21:13 - 2019-08-13 10:24 - 000000000 ___RD C:\Users\Maruška\3D Objects
2020-11-13 21:13 - 2018-10-11 06:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-13 21:09 - 2020-03-20 23:48 - 000367576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-13 21:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-13 08:26 - 2019-08-13 13:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-13 08:15 - 2019-08-13 13:08 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-12 19:40 - 2020-03-20 23:53 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-12 11:00 - 2020-02-19 15:18 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-09-30 21:11 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll

==================== Files in the root of some directories ========

2020-12-08 01:13 - 2020-12-08 01:13 - 005277696 _____ () C:\Users\Maruška\AppData\Roaming\salmagamalx.txt
2020-12-08 01:14 - 2020-12-08 01:14 - 000062124 _____ () C:\Users\Maruška\AppData\Roaming\salmaomar.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2020
Ran by Maruška (08-12-2020 04:03:17)
Running from C:\Users\Maruška\Downloads
Windows 10 Home Version 1909 18363.1198 (X64) (2020-03-20 23:22:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3457819308-1348416728-1505589383-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3457819308-1348416728-1505589383-503 - Limited - Disabled)
Guest (S-1-5-21-3457819308-1348416728-1505589383-501 - Limited - Disabled)
Maruška (S-1-5-21-3457819308-1348416728-1505589383-1001 - Administrator - Enabled) => C:\Users\Maruška
WDAGUtilityAccount (S-1-5-21-3457819308-1348416728-1505589383-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: McAfee VirusScan (Disabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1108.0636.11889 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12 - Advanced Micro Devices, Inc.)
Darkest Dungeon Ancestral Edition version 24.83.9 (HKLM-x32\...\Darkest Dungeon Ancestral Edition_is1) (Version: 24.83.9 - Red Hook Studios)
DidaktaCZ 1.0.0 (HKLM-x32\...\7e81f6ca-38af-5207-b03c-2ecbe5f1ce8e) (Version: 1.0.0 - SILCOM Multimedia, s.r.o.)
Gameforge Live 2.0.13 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.13 - Gameforge)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{016FBF6D-AEDE-4D33-87B4-DF6815EF674A}) (Version: 1.4.0.485 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{35556CCA-F14E-48F3-93F4-E29C4B3DBE30}) (Version: 1.4.485.0 - HP Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.57 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 en-US) (HKLM\...\Mozilla Firefox 83.0 (x64 en-US)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17134.31243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.28.615.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.2.1 - VS Revo Group, Ltd.)
Roblox Player for Maruška (HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Maruška (HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\roblox-studio) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.0.83.0_x86__kgqvnymyfvs32 [2020-12-02] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.48.2.0_x86__kgqvnymyfvs32 [2020-11-26] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1910.3.0_x86__kgqvnymyfvs32 [2020-12-03] (king.com)
Counter Critical Strike CS FPS -> C:\Program Files\WindowsApps\43751MagicCraftGamesStudi.CounterCriticalStrikeCSG_13.1.0.0_x86__86n61r1sa25km [2020-07-04] (Magic Craft Games Studio Inc.) [MS Ad]
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2019-01-13] (HP Inc.)
Farming Simulator 16 -> C:\Program Files\WindowsApps\GIANTSSoftware.FarmingSimulator16_1.1.2.8_x86__fa8jxm5fj0esw [2020-09-26] (GIANTS Software)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2019-01-13] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_1.6.7.0_x64__v10z8vjag6ke6 [2020-10-07] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.0.39.0_x64__v10z8vjag6ke6 [2020-09-29] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-05] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.6.839.0_x64__v10z8vjag6ke6 [2020-11-13] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6 [2020-09-06] (HP Inc.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13426.20308.0_x86__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-13] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13426.20308.0_x86__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13426.20308.0_x86__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13426.20308.0_x86__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13426.20308.0_x86__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13426.20308.0_x86__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-21] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13426.20308.0_x86__8wekyb3d8bbwe [2020-12-07] (Microsoft Corporation)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-08-13] (CYBERLINKCOM CORP)
ROBLOX -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.458.22047.0_x86__55nm5eh3cm0pr [2020-12-06] (ROBLOX Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.20.87.0_x64__kx24dqmazqk8j [2020-09-07] (Random Salad Games LLC)
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35054.0.0_x64__807d65c4rvak2 [2020-03-21] (Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3457819308-1348416728-1505589383-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Maruška\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-07-06 11:43 - 2018-07-06 11:43 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-07-06 11:44 - 2018-07-06 11:44 - 002552832 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000345600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000502272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 001412608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-11-08 06:34 - 2018-11-08 06:34 - 005812224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 006321152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 001077248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 000323584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 003559424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 003700224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 000359936 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 076160000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 005603840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 000461312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 000187904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-07-06 11:43 - 2018-07-06 11:43 - 002822144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000053248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000059904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000328192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-07-06 11:44 - 2018-07-06 11:44 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\styles\qwindowsvistastyle.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2CEABEFB-D5DF-49D0-85BD-85BE1F25CBBF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1AD83483-36E9-49C0-B91C-25FD45F08FF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{329ABE1C-3D50-44F6-B5E3-77F956C894FF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{21FF1C04-E488-40A0-8727-438EDF769B81}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6BB705F6-A8AB-4E21-9398-65C1F014A339}] => (Allow) C:\Program Files (x86)\GameforgeLive\gfl_client.exe (Gameforge 4D GmbH -> )
FirewallRules: [TCP Query User{8C729D0A-C845-4673-8AF4-48E30DCA8BC1}C:\users\maruška\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\maruška\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{71BBEA8D-8449-4DF8-B1D0-6237505C17C5}C:\users\maruška\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\maruška\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{097D4EB6-0689-4183-8869-36E1DB6B9081}C:\users\maruška\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\maruška\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{45BD7101-1DAE-4462-B180-907FC83891BD}C:\users\maruška\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\maruška\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3378F964-2E3E-49C7-9FF5-016D2661F872}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3A5AD0E3-A79A-45E2-A399-85F7A5BECB70}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68063DD5-F2CE-4B74-9FAF-8AFD026A55E4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FFDFAC8C-A695-45ED-BA7F-49F9234726B8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C176327C-1F86-44BD-A389-C3BD2710133D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13426.20308.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

26-11-2020 08:51:12 Naplánovaný kontrolní bod
06-12-2020 13:33:09 Naplánovaný kontrolní bod
08-12-2020 02:42:09 AdwCleaner_BeforeCleaning_08/12/2020_02:42:08

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/08/2020 04:06:45 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8428,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/08/2020 03:52:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4992,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/08/2020 03:43:47 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8668,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/08/2020 03:24:48 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3780,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/08/2020 03:13:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1148,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/08/2020 02:57:26 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2192,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/08/2020 02:44:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (12/08/2020 02:44:35 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (12/08/2020 02:48:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba HP Comm Recovery neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (12/08/2020 02:46:19 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba avast! Tools závisí na následující službě: avast! Antivirus. Tato služba pravděpodobně není nainstalována.

Error: (12/08/2020 02:44:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

Error: (12/08/2020 02:44:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

Error: (12/08/2020 02:44:31 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\Rtlihvs.dll

Error: (12/08/2020 02:43:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Analytics service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (12/08/2020 02:43:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Comm Recovery byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/08/2020 02:43:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP System Info HSA Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2020-12-08 02:13:47.380
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Script/Wacatac.B!ml
ID: 2147735503
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_c:\users\maruška\appdata\roaming\1.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\svchost.exe
Verze bezpečnostních informací: AV: 1.327.2245.0, AS: 1.327.2245.0, NIS: 1.327.2245.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2020-12-08 02:13:38.400
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Script/Wacatac.B!ml
ID: 2147735503
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_c:\users\maruška\appdata\roaming\1.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.327.2245.0, AS: 1.327.2245.0, NIS: 1.327.2245.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2020-12-08 02:13:33.990
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/CoinMiner
ID: 2147689194
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_C:\Users\Maruška\AppData\Roaming\1.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: LAPTOP-37JKCA9B\Maruška
Název procesu: C:\Users\Maruška\AppData\Roaming\1.exe
Verze bezpečnostních informací: AV: 1.327.2245.0, AS: 1.327.2245.0, NIS: 1.327.2245.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2020-12-08 02:13:33.290
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/CoinMiner
ID: 2147689194
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_C:\Users\Maruška\AppData\Roaming\1.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: LAPTOP-37JKCA9B\Maruška
Název procesu: C:\Users\Maruška\AppData\Roaming\1.exe
Verze bezpečnostních informací: AV: 1.327.2245.0, AS: 1.327.2245.0, NIS: 1.327.2245.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2020-12-08 02:02:12.674
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.DC!ml
ID: 2147757791
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Maruška\AppData\Roaming\xcn.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-37JKCA9B\Maruška
Název procesu: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
Verze bezpečnostních informací: AV: 1.327.2245.0, AS: 1.327.2245.0, NIS: 1.327.2245.0
Verze modulu: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-10-30 05:28:02.450
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1582.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2020-09-26 01:41:13.243
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.323.1854.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17400.5
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2020-12-08 01:06:46.980
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-12-08 00:59:21.738
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-12-08 00:59:21.534
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-12-08 00:59:21.481
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-12-08 00:58:12.161
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-08 00:58:12.094
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-08 00:58:11.981
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-08 00:58:11.819
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.40 11/23/2018
Motherboard: HP 8330
Processor: AMD E2-9000e RADEON R2, 4 COMPUTE CORES 2C+2G
Percentage of memory in use: 88%
Total physical RAM: 3981.68 MB
Available physical RAM: 475.43 MB
Total Virtual: 7821.68 MB
Available Virtual: 3315.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:464.53 GB) (Free:324.9 GB) NTFS
Drive e: (LUDVA) (Removable) (Total:28.87 GB) (Free:3.83 GB) NTFS

\\?\Volume{3a47c3c4-cbf9-4886-9e55-332ecb1ce346}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.37 GB) NTFS
\\?\Volume{9c7cb9a8-28dd-4fce-93ef-c6c2c351d5d5}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FB125693)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: F46DA114)
Partition 1: (Not Active) - (Size=28.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

[JaRon]

ahoj,
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {226f610b-7907-11ea-ac2b-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe" 
 HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {226f7c8e-7907-11ea-ac2b-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe" 
 HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {2e246c0b-0d9e-11eb-ac3b-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe" 
 HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {4ee6cfa6-d1ae-11e9-ac1d-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe" 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
S2 avast! Tools; "C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc [X]
 S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
 S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
c:\users\maruška\appdata\roaming\1.exe
C:\Users\Maruška\AppData\Roaming\xcn.exe



EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[pavuky]

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2020
Ran by Maruška (08-12-2020 10:01:56) Run:1
Running from C:\Users\Maruška\Downloads
Loaded Profiles: Maruška
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {226f610b-7907-11ea-ac2b-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {226f7c8e-7907-11ea-ac2b-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {2e246c0b-0d9e-11eb-ac3b-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\...\MountPoints2: {4ee6cfa6-d1ae-11e9-ac1d-0c96e6abd3f2} - "E:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
S2 avast! Tools; "C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
c:\users\maruška\appdata\roaming\1.exe
C:\Users\Maruška\AppData\Roaming\xcn.exe



EmptyTemp:
Reboot:
End
*****************

HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{226f610b-7907-11ea-ac2b-0c96e6abd3f2} => removed successfully
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{226f7c8e-7907-11ea-ac2b-0c96e6abd3f2} => removed successfully
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e246c0b-0d9e-11eb-ac3b-0c96e6abd3f2} => removed successfully
HKU\S-1-5-21-3457819308-1348416728-1505589383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ee6cfa6-d1ae-11e9-ac1d-0c96e6abd3f2} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\System\CurrentControlSet\Services\avast! Tools => removed successfully
avast! Tools => service removed successfully
HKLM\System\CurrentControlSet\Services\HP Comm Recover => removed successfully
HP Comm Recover => service removed successfully
HKLM\System\CurrentControlSet\Services\HPJumpStartBridge => removed successfully
HPJumpStartBridge => service removed successfully
"c:\users\maruška\appdata\roaming\1.exe" => not found
"C:\Users\Maruška\AppData\Roaming\xcn.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14848960 B
Java, Flash, Steam htmlcache => 12334318 B
Windows/system/drivers => 7353532 B
Edge => 29184 B
Chrome => 0 B
Firefox => 74880347 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 8258368 B
systemprofile32 => 8258368 B
LocalService => 8265184 B
NetworkService => 8294912 B
Maruška => 58332323 B

RecycleBin => 0 B
EmptyTemp: => 201.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:03:51 ====

[JaRon]

aky je stav po restarte PC

[pavuky]

Omlouvám se, že až teď. Tak zdálo se chvíli, že je vše v pořádku, ale rozběhl se ve správci ,,modern setup host,, vytěžuje proc. na 40-80% a to je špatný. Je to snad proces windowsů, tak nevim co s tím.

[JaRon]

Odinstaluj jeden z dvojice McAfee-Avast
Uvedeny proces patri k WinUpdate, je mozne, ze po nejakom case sa skludni - moze na pozadi
stahovat aktualizacie
Ak problem pretrva, prescanuj PC s AVPTool

[pavuky]

Ano, byla tam fronta aktualizací. Teď je hotovo a vypadá to na klid. Takže díky.

[JaRon]

rado sa stalo