Preventivní kontrola systému "po migraci"

Zpráva

pkeech · #1 Příspěvek od **pkeech** » 07 led 2021 00:01

Dobrý den,
mé Windows jsou 10 Pro, ver. 2004, build 19041.450 a obsahují Windows Feature Experience Pack 120.2212.31.0, dnes jsem je nainstaloval na kompletně nové partitions na M2.SSD disku. Windows před instalací měly tendenci se rozrůstat všemi těmi zálohami v \ProgramData\ a LocalApps. Navic jsem zjistil v nějakém logu z Avast Premium Antiviru, že ve skutečnosti antivir není aktualizovan k dnešnímu dni, ale je to verze někdy z října, kdy jsem nějakým stylem dostal do počítače zavirovaný root k Redmi9 (comprimed bomb) - a od té doby se počítač choval divně. Nejprve mne zaskočilo množství různých síťových protokolů, následně jsem zjistil, že nemám práva upravovat registry, ve Firewallu se objevily divné zápisy. A celkově se počítač občas choval, jako by byl pod vlivem někoho/něčeho. Ale jelikož se nikde nezobrazilo varování, že by byly špatně certifikáty. Tak jsem myslel, že je to jen windows po té aktualizaci, kdy se do něj přidalo množství balastu - typu nevypnutelná Cortana. Ale včera, se počítač jako by kousl a já uviděl, že antivir na mne křičí, ať jej ZAPNU!, což nešlo. Nakonec jsem se dostal k W10Privacy a DoNotSpy a po proběhnutí zmizely všechny problémy....do restartování. Proot jsem udělal čistý reinstal, ale připadá mi, že někde něco zůstalo, třeba Firewall je stále divný - rozdíl je nyní ten, že předtím jsem neměl naprosto práva k jakékoliv změně v něm, nyní klidně můžu mazat pravidla. Taktéž je divná složka Maigrated kde jsou DLL knihovny, které upravují zásadní věci - viz https://www.virustotal.com/gui/file/e73 ... 7d/details.

Můžete prosím mrknout a poradit? A teď i v Addition vidím nepravosti, co to je?
Děkuji

Přikládám FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-01-2021
Ran by White PC (administrator) on WHITEPC (06-01-2021 23:06:25)
Running from C:\Users\TENTO!\Desktop
Loaded Profiles: White PC & TENTO!
Platform: Windows 10 Pro Version 2004 19041.450 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <27>
(Microsoft Windows -> ) C:\Windows\System32\EoAExperiences.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [*Restore] => C:\Windows\System32\rstrui.exe [274432 2020-08-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1881753179-741117816-2687850547-1001\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\White PC\AppData\Local\Microsoft\OneDrive\19.043.0304.0013"
HKU\S-1-5-21-1881753179-741117816-2687850547-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [580096 2020-08-08] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2021-01-06] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-1881753179-741117816-2687850547-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5E332668-FE0E-452E-8EEE-229DFAAE9B12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-06] (Google LLC -> Google LLC)
Task: {97EDCEF1-AC5A-4624-8A94-65396FD15BB1} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1881753179-741117816-2687850547-1002 => C:\Users\White PC\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {ED8BEEB9-080A-448E-8DE7-C450D739584A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-06] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 212.111.1.10
Tcpip\..\Interfaces\{623bf503-3831-41ea-af1a-64cc13591b4d}: [DhcpNameServer] 212.111.1.10
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5097344 2020-08-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-06 23:06 - 2021-01-06 23:06 - 000005371 _____ C:\Users\TENTO!\Desktop\FRST.txt
2021-01-06 23:06 - 2021-01-06 23:06 - 000000000 ____D C:\FRST
2021-01-06 23:04 - 2021-01-06 23:05 - 002282496 _____ (Farbar) C:\Users\TENTO!\Desktop\FRST64.exe
2021-01-06 16:09 - 2021-01-06 16:09 - 000000000 ____D C:\Users\TENTO!\AppData\Local\PeerDistRepub
2021-01-06 15:52 - 2021-01-06 15:52 - 000003418 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-06 15:52 - 2021-01-06 15:52 - 000003294 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-06 15:52 - 2021-01-06 15:52 - 000002319 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-06 15:52 - 2021-01-06 15:52 - 000002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-06 15:52 - 2021-01-06 15:52 - 000000000 ____D C:\Program Files\Google
2021-01-06 15:51 - 2021-01-06 15:54 - 000000000 ____D C:\Users\TENTO!\AppData\Local\Google
2021-01-06 15:51 - 2021-01-06 15:51 - 001321688 _____ (Google LLC) C:\Users\TENTO!\Downloads\ChromeSetup.exe
2021-01-06 15:51 - 2021-01-06 15:51 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-06 15:43 - 2021-01-06 15:43 - 000001539 _____ C:\Users\TENTO!\Desktop\W10Privacy.exe – zástupce.lnk
2021-01-06 15:40 - 2021-01-06 15:40 - 000001162 _____ C:\Windows\system32\config\VSMIDK
2021-01-06 15:20 - 2021-01-06 15:20 - 000000000 ____D C:\Záloha_aktuální
2021-01-06 14:45 - 2021-01-06 14:45 - 000000000 ___HD C:\Users\TENTO!\MicrosoftEdgeBackups
2021-01-06 14:23 - 2021-01-06 14:23 - 000001135 _____ C:\Users\Public\Desktop\DoNotSpy10 2020.lnk
2021-01-06 14:23 - 2021-01-06 14:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoNotSpy10 2020
2021-01-06 14:23 - 2021-01-06 14:23 - 000000000 ____D C:\Program Files (x86)\DoNotSpy10 2020
2021-01-06 14:20 - 2021-01-06 14:20 - 000000000 ____D C:\Users\White PC\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2021-01-06 13:33 - 2021-01-06 13:33 - 000000000 ____D C:\Users\TENTO!\AppData\Local\Comms
2021-01-06 13:30 - 2021-01-06 13:34 - 000000000 ____D C:\Users\White PC\AppData\Roaming\W10Privacy
2021-01-06 13:30 - 2021-01-06 13:30 - 000000000 ____D C:\Users\White PC\AppData\Local\PeerDistRepub
2021-01-06 13:29 - 2020-01-08 13:56 - 000000364 _____ C:\Users\TENTO!\Desktop\W10Privacy.VisualElementsManifest.xml
2021-01-06 13:28 - 2021-01-06 13:29 - 000000000 ____D C:\Program Files (x86)\W10Privacy
2021-01-06 13:28 - 2021-01-06 13:28 - 000001130 _____ C:\Users\White PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\W10Privacy.lnk
2021-01-06 13:27 - 2021-01-06 15:48 - 000000000 ____D C:\Users\TENTO!\AppData\Local\MicrosoftEdge
2021-01-06 13:27 - 2021-01-06 13:27 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1881753179-741117816-2687850547-1002
2021-01-06 13:27 - 2021-01-06 13:27 - 000000000 ___RD C:\Users\TENTO!\OneDrive
2021-01-06 13:26 - 2021-01-06 23:01 - 000000000 ____D C:\Users\TENTO!
2021-01-06 13:26 - 2021-01-06 13:34 - 000000000 ____D C:\Users\TENTO!\AppData\Local\Packages
2021-01-06 13:26 - 2021-01-06 13:27 - 000002364 _____ C:\Users\TENTO!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-06 13:26 - 2021-01-06 13:26 - 000000020 ___SH C:\Users\TENTO!\ntuser.ini
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Šablony
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Soubory cookie
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Poslední
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Okolní tiskárny
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Okolní síť
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Nabídka Start
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Dokumenty
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Documents\Obrázky
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Documents\Hudba
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Documents\Filmy
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\Data aplikací
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 _SHDL C:\Users\TENTO!\AppData\Local\Data aplikací
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 ___RD C:\Users\TENTO!\3D Objects
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 ____D C:\Users\TENTO!\AppData\Roaming\Adobe
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 ____D C:\Users\TENTO!\AppData\Local\VirtualStore
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 ____D C:\Users\TENTO!\AppData\Local\Publishers
2021-01-06 13:26 - 2021-01-06 13:26 - 000000000 ____D C:\Users\TENTO!\AppData\Local\ConnectedDevicesPlatform
2021-01-06 13:23 - 2021-01-06 08:20 - 002595936 _____ (Bernd Schuster) C:\Users\White PC\Desktop\W10Privacy 3.7.0.3 Setup.exe
2021-01-06 13:23 - 2021-01-06 07:49 - 005007780 _____ (pXc-coding.com ) C:\Users\White PC\Desktop\DoNotSpy10-5.2.0.0-Setup.exe
2021-01-06 13:22 - 2021-01-06 14:20 - 000000000 ___RD C:\Users\White PC\OneDrive
2021-01-06 13:22 - 2021-01-06 13:22 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-01-06 13:21 - 2021-01-06 13:21 - 000000000 ____D C:\Users\White PC\AppData\Local\MicrosoftEdge
2021-01-06 13:20 - 2021-01-06 14:21 - 000000000 ____D C:\Users\White PC\AppData\Local\Packages
2021-01-06 13:20 - 2021-01-06 13:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-06 13:20 - 2021-01-06 13:22 - 000000000 ____D C:\ProgramData\Packages
2021-01-06 13:20 - 2021-01-06 13:20 - 000000000 ___RD C:\Users\White PC\3D Objects
2021-01-06 13:20 - 2021-01-06 13:20 - 000000000 ____D C:\Users\White PC\AppData\Roaming\Adobe
2021-01-06 13:20 - 2021-01-06 13:20 - 000000000 ____D C:\Users\White PC\AppData\Local\VirtualStore
2021-01-06 13:20 - 2021-01-06 13:20 - 000000000 ____D C:\Users\White PC\AppData\Local\Publishers
2021-01-06 13:20 - 2021-01-06 13:20 - 000000000 ____D C:\Users\White PC\AppData\Local\ConnectedDevicesPlatform
2021-01-06 13:19 - 2021-01-06 13:34 - 000000000 ____D C:\Users\White PC
2021-01-06 13:19 - 2021-01-06 13:19 - 000000020 ___SH C:\Users\White PC\ntuser.ini
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Šablony
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Soubory cookie
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Poslední
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Okolní tiskárny
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Okolní síť
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Nabídka Start
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Dokumenty
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Documents\Obrázky
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Documents\Hudba
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Documents\Filmy
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\Data aplikací
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-01-06 13:19 - 2021-01-06 13:19 - 000000000 _SHDL C:\Users\White PC\AppData\Local\Data aplikací
2021-01-06 13:16 - 2021-01-06 13:39 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-06 13:14 - 2021-01-06 13:14 - 000000000 ____D C:\Windows\CSC
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Public\Documents\Obrázky
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Public\Documents\Hudba
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Public\Documents\Filmy
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Šablony
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Poslední
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Okolní síť
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Dokumenty
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Documents\Obrázky
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Documents\Hudba
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Documents\Filmy
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\Data aplikací
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Šablony
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Soubory cookie
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Poslední
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Okolní tiskárny
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Okolní síť
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Nabídka Start
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Dokumenty
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Documents\Obrázky
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Documents\Hudba
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Documents\Filmy
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\Data aplikací
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\ProgramData\Šablony
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\ProgramData\Plocha
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\ProgramData\Dokumenty
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\ProgramData\Data aplikací
2021-01-06 13:12 - 2021-01-06 13:12 - 000000000 _SHDL C:\Documents and Settings
2021-01-06 13:11 - 2021-01-06 23:01 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-06 13:11 - 2021-01-06 23:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-06 13:11 - 2021-01-06 16:22 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-06 13:11 - 2021-01-06 15:23 - 000000000 ____D C:\Windows\Panther
2021-01-06 13:11 - 2021-01-06 13:11 - 000258096 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-06 13:11 - 2021-01-06 13:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2021-01-06 13:11 - 2021-01-06 13:11 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-01-06 13:11 - 2021-01-06 13:11 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-06 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-06 16:23 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-01-06 16:09 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2021-01-06 15:46 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-01-06 15:09 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-01-06 14:41 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-01-06 14:21 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-01-06 13:39 - 2019-12-07 15:43 - 000682184 _____ C:\Windows\system32\perfh005.dat
2021-01-06 13:39 - 2019-12-07 15:43 - 000137000 _____ C:\Windows\system32\perfc005.dat
2021-01-06 13:32 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-06 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\registration
2021-01-06 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-01-06 13:19 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2021-01-06 13:14 - 2019-12-07 15:45 - 000000000 ____D C:\Windows\system32\FxsTmp
2021-01-06 13:12 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows NT
2021-01-06 13:11 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-06 13:11 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-01-06 13:11 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\appcompat
2021-01-06 13:11 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-01-06 13:10 - 2019-12-07 10:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*][*]

Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by White PC (06-01-2021 23:06:53)
Running from C:\Users\TENTO!\Desktop
Windows 10 Pro Version 2004 19041.450 (X64) (2021-01-06 12:12:45)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1881753179-741117816-2687850547-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1881753179-741117816-2687850547-503 - Limited - Disabled)
Guest (S-1-5-21-1881753179-741117816-2687850547-501 - Limited - Disabled)
TENTO! (S-1-5-21-1881753179-741117816-2687850547-1002 - Limited - Enabled) => C:\Users\TENTO!
WDAGUtilityAccount (S-1-5-21-1881753179-741117816-2687850547-504 - Limited - Disabled)
White PC (S-1-5-21-1881753179-741117816-2687850547-1001 - Administrator - Enabled) => C:\Users\White PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

DoNotSpy10 2020 (HKLM-x32\...\{32D066BD-F94C-4948-8FA8-84653EE9617E}_is1) (Version: 5.2.0.0 - pXc-coding.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1881753179-741117816-2687850547-1002\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
W10Privacy (HKLM-x32\...\W10Privacy) (Version: 3.7.0.3 - Bernd Schuster)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1881753179-741117816-2687850547-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\White PC\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1881753179-741117816-2687850547-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\White PC\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1881753179-741117816-2687850547-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\White PC\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1_S-1-5-21-1881753179-741117816-2687850547-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4_S-1-5-21-1881753179-741117816-2687850547-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers5_S-1-5-21-1881753179-741117816-2687850547-1002: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1881753179-741117816-2687850547-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-1881753179-741117816-2687850547-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2021-01-06 23:06 - 000000822 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1881753179-741117816-2687850547-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1881753179-741117816-2687850547-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\TENTO!\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 212.111.1.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1881753179-741117816-2687850547-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{52B1A0C3-428C-47FF-ABF5-2C47F1B315BA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

06-01-2021 15:31:39 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Zařízení PCI
Description: Zařízení PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel(R) Dual Band Wireless-AC 3168
Description: Intel(R) Dual Band Wireless-AC 3168
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Zařízení PCI
Description: Zařízení PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Zařízení PCI
Description: Zařízení PCI
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič PCI pro šifrování a dešifrování
Description: Řadič PCI pro šifrování a dešifrování
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (01/06/2021 03:46:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x800704CF
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (01/06/2021 03:41:20 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x800704CF
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/06/2021 01:33:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x800704CF
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/06/2021 01:26:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x800704CF
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (01/06/2021 01:21:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x800704CF
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (01/06/2021 01:16:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x800704CF
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent

Error: (01/06/2021 01:14:45 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Windows Defender na SECURITY_PRODUCT_STATE_ON došlo k chybě.

Error: (01/06/2021 01:12:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -1409.

System errors:
=============
Error: (01/06/2021 04:22:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:19:09, ‎06.‎01.‎2021) bylo neočekávané.

Error: (01/06/2021 04:18:29 PM) (Source: DCOM) (EventID: 10010) (User: WHITEPC)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/06/2021 04:10:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/06/2021 04:10:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/06/2021 04:10:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/06/2021 04:10:09 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/06/2021 04:10:06 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (01/06/2021 04:10:06 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Windows Defender:
===================================
Date: 2021-01-06 23:06:51.8480000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/FusionCore
ID: 229442
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\White PC\Desktop\DoNotSpy10-5.2.0.0-Setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: WHITEPC\White PC
Název procesu: C:\Users\TENTO!\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.329.1742.0, AS: 1.329.1742.0, NIS: 1.329.1742.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-06 23:06:29.7540000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: SettingsModifier:Win32/HostsFileHijack
ID: 265754
Závažnost: Vážné
Kategorie: Program měnící nastavení
Cesta: file:_C:\Windows\System32\drivers\etc\hosts
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: WHITEPC\White PC
Název procesu: C:\Users\TENTO!\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.329.1742.0, AS: 1.329.1742.0, NIS: 1.329.1742.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.00 05/14/2020
Motherboard: ASRock B550 Phantom Gaming 4/ac
Processor: AMD Ryzen 3 3100 4-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 16310.18 MB
Available physical RAM: 13072.31 MB
Total Virtual: 19254.18 MB
Available Virtual: 16026.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.33 GB) (Free:455.34 GB) NTFS

\\?\Volume{01d96cd2-fa38-49b4-9e06-39a65c340f13}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{cef544d6-444a-4903-8b1a-4fbf82a4c554}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

#2 Příspěvek od **JaRon** » 08 led 2021 08:58

ahoj,
1. prescanuj PC s AVPTool - ak nieco najde ZMAZ - daj info
2. pozri do spravcu zariadeni - ak su tam nejake vykricniky apod. doinstaluj ovladace

VIRY.CZ

Preventivní kontrola systému "po migraci"

Preventivní kontrola systému "po migraci"

Re: Preventivní kontrola systému "po migraci"