Prosba o pomoc - upozornění na trojské koně na ploše

[bluefilip]

Dobrý den,

maminka slečny asi klikala, kam neměla a máme momentálně problém. Při zapnutí počítače vysočí okna "Váš počítač je ohrožen", jako kdyby to bylo upozornění z Google Chrome (viz obrázek).



Podle všeho snad ani nebyl původně nainstalován antivirus. Zkoušel jsem projet Avastem a Malewarebytes, ale nic nenašli. Dál už radši nesahám a prosím o pomoc.

Log z FRST níže:


==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2917632 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [116960 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MG2400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBW.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2400 series: C:\WINDOWS\system32\CNMLMBW.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-17] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2019-11-10]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {089BE9A5-4BD2-4736-84CF-5D08DA9A4943} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4682976 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
Task: {2FFC20E1-78BE-437D-87BB-B5CA5915C075} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-03-19] (Avast Software s.r.o. -> Avast Software)
Task: {3090BCA4-D86E-44FA-A12A-F85463DE3679} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3139625046-2202026286-576748679-1001 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {38429A7A-889A-4926-962C-57A0FC94E93E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {423E34C1-3A67-4380-9696-7F425F4D6D8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
Task: {44183ADE-44F7-444A-B918-607FF4B089D6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1511320 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {81AA186E-6584-4C4C-A5E5-8884E8FD58CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4241B5D-866A-45F9-BF52-2300503410AB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B63C24E2-7871-44C8-945A-814E7B1F552B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
Task: {DC0AA9DA-05BA-493C-8D52-BF87B717BFD8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 195.146.111.98 81.19.33.2
Tcpip\..\Interfaces\{0cb2fc0c-0582-4505-a746-318ca22cb4ca}: [DhcpNameServer] 195.146.111.98 81.19.33.2
Tcpip\..\Interfaces\{7659c53c-023a-4809-b07b-0294c4051a98}: [DhcpNameServer] 195.146.111.98 81.19.33.2

Edge:
=======
Edge Profile: C:\Users\IVA\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-19]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default [2021-03-19]
CHR Notifications: Default -> hxxps://tirez.ru
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-09-02]
CHR Extension: (Dokumenty) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-09-02]
CHR Extension: (Disk Google) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23]
CHR Extension: (YouTube) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-02]
CHR Extension: (Tabulky) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-09-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-12]
CHR Profile: C:\Users\IVA\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7878680 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621608 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [352480 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56904 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
S4 DialogBlockingService; C:\WINDOWS\System32\DialogBlockingService.dll [76288 2021-03-09] (Microsoft Windows -> Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12727576 2021-02-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [101152 2017-06-01] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35648 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208024 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [357320 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [249304 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [98760 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41272 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175248 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521336 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107784 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83360 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850112 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465160 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215328 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-03-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
S3 pccsmcfd; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [26112 2012-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [420072 2021-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-19 13:07 - 2021-03-19 13:08 - 000012841 _____ C:\Users\IVA\Desktop\FRST.txt
2021-03-19 13:06 - 2021-03-19 13:08 - 000000000 ____D C:\FRST
2021-03-19 13:05 - 2021-03-19 13:05 - 002300928 _____ (Farbar) C:\Users\IVA\Desktop\FRST64.exe
2021-03-19 12:51 - 2021-03-19 12:51 - 000000000 ____D C:\Users\IVA\AppData\Roaming\Avast Software
2021-03-19 12:51 - 2021-03-19 12:51 - 000000000 ____D C:\Users\IVA\AppData\Local\CEF
2021-03-19 12:50 - 2021-03-19 12:50 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-03-19 12:49 - 2021-03-19 12:49 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-03-19 12:49 - 2021-03-19 12:49 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-03-19 12:49 - 2021-03-19 12:49 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-03-19 12:48 - 2021-03-19 12:48 - 000000000 ____D C:\Users\IVA\AppData\Local\mbam
2021-03-19 12:47 - 2021-03-19 12:47 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-03-19 12:47 - 2021-03-19 12:47 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-19 12:46 - 2021-03-19 12:46 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-19 12:46 - 2021-03-19 12:45 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-03-19 12:46 - 2021-03-19 12:45 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-03-19 12:45 - 2021-03-19 12:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-03-19 12:45 - 2021-03-19 12:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-19 12:44 - 2021-03-19 12:45 - 000465160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-03-19 12:44 - 2021-03-19 12:45 - 000175248 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000521336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-03-19 12:44 - 2021-03-19 12:44 - 000326976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000249304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000215328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000107784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000098760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000083360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000041272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000016832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-03-19 12:44 - 2021-03-19 12:44 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-03-19 12:44 - 2021-03-19 12:43 - 000850112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-03-19 12:44 - 2021-03-19 12:43 - 000357320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-03-19 12:44 - 2021-03-19 12:43 - 000208024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-03-19 12:44 - 2021-03-19 12:43 - 000035648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-03-19 12:43 - 2021-03-19 12:43 - 002084016 _____ (Malwarebytes) C:\Users\IVA\Downloads\MBSetup.exe
2021-03-19 12:43 - 2021-03-19 12:43 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-19 12:42 - 2021-03-19 12:51 - 000000000 ____D C:\ProgramData\Avast Software
2021-03-19 12:42 - 2021-03-19 12:42 - 000000000 ____D C:\Program Files\Avast Software
2021-03-19 12:41 - 2021-03-19 12:42 - 000220392 _____ (AVAST Software) C:\Users\IVA\Downloads\avast_free_antivirus_setup_online (1).exe
2021-03-19 12:41 - 2021-03-19 12:41 - 000220392 _____ (AVAST Software) C:\Users\IVA\Downloads\avast_free_antivirus_setup_online.exe
2021-03-19 12:35 - 2021-03-19 12:38 - 000000000 ____D C:\Users\IVA\AppData\Local\TeamViewer
2021-03-19 09:04 - 2021-03-19 12:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-03-19 09:04 - 2021-03-19 12:35 - 000000000 ____D C:\Users\IVA\AppData\Roaming\TeamViewer
2021-03-19 09:04 - 2021-03-19 09:04 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-03-19 09:02 - 2021-03-19 09:02 - 029325064 _____ (TeamViewer Germany GmbH) C:\Users\IVA\Desktop\TeamViewer_Setup.exe
2021-03-09 23:28 - 2021-03-09 23:28 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-09 23:28 - 2021-03-09 23:28 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-09 23:28 - 2021-03-09 23:28 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-09 23:28 - 2021-03-09 23:28 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-09 23:28 - 2021-03-09 23:28 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-09 23:27 - 2021-03-09 23:27 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-09 23:27 - 2021-03-09 23:27 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-09 23:27 - 2021-03-09 23:27 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-09 23:27 - 2021-03-09 23:27 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-09 23:27 - 2021-03-09 23:27 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-09 23:27 - 2021-03-09 23:27 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-09 23:26 - 2021-03-09 23:26 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-19 12:58 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-19 12:46 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-19 12:33 - 2020-11-16 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-18 22:38 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-18 22:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-15 14:46 - 2020-06-10 18:39 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-15 00:28 - 2019-09-02 20:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-12 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-12 17:19 - 2019-09-02 21:18 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-10 04:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-10 00:21 - 2020-11-16 16:24 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-10 00:21 - 2019-12-07 15:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-03-10 00:21 - 2019-12-07 15:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-03-10 00:17 - 2020-11-16 16:09 - 000437912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-10 00:16 - 2020-11-16 16:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-10 00:16 - 2020-11-16 16:09 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-10 00:15 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-10 00:13 - 2020-11-16 16:14 - 000000000 ____D C:\Users\IVA
2021-03-10 00:13 - 2019-12-07 15:47 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-10 00:13 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-09 23:34 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-09 23:27 - 2019-09-02 18:53 - 000413702 __RSH C:\bootmgr
2021-03-09 22:46 - 2019-09-02 18:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-09 22:43 - 2019-09-02 18:54 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-09 17:16 - 2020-11-16 16:34 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3139625046-2202026286-576748679-1001
2021-03-09 17:16 - 2020-11-16 16:14 - 000002355 _____ C:\Users\IVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-09 17:16 - 2019-09-02 18:06 - 000000000 ___RD C:\Users\IVA\OneDrive
2021-03-05 09:14 - 2019-09-02 18:45 - 000000000 ____D C:\Users\IVA\Documents\Chalupa mapa, jízdní řád atd
2021-03-05 09:12 - 2020-07-29 17:26 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-03-05 03:39 - 2020-11-30 06:22 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6bc2c2487f253
2021-03-05 03:39 - 2020-11-16 16:34 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 19:37 - 2019-09-02 18:04 - 000000000 ____D C:\Users\IVA\AppData\Local\Packages
2021-03-03 09:35 - 2019-09-02 18:45 - 000000000 ____D C:\Users\IVA\Documents\Opel Vectra
2021-03-03 09:34 - 2019-09-02 19:10 - 000000000 ____D C:\Users\IVA\Documents\Péťa škola a RŮZNÉ
2021-03-01 17:38 - 2019-09-02 18:45 - 000000000 ____D C:\Users\IVA\Documents\Meditace
2021-02-27 09:35 - 2019-09-02 18:37 - 000000000 ____D C:\Users\IVA\Documents\Babička a děda
2021-02-20 11:22 - 2020-09-30 15:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Log z Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by IVA (19-03-2021 13:11:26)
Running from C:\Users\IVA\Desktop
Windows 10 Pro Version 2004 19041.867 (X64) (2020-11-16 15:35:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3139625046-2202026286-576748679-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3139625046-2202026286-576748679-503 - Limited - Disabled)
Guest (S-1-5-21-3139625046-2202026286-576748679-501 - Limited - Disabled)
IVA (S-1-5-21-3139625046-2202026286-576748679-1001 - Administrator - Enabled) => C:\Users\IVA
WDAGUtilityAccount (S-1-5-21-3139625046-2202026286-576748679-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.1.2449 - Avast Software)
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.03 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.13801.20294 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.57 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3139625046-2202026286-576748679-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Phone Nokia USB Driver (HKLM-x32\...\{7F1C627F-7F07-4B51-B50F-FF8C64881D6E}) (Version: 1.1.0 - Mobile)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6070 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG2400 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2400 series) (Version: - ‭Canon Inc.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.15.5 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.2.36.0_x86__kgqvnymyfvs32 [2021-02-19] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.53.5.0_x86__kgqvnymyfvs32 [2021-02-28] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1980.2.0_x86__kgqvnymyfvs32 [2021-03-18] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-05] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-06] (Microsoft Corporation)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.40.4001.0_x86__ytsefhwckbdv6 [2021-03-05] (G5 Entertainment AB)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-28] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.1.0_x64__nfy108tqq3p12 [2021-02-21] (Thumbmunkeys Ltd)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-09-02] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\IVA\Documents\OSTATNÍ\nemazat, systém\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader
ShortcutWithArgument: C:\Users\IVA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-09-02 18:38 - 2001-11-08 17:20 - 000019968 _____ () [File not signed] C:\games\Kyodai Mahjongg\ogg.dll
2019-09-02 18:38 - 2001-11-08 17:20 - 000046080 _____ () [File not signed] C:\games\Kyodai Mahjongg\vorbis.dll
2019-09-02 18:38 - 2001-11-08 17:20 - 000009216 _____ () [File not signed] C:\games\Kyodai Mahjongg\vorbisfile.dll
2020-07-29 17:25 - 2017-07-05 12:43 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2020-07-29 17:25 - 2017-07-05 12:49 - 000593920 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2019-11-10 11:49 - 2015-02-27 10:35 - 000489984 _____ (Newtonsoft) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\Newtonsoft.Json.dll
2019-11-10 11:49 - 2017-06-01 17:31 - 000047104 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\MobileGo\COM.Net.dll
2019-11-10 11:49 - 2017-03-20 16:13 - 000087552 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCollect.dll
2019-11-10 11:49 - 2017-03-20 16:13 - 000197632 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3139625046-2202026286-576748679-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 195.146.111.98 - 81.19.33.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FECB3DD2-3ACC-4C4A-9AB5-5F05B297D820}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{133912DA-DB99-4AD6-875B-FD51CFFEE084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{92AEE5AF-6C37-41E6-AA22-6188D8EBFFB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AC0B79BF-1D02-416C-9563-4A1436E217EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{73266417-E2EA-437C-939A-32400ADA43F6}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File
FirewallRules: [TCP Query User{884F2387-AAA5-484B-A94B-AA47C4D643BD}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File
FirewallRules: [UDP Query User{609B76BC-8A1C-4606-B964-BE35406A45A9}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [TCP Query User{EF9DAA01-DDD0-4B90-AF77-1B8285D9DED3}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{4ACD3EB8-3012-498A-8C85-07B8796DFDA1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{65727CF9-5918-499E-B537-DBC2AC7F66A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A13CD858-8D57-4A62-A764-EBAAD72E35AF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3EE6AFF8-88EA-43C1-94B4-3A61C167FABE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{002671A6-7FF5-41D7-A80E-1E2DEEC5583B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0EA0BFFC-030A-4779-9775-22A67D4CEB7A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{045881EE-23BA-4C13-A641-07BA49F96439}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.57\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4ABE7552-42D5-486F-9262-1FD7D7DF3520}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A83F0EDC-9BC0-4532-9B4E-0F0BA831A3B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A30A784E-45C0-48DF-831C-4A09C50DD234}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8AB9BDA4-B78C-42E8-AC58-E21A38E6D1E7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

26-02-2021 17:42:59 Naplánovaný kontrolní bod
07-03-2021 18:35:08 Naplánovaný kontrolní bod
09-03-2021 22:54:34 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/17/2021 04:24:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: kmj.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Název chybujícího modulu: kmj.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Kód výjimky: 0xc0000005
Posun chyby: 0x00003f5a
ID chybujícího procesu: 0x16d8
Čas spuštění chybující aplikace: 0x01d71b3d93772393
Cesta k chybující aplikaci: C:\games\Kyodai Mahjongg\kmj.exe
Cesta k chybujícímu modulu: C:\games\Kyodai Mahjongg\kmj.exe
ID zprávy: a9163c24-0479-4d91-aa83-a34709391309
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/16/2021 05:11:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/14/2021 05:11:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/14/2021 01:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: kmj.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Název chybujícího modulu: kmj.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Kód výjimky: 0xc0000005
Posun chyby: 0x00001c69
ID chybujícího procesu: 0x1934
Čas spuštění chybující aplikace: 0x01d718cab908e1f2
Cesta k chybující aplikaci: C:\games\Kyodai Mahjongg\kmj.exe
Cesta k chybujícímu modulu: C:\games\Kyodai Mahjongg\kmj.exe
ID zprávy: 46496be2-f3a5-47e7-af99-25700102d30b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/12/2021 05:11:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/12/2021 06:22:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0x0e9c5eae
Kód výjimky: 0xc06d007e
Posun chyby: 0x000000000002d759
ID chybujícího procesu: 0xe04
Čas spuštění chybující aplikace: 0x01d716ffc3aa9cbf
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 0a0b4e6b-d02e-4a8e-801c-494c530587f6
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/11/2021 05:55:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0x0e9c5eae
Kód výjimky: 0xc06d007e
Posun chyby: 0x000000000002d759
ID chybujícího procesu: 0x3110
Čas spuštění chybující aplikace: 0x01d71632bc69ae6a
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: f0cd1ce0-1038-489d-8c15-179409af635d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/10/2021 05:11:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (02/16/2021 05:12:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:17:06, ‎14.‎02.‎2021) bylo neočekávané.

Error: (02/14/2021 04:57:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:53:49, ‎14.‎02.‎2021) bylo neočekávané.

Error: (02/14/2021 04:53:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:20:17, ‎14.‎02.‎2021) bylo neočekávané.

Error: (02/12/2021 02:12:18 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-7HD852R)
Description: Nelze spustit server DCOM: {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} jako Není k dispozici/Není k dispozici. Došlo k chybě:
3236560897
při provádění příkazu:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (02/08/2021 01:18:50 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (01/31/2021 01:30:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (12:00:23, ‎31.‎01.‎2021) bylo neočekávané.

Error: (12/23/2020 12:15:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (23:48:45, ‎22.‎12.‎2020) bylo neočekávané.

Error: (12/22/2020 11:48:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (23:47:08, ‎22.‎12.‎2020) bylo neočekávané.


Windows Defender:
================
Date: 2021-03-14 10:16:35
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D6E7554B-2543-40DE-90CC-1C3624FBBB55}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-13 10:02:51
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CCE589EB-8026-4C8C-BCEC-17A213D65EF4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-12 10:16:33
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {98899991-DA5D-413D-929A-6B2FF7E20371}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 09:51:36
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {083BA564-4D5F-4E44-A597-3DC684AC70B4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-09 10:34:30
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6600C764-BEC5-42E0-A094-18B6B891B385}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-03-19 13:05:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume1\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A30 06/28/2018
Motherboard: Dell Inc. 051FJ8
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 9100.49 MB
Available physical RAM: 4096.11 MB
Total Virtual: 10508.49 MB
Available Virtual: 5009.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.83 GB) (Free:365.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]

\\?\Volume{36f61e74-0000-0000-0000-005074000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 36F61E74)
Partition 1: (Active) - (Size=440.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=522 MB) - (Type=27)

==================== End of Addition.txt =======================

[Rudy]

Zdravím!
Některé antiviry jsou paranoidní a vidí malware i v tajových utilitách, jako je FRST, nebo TeamViewer. Jsou to utility, které sice mažou soubory a klíče ze systému (FRST), nebo umožní se někam připoji (nebo někomu připojit na váš PC - TeamViewer). My tu FRST běžně užíváme a malware to ve skutečnosti není. V takových případech je nutné AV vypnout. Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[bluefilip]

Dobrý den,

děkuji za rychlou odpověď. Na sken adwcleanerem jsme vypli antivirus i TeamViewer, První sken nic nenašel, takže jsme ještě zkusili restartvat PC a provedli druhý sken a následný clean.

Sken 1:

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-19-2021
# Duration: 00:00:19
# OS: Windows 10 Pro
# Scanned: 3382
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Sken 2:

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-19-2021
# Duration: 00:00:46
# OS: Windows 10 Pro
# Scanned: 3643
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1404 octets] - [19/03/2021 14:26:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Clean po Skenu 2:

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-19-2021
# Duration: 00:00:02
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1404 octets] - [19/03/2021 14:26:24]
AdwCleaner[S01].txt - [1465 octets] - [19/03/2021 14:34:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Rudy]

Toto je OK. Dočistíme zbytečnosti. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {423E34C1-3A67-4380-9696-7F425F4D6D8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
Task: {B63C24E2-7871-44C8-945A-814E7B1F552B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
CHR Notifications: Default -> hxxps://tirez.ru
FirewallRules: [{FECB3DD2-3ACC-4C4A-9AB5-5F05B297D820}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{133912DA-DB99-4AD6-875B-FD51CFFEE084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{92AEE5AF-6C37-41E6-AA22-6188D8EBFFB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AC0B79BF-1D02-416C-9563-4A1436E217EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{73266417-E2EA-437C-939A-32400ADA43F6}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File
FirewallRules: [TCP Query User{884F2387-AAA5-484B-A94B-AA47C4D643BD}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

VC systému jsou 2 funkční antiviry (Avast a Malwarebytes). Jeden z nich odinstalujte, dochází k softwarové kolizi.

[bluefilip]

Malwarebytes odinstalovány, na fix jsem Avastu vypnul štíty. Fixlog níže:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by IVA (19-03-2021 16:11:50) Run:1
Running from C:\Users\IVA\Desktop
Loaded Profiles: IVA
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {423E34C1-3A67-4380-9696-7F425F4D6D8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
Task: {B63C24E2-7871-44C8-945A-814E7B1F552B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
CHR Notifications: Default -> hxxps://tirez.ru
FirewallRules: [{FECB3DD2-3ACC-4C4A-9AB5-5F05B297D820}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{133912DA-DB99-4AD6-875B-FD51CFFEE084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{92AEE5AF-6C37-41E6-AA22-6188D8EBFFB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AC0B79BF-1D02-416C-9563-4A1436E217EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{73266417-E2EA-437C-939A-32400ADA43F6}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File
FirewallRules: [TCP Query User{884F2387-AAA5-484B-A94B-AA47C4D643BD}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{423E34C1-3A67-4380-9696-7F425F4D6D8E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{423E34C1-3A67-4380-9696-7F425F4D6D8E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B63C24E2-7871-44C8-945A-814E7B1F552B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B63C24E2-7871-44C8-945A-814E7B1F552B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"Chrome Notifications" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FECB3DD2-3ACC-4C4A-9AB5-5F05B297D820}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{133912DA-DB99-4AD6-875B-FD51CFFEE084}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92AEE5AF-6C37-41E6-AA22-6188D8EBFFB1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC0B79BF-1D02-416C-9563-4A1436E217EB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{73266417-E2EA-437C-939A-32400ADA43F6}C:\program files (x86)\wondershare\mobilego\mobilego.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{884F2387-AAA5-484B-A94B-AA47C4D643BD}C:\program files (x86)\wondershare\mobilego\mobilego.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95641607 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 20800500 B
Edge => 2138102 B
Chrome => 611458780 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15958 B
NetworkService => 408486 B
IVA => 190069222 B

RecycleBin => 897002614 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:14:44 ====

[Rudy]

OK, smazáno. Nastala nějaká změna?

[bluefilip]

Okna jsou pryč, tak to vypadá, že je snad všechno v pořádku. Mockrát vám děkuji za pomoc!

[Rudy]

Rádo se stalo!