Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Objevil se zde vir Police ČR - pornografie

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Objevil se zde vir Police ČR - pornografie

#1 Příspěvek od dinospages »

Dobrý den stará klasika se objevila prý na tomto PC, nyní po zapnutí nic neeviduji.

prosím o kontrolu logu z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-05-2023 01
Ran by tonar (administrator) on DESKTOP-5USLTSD (Dell Inc. OptiPlex 780) (16-05-2023 15:59:04)
Running from C:\Users\tonar\OneDrive\Plocha\FRST64.exe
Loaded Profiles: tonar
Platform: Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) Language: Čeština (Česko)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21434.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21434.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21434.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\tonar\AppData\Local\Microsoft\OneDrive\23.086.0423.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2212.31.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [220056 2023-05-09] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3396000467-1152395305-1387035803-1001\...\Run: [3cca1bb530f30c1edd994819dca34c2c] => "C:\Program Files\DVDFab\ExplorerFab\liveUpdate.exe" --run_mode=background_check (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\113.0.5672.93\Installer\chrmstp.exe [2023-05-11] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\112.0.21002.138\Installer\chrmstp.exe [2023-05-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {077B462F-B771-4518-9C1B-CBED8F1F8AF4} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-15] (Avast Software s.r.o. -> AVAST Software)
Task: {09468A3F-6A65-47DF-9C1B-CF0D99CBBD96} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {576712B2-8B24-40D8-9213-DD4FA0291557} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-15] (Avast Software s.r.o. -> AVAST Software)
Task: {A5F7D235-8558-4495-9E71-7B21DEEA1609} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [3350856 2023-04-26] (Avast Software s.r.o. -> AVAST Software)
Task: {B8F193E9-F0E9-4E0C-93A3-1AB527487287} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4884888 2023-05-09] (Avast Software s.r.o. -> AVAST Software)
Task: {C47D7DDA-5533-4819-9671-854B69DEF00B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2135448 2023-04-14] (Avast Software s.r.o. -> Avast Software)
Task: {CB8BCF47-EC31-42D2-9553-D280BE9DD7BE} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [3350856 2023-04-26] (Avast Software s.r.o. -> AVAST Software)
Task: {D122E6E8-C5CE-420E-B80E-07DBD8492D38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-10] (Google LLC -> Google LLC)
Task: {D8EC02BA-6B32-4EB2-ADCF-F67118068B80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-10] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{074423be-0b03-4d6f-a77d-108b397e1c7d}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\tonar\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-10]

FireFox:
========
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-15] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2022-12-15] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2023-05-04] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\tonar\AppData\Local\Google\Chrome\User Data\Default [2023-05-16]
CHR Notifications: Default -> hxxps://de.aliexpress.com; hxxps://it.aliexpress.com; hxxps://www.4camping.cz
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (Dokumenty Google offline) - C:\Users\tonar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-21]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\tonar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mceplokdebjaneacdmhgacicphdkenab [2022-12-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\tonar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\tonar\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-11]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8821656 2023-05-09] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [584600 2023-05-09] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [585112 2023-05-09] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2022-12-15] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\112.0.21002.138\elevation_service.exe [1805376 2023-04-26] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-25] (Avast Software s.r.o. -> AVAST Software)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31360 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235880 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391800 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297824 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95904 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39592 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [270472 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [556104 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105232 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80408 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [942936 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [703280 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212672 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319552 2023-05-09] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 vdrive; \SystemRoot\System32\drivers\vdrive.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-05-16 16:00 - 2023-05-16 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2023-05-16 16:00 - 2023-05-16 16:00 - 000000000 ____D C:\ProgramData\AnyDesk
2023-05-16 16:00 - 2023-05-16 16:00 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2023-05-16 15:59 - 2023-05-16 16:00 - 000000000 ____D C:\Users\tonar\AppData\Roaming\AnyDesk
2023-05-16 15:59 - 2023-05-16 15:59 - 004038720 _____ (AnyDesk Software GmbH) C:\Users\tonar\Downloads\AnyDesk.exe
2023-05-16 15:59 - 2023-05-16 15:59 - 000394240 _____ (Google Inc.) C:\Users\tonar\Downloads\gcapi.dll
2023-05-16 15:58 - 2023-05-16 15:59 - 000000000 ____D C:\FRST
2023-05-12 15:07 - 2023-05-12 15:07 - 000504666 _____ C:\Users\tonar\Downloads\7312229039.pdf
2023-05-12 08:47 - 2023-05-12 08:47 - 000000000 ___HD C:\$WinREAgent
2023-05-09 21:59 - 2023-05-09 21:59 - 000313240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-05-05 09:16 - 2023-05-05 09:16 - 000203725 _____ C:\Users\tonar\Downloads\Ceník pro Osobní bankovnictví.pdf
2023-05-05 09:10 - 2023-05-05 09:10 - 000060384 _____ C:\Users\tonar\Downloads\Informace k uctu.pdf
2023-04-30 09:45 - 2023-04-30 09:45 - 000000000 ____D C:\Users\tonar\AppData\LocalLow\Temp
2023-04-25 16:00 - 2023-05-12 09:10 - 000000000 ____D C:\Program Files\Mozilla Thunderbird

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-05-16 16:00 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-05-16 15:58 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-05-16 15:47 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-05-16 15:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-05-16 15:46 - 2020-03-10 07:39 - 000000000 ____D C:\Program Files (x86)\Google
2023-05-16 15:46 - 2020-03-10 07:37 - 000000000 ___RD C:\Users\tonar\OneDrive
2023-05-16 12:39 - 2021-12-11 12:20 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3396000467-1152395305-1387035803-1001
2023-05-16 12:39 - 2020-12-18 01:21 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-05-16 12:39 - 2020-12-18 01:21 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-05-16 12:39 - 2020-12-18 01:21 - 000003410 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-05-16 12:39 - 2020-12-18 01:21 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-05-16 12:39 - 2020-12-18 01:21 - 000003186 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-05-16 12:39 - 2020-12-18 01:21 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3396000467-1152395305-1387035803-1001
2023-05-16 12:39 - 2020-12-18 01:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-05-16 12:19 - 2020-03-10 07:44 - 000000000 ____D C:\Users\tonar\AppData\LocalLow\Mozilla
2023-05-16 12:13 - 2022-10-12 15:41 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-05-15 21:33 - 2020-03-10 07:49 - 000000000 ____D C:\Users\tonar\AppData\Roaming\NAPS2
2023-05-15 09:57 - 2020-03-10 08:13 - 000000000 ____D C:\Users\tonar\AppData\Roaming\Microsoft\Word
2023-05-15 09:11 - 2020-12-18 01:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-05-13 12:41 - 2022-10-12 18:34 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2023-05-13 07:44 - 2020-12-18 01:21 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-05-12 13:45 - 2020-12-18 01:21 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-05-12 13:45 - 2019-12-07 16:41 - 000682184 _____ C:\WINDOWS\system32\perfh005.dat
2023-05-12 13:45 - 2019-12-07 16:41 - 000137000 _____ C:\WINDOWS\system32\perfc005.dat
2023-05-12 13:38 - 2020-12-18 01:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-05-12 13:38 - 2020-12-18 01:13 - 000008192 ___SH C:\DumpStack.log.tmp
2023-05-12 13:38 - 2020-03-10 07:49 - 000000000 ____D C:\ProgramData\AVAST Software
2023-05-12 09:11 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-05-12 09:10 - 2020-12-18 01:13 - 000352448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-05-12 09:10 - 2020-03-10 07:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-05-12 09:10 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2023-05-12 09:10 - 2019-12-07 16:41 - 000000000 ____D C:\WINDOWS\system32\cs
2023-05-12 09:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-05-12 09:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-05-12 09:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-05-12 09:09 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-05-12 09:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-05-12 09:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-05-12 09:01 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-05-12 08:57 - 2020-12-18 01:18 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-05-12 08:47 - 2020-09-30 11:25 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-05-12 08:05 - 2020-06-13 18:57 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-05-12 08:05 - 2020-03-11 00:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-05-12 08:02 - 2020-03-11 00:32 - 159583304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-05-11 07:15 - 2020-03-10 07:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-05-10 22:49 - 2020-12-18 01:14 - 000002381 _____ C:\Users\tonar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-05-09 21:59 - 2020-10-14 16:53 - 000270472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2023-05-09 21:59 - 2020-04-15 11:20 - 000556104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000942936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000703280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000391800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000319552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000297824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000235880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000105232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000095904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000080408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000039592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2023-05-09 21:59 - 2020-03-10 07:50 - 000031360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2023-05-09 21:59 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-05-04 19:57 - 2022-12-15 12:37 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2023-04-26 15:12 - 2020-03-11 12:38 - 000000000 ____D C:\Users\tonar\AppData\Roaming\Microsoft\Excel
2023-04-25 17:59 - 2020-03-10 07:43 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-04-17 12:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-04-17 12:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-04-17 12:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-04-17 12:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-04-17 12:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-04-17 12:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-04-17 12:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-05-2023 01
Ran by tonar (16-05-2023 16:01:57)
Running from C:\Users\tonar\OneDrive\Plocha
Microsoft Windows 10 Home Version 22H2 19045.2965 (X64) (2020-12-17 23:21:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3396000467-1152395305-1387035803-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3396000467-1152395305-1387035803-503 - Limited - Disabled)
Guest (S-1-5-21-3396000467-1152395305-1387035803-501 - Limited - Disabled)
tonar (S-1-5-21-3396000467-1152395305-1387035803-1001 - Administrator - Enabled) => C:\Users\tonar
WDAGUtilityAccount (S-1-5-21-3396000467-1152395305-1387035803-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 23.001.20174 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.1.11 - AnyDesk Software GmbH)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 23.4.6062 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 112.0.21002.138 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 113.0.5672.93 - Google LLC)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 113.0.1774.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 113.0.1774.42 - Microsoft Corporation)
Microsoft Office Access MUI (Czech) 2007 (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Czech) 2007 (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3396000467-1152395305-1387035803-1001\...\OneDriveSetup.exe) (Version: 23.086.0423.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.5.0 - Mozilla)
Mozilla Thunderbird (x64 cs) (HKLM\...\Mozilla Thunderbird 102.10.1 (x64 cs)) (Version: 102.10.1 - Mozilla)
NAPS2 6.1.2 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.33.22.0_x64__kgqvnymyfvs32 [2023-05-05] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_3.1.5.0_x64__kgqvnymyfvs32 [2023-04-25] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-21] (Canon Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-01] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-18] (Microsoft Corporation) [MS Ad]
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-21] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0 [2023-05-16] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-05-09] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-05-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-05-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-05-09] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-05-09] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-05-16 16:00 - 2023-05-16 16:00 - 000394240 _____ (Google Inc.) [File not signed] C:\Program Files (x86)\AnyDesk\gcapi.dll
2003-03-18 23:23 - 2003-03-18 23:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1029\mdmui.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3396000467-1152395305-1387035803-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8C75B5CA-641F-4E26-AC94-4B4AB8158FC2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4CA06F9F-F7B6-438E-A6A3-27147EC18E34}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5C2AD1DF-5FAE-47D2-919F-46841EE761BE}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C01265BC-1689-4001-A85A-A22A6BD29818}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{68AECA83-EDF1-473D-81ED-670B270F1DA4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B74A00C1-FBED-455B-A562-E128EEC2DB90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2C2A0A9-D045-4D07-AE0C-95CBEAF4AF1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{57765C2F-E58B-45D3-BF81-692A83244FFA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{80CE5C46-71FE-4C05-A15F-CC4D0A5E0F0D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\113.0.1774.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E4F5CDB3-D970-4688-9BF0-9E6D7026FE52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6A276698-F987-43FE-8968-F7C37EA64F2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E34032AC-4696-41EE-B6E1-388075CBCEDC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AF51B08B-C0DA-4D2C-8C42-79FFC703964A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DC184B53-685C-49A3-8625-1145A11D256B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{36EC77BB-19EC-4477-AD17-57E618AEC639}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4B9B4DEA-0935-4745-9C05-F3F8E8789B26}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{09C7AC74-D1A4-4E57-A674-3D08B5357CD2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CC141F0E-80E2-406C-A05E-3AFA3B9239D3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{81E0F0F6-BF9D-4C55-836F-973289550E18}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9AADF742-1B8B-437B-98F9-503E5F377664}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{E7AB33D6-FE47-40EB-9D9A-E674E1768121}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{E23D3463-B7B0-462C-BD88-E3E24C56A81E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{EBA9F4C3-2BD3-47BF-ADE3-07B5E965671C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{1A8A2F59-C2EE-4447-B65D-A28E5AFFA219}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{908AA5E9-D2DC-4C50-82DB-A6C6ABE0E52A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:96.59 GB) (Free:39.21 GB) (41%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2023 01:11:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.2788 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 14c4

Čas spuštění: 01d97e78fac130c4

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 5cb233ce-3957-426b-9605-a580a0dcaa5b

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.9.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: ShellFeedsUI

Typ zablokování: Quiesce

Error: (03/11/2023 08:02:30 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 11) (User: DESKTOP-5USLTSD)
Description: Microsoft.YourPhone_8wekyb3d8bbwe-2147023878

Error: (02/22/2023 12:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Microsoft.SharePoint.exe, verze: 23.23.129.2, časové razítko: 0xb100d2a9
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.2130, časové razítko: 0xb5ced1c6
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000008c67f
ID chybujícího procesu: 0xcc4
Čas spuštění chybující aplikace: 0x01d946a8a8dee520
Cesta k chybující aplikaci: C:\Users\tonar\AppData\Local\Microsoft\OneDrive\23.023.0129.0002\Microsoft.SharePoint.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 516495d8-b58a-43a9-a348-f97f931b86dc
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/17/2023 10:09:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Microsoft.SharePoint.exe, verze: 23.20.125.3, časové razítko: 0x03b6339d
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.2130, časové razítko: 0xb5ced1c6
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000008c67f
ID chybujícího procesu: 0x19c8
Čas spuštění chybující aplikace: 0x01d942a729593540
Cesta k chybující aplikaci: C:\Users\tonar\AppData\Local\Microsoft\OneDrive\23.020.0125.0003\Microsoft.SharePoint.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: ddffc7af-4c12-490f-aa50-f5466cd5238e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/29/2023 12:59:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Microsoft.SharePoint.exe, verze: 23.2.102.4, časové razítko: 0x9ff405d5
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x1e9c
Čas spuštění chybující aplikace: 0x01d933d0c9b62299
Cesta k chybující aplikaci: C:\Users\tonar\AppData\Local\Microsoft\OneDrive\23.002.0102.0004\Microsoft.SharePoint.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: b99e9454-3814-4ec1-a5e0-a24799313a2b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/28/2023 01:07:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Microsoft.SharePoint.exe, verze: 23.2.102.4, časové razítko: 0x9ff405d5
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x2388
Čas spuštění chybující aplikace: 0x01d93308ab869975
Cesta k chybující aplikaci: C:\Users\tonar\AppData\Local\Microsoft\OneDrive\23.002.0102.0004\Microsoft.SharePoint.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: ab8cd8f6-0737-4f8f-9ded-b4f23c133f90
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/27/2023 01:03:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Microsoft.SharePoint.exe, verze: 23.2.102.4, časové razítko: 0x9ff405d5
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x26fc
Čas spuštění chybující aplikace: 0x01d9323efb885928
Cesta k chybující aplikaci: C:\Users\tonar\AppData\Local\Microsoft\OneDrive\23.002.0102.0004\Microsoft.SharePoint.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: ebdeb3ba-55d6-478e-85b4-c0c55bb16ebb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/26/2023 12:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Microsoft.SharePoint.exe, verze: 23.2.102.4, časové razítko: 0x9ff405d5
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x18bc
Čas spuštění chybující aplikace: 0x01d93172cbf94537
Cesta k chybující aplikaci: C:\Users\tonar\AppData\Local\Microsoft\OneDrive\23.002.0102.0004\Microsoft.SharePoint.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: 6847dff9-39f3-4892-9b19-adb39571c422
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (05/12/2023 09:11:35 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WerSvc se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
Požadavek není podporován.


Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (05/05/2023 08:02:24 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5USLTSD)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/21/2023 02:56:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (03/20/2023 11:21:36 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5USLTSD)
Description: Server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/20/2023 11:21:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5USLTSD)
Description: Server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/20/2023 11:21:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5USLTSD)
Description: Server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/16/2023 12:28:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus se po přijetí pokynu pro vypnutí neukončila správně.

Error: (03/09/2023 12:50:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80248007): 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS.


CodeIntegrity:
===============
Date: 2023-05-16 15:45:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A06 11/03/2010
Motherboard: Dell Inc. 0DFRFW
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 84%
Total physical RAM: 3995.59 MB
Available physical RAM: 615.27 MB
Total Virtual: 5083.59 MB
Available Virtual: 1131.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:96.59 GB) (Free:39.21 GB) (Model: Apacer AS340 240GB) NTFS
Drive e: (dataSSD) (Fixed) (Total:125.91 GB) (Free:55.62 GB) (Model: Apacer AS340 240GB) NTFS

\\?\Volume{be9d2447-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS
\\?\Volume{be9d2447-0000-0000-0000-004a18000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: BE9D2447)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=511 MB) - (Type=27)
Partition 4: (Not Active) - (Size=125.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
_________________________________________________________________
RSIT | MWAV | CCleaner

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Objevil se zde vir Police ČR - pornografie

#2 Příspěvek od Rudy »

Zdravím!
Je to fake. Ale zkontrolujeme. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Objevil se zde vir Police ČR - pornografie

#3 Příspěvek od altrok »

Ahoj,

:arrow: AnyDesk jsi instaloval úmyslně?

:arrow: Mate vypnutou funkci bodu obnoveni - velice doporucuji tuto funkci zapnout.
  • Kliknete pravym na Tento pocitac -> Vlastnosti -> Upresnit nastaveni systemu -> nahore zalozka Ochrana systemu -> oznacte systemovy disk (vetsinou C: ) -> Konfigurovat -> vyberte Obnovit nastaveni systemu a predchozi verze souboru a ulozte klikem na Pouzit.
  • Pokud si chcete hrat s velikosti mista na disku, ktere je vyuzito body obnoveni, nedoporucuji tuto hranici snizovat pod 1 GB. Pokud mate mista na disku dost, ponechte defaultni 5-10% vyuziti disku.
:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan (Skenovani), pote na Clean (Cisteni)
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Objevil se zde vir Police ČR - pornografie

#4 Příspěvek od dinospages »

anydfesk je umyslny, máte k němu nějaké výhrady používám jej hodně na svych zarizenich kde se venuji cryptu a vyuzivam spoustu různých blockchainových browser externsionů atd... je tu někde o tom nějaká sekce. CErlkem by se mi to hodilo..

zde je log:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-26-2023
# Duration: 00:00:00
# OS: Windows 10 (Build 19045.2965)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1420 octets] - [26/05/2023 20:30:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
_________________________________________________________________
RSIT | MWAV | CCleaner

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Objevil se zde vir Police ČR - pornografie

#5 Příspěvek od Rudy »

ADWC je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3396000467-1152395305-1387035803-1001\...\Run: [3cca1bb530f30c1edd994819dca34c2c] => "C:\Program Files\DVDFab\ExplorerFab\liveUpdate.exe" --run_mode=background_check (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {D122E6E8-C5CE-420E-B80E-07DBD8492D38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-10] (Google LLC -> Google LLC)
Task: {D8EC02BA-6B32-4EB2-ADCF-F67118068B80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-10] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\DumpStack.log.tmp

EmptyTemp:
End
Uložte do C:\Users\tonar\OneDrive\Plocha jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Objevil se zde vir Police ČR - pornografie

#6 Příspěvek od dinospages »

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2023
Ran by tonar (05-06-2023 18:17:14) Run:1
Running from C:\Users\tonar\OneDrive\Plocha
Loaded Profiles: tonar
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3396000467-1152395305-1387035803-1001\...\Run: [3cca1bb530f30c1edd994819dca34c2c] => "C:\Program Files\DVDFab\ExplorerFab\liveUpdate.exe" --run_mode=background_check (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {D122E6E8-C5CE-420E-B80E-07DBD8492D38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-10] (Google LLC -> Google LLC)
Task: {D8EC02BA-6B32-4EB2-ADCF-F67118068B80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-10] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\DumpStack.log.tmp

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-3396000467-1152395305-1387035803-1001\Software\Microsoft\Windows\CurrentVersion\Run\\3cca1bb530f30c1edd994819dca34c2c" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D122E6E8-C5CE-420E-B80E-07DBD8492D38}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D122E6E8-C5CE-420E-B80E-07DBD8492D38}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8EC02BA-6B32-4EB2-ADCF-F67118068B80}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8EC02BA-6B32-4EB2-ADCF-F67118068B80}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 996250689 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 2917779 B
Edge => 1888099 B
Chrome => 1834075576 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 295338 B
NetworkService => 295338 B
tonar => 4684012675 B

RecycleBin => 0 B
EmptyTemp: => 7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-06-2023 18:29:37)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 18:29:37 ====
_________________________________________________________________
RSIT | MWAV | CCleaner

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Objevil se zde vir Police ČR - pornografie

#7 Příspěvek od Rudy »

Smazáno, log již vypadá OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

dinospages
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 240
Registrován: 20 črc 2006 11:33

Re: Objevil se zde vir Police ČR - pornografie

#8 Příspěvek od dinospages »

OK děkuji
_________________________________________________________________
RSIT | MWAV | CCleaner

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118194
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Objevil se zde vir Police ČR - pornografie

#9 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno