VIRY.CZ

Dobrý den ve Win10 v antiviru mám stále





i když dám kontrolu ,zase se toto objeví

zmizí když dám zavřít

dik

Zdravím!
Dejte logy FRST+Addition: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

ok tak tady

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by rossu (01-11-2020 18:28:42)
Running from C:\Users\rossu\Desktop
Windows 10 Home Version 2004 19041.572 (X64) (2020-05-30 17:18:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4057023617-2345177252-1567271487-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4057023617-2345177252-1567271487-503 - Limited - Disabled)
Guest (S-1-5-21-4057023617-2345177252-1567271487-501 - Limited - Disabled)
rossu (S-1-5-21-4057023617-2345177252-1567271487-1001 - Administrator - Enabled) => C:\Users\rossu
WDAGUtilityAccount (S-1-5-21-4057023617-2345177252-1567271487-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1310 (HKLM-x32\...\{76A9FB3A-D7AB-4C8C-8C49-3CFDBF2D6C2D}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
1310_Help (HKLM-x32\...\{6D4553DF-2095-4D10-92C0-17934733B51D}) (Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (HKLM-x32\...\{6D7E031C-4C05-4265-854A-FE9FDEA9984D}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
4K Video Downloader (HKLM\...\{94360C20-3425-4BB1-9A75-03A4E69194F8}) (Version: 4.13.0.3800 - Open Media LLC)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 19.01 alpha (x64) (HKLM\...\7-Zip) (Version: 19.01 alpha - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (HKLM-x32\...\{D5045A94-1D46-44A7-9C4F-7D05B40D82EC}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{2DFDE21D-AFFE-4CDD-BBD4-3B7832BEC036}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Anti-Twin (Installation 26.08.2020) (HKLM-x32\...\Anti-Twin 2020-08-26 22.14.34) (Version: - Joerg Rosenthal, Germany)
Backup and Sync from Google (HKLM\...\{86E7EC52-41D9-4573-951C-FB7AC339A251}) (Version: 3.52.3372.2621 - Google, Inc.)
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\50E7F7D847732396F1582CD62DD385ED7ABB0897) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\...\{A559093D-FCCB-1B3D-5504-74D07E48A7FB}) (Version: PRO v.5.72.7974 - 23.09.2020 - libbi)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CS3889 Atentát (HKLM-x32\...\CS3889 Atentát_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1114 - Disc Soft Ltd)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.0.1.35811 - Foxit Software Inc.)
Google Chrome (HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
inPixio Photo Studio 10 (HKLM-x32\...\{EEB2D77B-37DD-4FA2-9B4D-F6724AEC95DF}) (Version: 10.0.0 - inPixio)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Kingston SSD Manager version 1.1.2.6 (HKLM-x32\...\{9A5DD901-0B98-4F2B-9421-B5975014184F}_is1) (Version: 1.1.2.6 - Kingston Digital, Inc)
LibreOffice 6.4 Help Pack (Czech) (HKLM\...\{AE983296-8590-4589-84E0-80B8C30ED803}) (Version: 6.4.0.3 - The Document Foundation)
LibreOffice 7.0.1.2 (HKLM\...\{B98796CE-B0AD-498E-81E4-986FA3BB20B9}) (Version: 7.0.1.2 - The Document Foundation)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.93 - )
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.15 - F.J. Wechselberger)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Ovládací panel NVIDIA 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 425.31 - NVIDIA Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23072 - Microsoft Corporation)
qBittorrent 4.3.0.1 (HKLM-x32\...\qBittorrent) (Version: 4.3.0.1 - The qBittorrent project)
Rajče průvodce verze 1.59.52.267 (HKLM-x32\...\rajce.net_is1) (Version: - rajce.net)
Rajče verze 2.6.2 sestavení 292 (HKLM-x32\...\Rajče.net_is1) (Version: - rajče.net)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7589 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 9.3.40.0 - 2BrightSparks)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
VS Revo Group v.4.3.1 - 22.04.2020 (HKLM-x32\...\VS Revo Group v.4.3.1 - 22.04.2020) (Version: v.4.3.1 - 22.04.2020 - Libbi)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.91 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
ZPS 19 CZ v.19.2004.2.250 - 03.06.2020 (HKLM-x32\...\ZPS 19 CZ v.19.2004.2.250 - 03.06.2020) (Version: v.19.2004.2.250 - 03.06.2020 - Libbi)

Packages:
=========
Avast Online Security -> C:\Program Files\WindowsApps\51CA791E.AvastOnlineSecurity_19.4.444.0_neutral__s1d0xtrs8dx04 [2020-11-01] (AVAST Software)
inPixio Photo Editor -> C:\Program Files\WindowsApps\AvanquestSoftware.InPixioFreePhotoEditor_9.1.0.0_x86__hrs4p72486j8p [2020-09-26] (Avanquest Software)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-09-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-09-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-25] (Microsoft Studios) [MS Ad]
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-09-26] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4057023617-2345177252-1567271487-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\rossu\AppData\Local\Google\Chrome\Application\86.0.4240.111\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4057023617-2345177252-1567271487-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\rossu\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-4057023617-2345177252-1567271487-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\rossu\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-10-14] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-10-14] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-10-14] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\program1\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-10-14] (Google LLC -> Google)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\program1\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-01-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-01-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\program1\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-10-14] (Google LLC -> Google)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-04-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\program1\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.tscc] => C:\Windows\SysWOW64\tsccvid.dll [102400 2005-06-15] (TechSmith Corporation) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\rossu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Vzdálená plocha Chrome.lnk -> C:\Users\rossu\AppData\Local\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) =============

2020-11-01 18:24 - 2020-11-01 18:24 - 000114176 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\_ctypes.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000172544 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\_elementtree.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 002250240 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\_hashlib.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000032256 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\_multiprocessing.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000046080 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\_psutil_windows.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000047616 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\_socket.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 002819584 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\_ssl.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000026112 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\_yappi.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000080896 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\bz2.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000016384 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\common.time34.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000007680 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\hashobjs_ext.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000301568 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\PIL._imaging.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000168448 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\pyexpat.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 001084416 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\pysqlite2._sqlite.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000548864 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\pythoncom27.dll
2020-11-01 18:24 - 2020-11-01 18:24 - 000137728 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\pywintypes27.dll
2020-11-01 18:24 - 2020-11-01 18:24 - 000010752 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\select.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000020992 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\thumbnails_ext.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000689664 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\unicodedata.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000119808 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\usb_ext.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000128512 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32api.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000438784 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32com.shell.shell.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000011776 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32crypt.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000023040 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32event.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000149504 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32file.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000223232 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32gui.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000048128 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32inet.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000029696 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32pdh.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000027648 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32pipe.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000044032 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32process.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000020480 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32profile.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000136192 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32security.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000026624 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\win32ts.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000034816 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\windows.conditional.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000038400 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\windows.connectivity.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000071680 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\windows.device_monitor.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000109056 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\windows.volumes.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000020480 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\windows.winwrap.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 001325056 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wx._controls_.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 001489408 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wx._core_.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 001007104 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wx._gdi_.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000103424 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wx._html2.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 000916992 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wx._misc_.pyd
2020-11-01 18:24 - 2020-11-01 18:24 - 001039872 _____ () [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wx._windows_.pyd
2011-08-18 01:29 - 2011-08-18 01:29 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2020-06-23 08:16 - 2019-09-05 06:00 - 000076800 _____ (Igor Pavlov) [File not signed] C:\program1\7-Zip\7-zip.dll
2020-11-01 18:24 - 2020-11-01 18:24 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\python27.dll
2020-11-01 18:24 - 2020-11-01 18:24 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wxbase30u_net_vc90_x64.dll
2020-11-01 18:24 - 2020-11-01 18:24 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wxbase30u_vc90_x64.dll
2020-11-01 18:24 - 2020-11-01 18:24 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wxmsw30u_adv_vc90_x64.dll
2020-11-01 18:24 - 2020-11-01 18:24 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wxmsw30u_core_vc90_x64.dll
2020-11-01 18:24 - 2020-11-01 18:24 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wxmsw30u_html_vc90_x64.dll
2020-11-01 18:24 - 2020-11-01 18:24 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\rossu\AppData\Local\Temp\_MEI18562\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-10-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-10-30] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-09-29 06:04 - 2020-09-29 06:04 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2020-01-03 19:17 - 2020-06-18 19:14 - 000000507 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-1TNCHR7.mshome.net # 2025 6 2 17 18 14 50 479
192.168.137.9 LGwebOSTV.mshome.net # 2020 6 4 25 18 14 50 479

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\rossu\AppData\Local\Microsoft\WindowsApps;C:\adb;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rossu\Downloads\en.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "MalTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "UnKIS"
HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\...\StartupApproved\Run: => "qBittorrent"
HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\...\StartupApproved\Run: => "Delete Cached Standalone Update Binary"
HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\...\StartupApproved\Run: => "Uninstall 20.084.0426.0007\amd64"
HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\...\StartupApproved\Run: => "Uninstall 20.084.0426.0007"
HKU\S-1-5-21-4057023617-2345177252-1567271487-1001\...\StartupApproved\Run: => "Delete Cached Update Binary"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FFA0076C-3A5E-4D87-A696-50757BC1FE40}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{0AC1933D-8DC1-4B6D-8F12-13299B4FBF26}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [UDP Query User{5121987A-80E4-4A7A-A75E-7AEF44E4BF1F}C:\users\rossu\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\rossu\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{A13112A7-CC14-4F2E-979C-B9E8312BE5BD}C:\users\rossu\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\rossu\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2F1CFE72-8D3E-46F1-B97E-E8F1E11DBC12}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{BD955DDA-9B9F-41B0-9C10-B977F4845944}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{2DBEE51B-E9A4-4683-9B07-C0F690E25751}C:\users\rossu\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\rossu\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{76EF3312-F730-49AC-B4A4-89C875566585}C:\users\rossu\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\rossu\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{B991C315-22B1-417A-AB57-B9D330E1FF1E}C:\program1\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program1\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{A81B9797-F32F-4B21-9850-F54C01E7F4FD}C:\program1\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program1\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{C58CE780-FD1E-4DA4-A000-16653E48E78A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9AAA7A29-68EF-4B65-B215-95D833B99EDE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2DE12EC3-6679-4F84-B705-3C7679843BAA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9458B3E8-279C-4D66-9CFC-93D07556D8C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2F150F7E-D133-4A8C-BC66-8C6A4621816D}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{564FB3BD-A238-444A-9B52-6904AC9FAB48}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]

==================== Restore Points =========================

19-10-2020 15:23:52 one drive
19-10-2020 16:08:55 JRT Pre-Junkware Removal
26-10-2020 19:44:27 Naplánovaný kontrolní bod
28-10-2020 19:54:53 cc a dlk
31-10-2020 16:29:44 sobotnik pokusy 31.10
01-11-2020 17:21:05 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

Name: Android ADB Interface
Description: Android ADB Interface
Class Guid: {3f966bd9-fa04-4ec5-991c-d326973b5128}
Manufacturer: Xiaomi Technology, Inc.
Service: WinUSB
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/01/2020 06:03:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MBAMService.exe, verze: 3.2.0.927, časové razítko: 0x5f878292
Název chybujícího modulu: UpdateControllerImpl.dll, verze: 3.2.0.543, časové razítko: 0x5f89f4c2
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000048213
ID chybujícího procesu: 0x2158
Čas spuštění chybující aplikace: 0x01d6b070d2607ab0
Cesta k chybující aplikaci: C:\program1\malwarebytes\MBAMService.exe
Cesta k chybujícímu modulu: C:\PROGRAM1\MALWAREBYTES\UpdateControllerImpl.dll
ID zprávy: f64a7558-38a3-4efc-a9d5-bd659c5c4959
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/01/2020 04:35:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.19041.423, časové razítko: 0xc09a617f
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.572, časové razítko: 0x1183946c
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b65c
ID chybujícího procesu: 0xa40
Čas spuštění chybující aplikace: 0x01d6b064872957a2
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: dbab88e0-6ba1-41be-9d30-6a6c6a16f89e
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI

Error: (11/01/2020 04:34:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.19041.423, časové razítko: 0xc09a617f
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.572, časové razítko: 0x1183946c
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b65c
ID chybujícího procesu: 0x1134
Čas spuštění chybující aplikace: 0x01d6b0630e9d4e5a
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 011c4621-84e7-4968-b891-e894d260e019
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI

Error: (11/01/2020 03:41:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.19041.423, časové razítko: 0xc09a617f
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.572, časové razítko: 0x1183946c
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b65c
ID chybujícího procesu: 0xca4
Čas spuštění chybující aplikace: 0x01d6b05cfb9043d9
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: a1cb83dc-7c40-410a-8c63-e6f1f64cb4a4
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI

Error: (11/01/2020 03:40:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.19041.423, časové razítko: 0xc09a617f
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.572, časové razítko: 0x1183946c
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b65c
ID chybujícího procesu: 0x698
Čas spuštění chybující aplikace: 0x01d6b054d8181a86
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: ccf2dd89-b019-4415-826f-4ad316157142
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI

Error: (11/01/2020 02:39:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.19041.423, časové razítko: 0xc09a617f
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.572, časové razítko: 0x1183946c
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b65c
ID chybujícího procesu: 0x24c4
Čas spuštění chybující aplikace: 0x01d6b0522c010b94
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 3dfa7070-af86-4352-980c-ee4ef63d097b
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI

Error: (11/01/2020 02:12:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SecHealthUI.exe verze 10.0.19041.423 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 7a4

Čas spuštění: 01d6b03c66eebacd

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

ID hlášení: 3a9281e3-705c-437e-950f-9ad037b7f76c

Úplný název balíčku s chybou: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: SecHealthUI

Typ zablokování: Cross-process

Error: (11/01/2020 11:47:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SecHealthUI.exe, verze: 10.0.19041.423, časové razítko: 0xc09a617f
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.572, časové razítko: 0x1183946c
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b65c
ID chybujícího procesu: 0x11bc
Čas spuštění chybující aplikace: 0x01d6b03c4a0be985
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: a57d4534-8b04-46c8-ab3b-87b80de0a3e8
Úplný název chybujícího balíčku: Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: SecHealthUI


System errors:
=============
Error: (11/01/2020 06:24:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SecDrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (11/01/2020 06:24:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS

Error: (11/01/2020 06:24:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MBAMChameleon neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/01/2020 06:03:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Malwarebytes Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error: (11/01/2020 06:01:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SecDrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (11/01/2020 05:59:57 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby SecurityHealthService s argumenty Není k dispozici za účelem spuštění serveru:
{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}

Error: (11/01/2020 05:58:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SecDrv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (11/01/2020 05:58:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS


Windows Defender:
===================================
Date: 2020-11-01 14:40:01.7520000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2E2B29F3-1097-4535-8181-470135D866EF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: DESKTOP-1TNCHR7\rossu

Date: 2020-11-01 14:13:00.0850000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {AB7FD946-5FEF-42D1-B730-411A1BC92666}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: DESKTOP-1TNCHR7\rossu

Date: 2020-10-31 22:35:07.6410000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: containerfile:_C:\Users\rossu\Downloads\CCleaner 5.73.8130 Professional_Technician_Business_Slim\CCleaner 5.73.8130 Professional_Technician_Business_Slim\CCleaner Business 5.73.8130 Multilingual\Keymaker-CORE.rar; containerfile:_C:\Users\rossu\Downloads\CCleaner 5.73.8130 Professional_Technician_Business_Slim\CCleaner 5.73.8130 Professional_Technician_Business_Slim\CCleaner Professional - Technician 5.73.8130 Multilingual\CCleanerPro5\Keymaker-CORE.rar; containerfile:_C:\Users\rossu\Downloads\CCleaner 5.73.8130 Professional_Technician_Business_Slim\CCleaner 5.73.8130 Professional_Technician_Business_Slim\CCleaner Professional - Technician 5.73.8130 Multilingual\CCleanerTechnician\Keymaker-CORE.rar; containerfile:_C:\Users\rossu\Downloads\CCleaner 5.73.8130 Professional_Technician_Business_Slim\CCleaner 5.73.8130 Professional_Technician_Business_Slim\CCleaner Professional 5.73.8130 Slim Multilingual\Keymaker_CORE.rar; file:_C:\Users\rossu\Downloads\CCleaner 5.73.8130 Professional_Technician_Business_Slim\CCle
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.327.99.0, AS: 1.327.99.0, NIS: 1.327.99.0
Verze modulu: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-10-31 21:58:04.7470000Z
Description:
Řízený přístup ke složkám zablokoval pro C:\program1\avast\wsc_proxy.exe provádění změn v paměti.
Čas detekce: 2020-10-31T20:58:04.746Z
Uživatel: DESKTOP-1TNCHR7\rossu
Cesta: \Device\Harddisk0\DR0
Název procesu: C:\program1\avast\wsc_proxy.exe
Verze bezpečnostních informací: 1.327.99.0
Verze modulu: 1.1.17600.5
Verze produktu: 4.18.2010.4

Date: 2020-10-31 21:58:04.7360000Z
Description:
Řízený přístup ke složkám zablokoval pro C:\program1\avast\AvastSvc.exe provádění změn v paměti.
Čas detekce: 2020-10-31T20:58:04.736Z
Uživatel: NT AUTHORITY\SYSTEM
Cesta: \Device\Harddisk0\DR0
Název procesu: C:\program1\avast\AvastSvc.exe
Verze bezpečnostních informací: 1.327.99.0
Verze modulu: 1.1.17600.5
Verze produktu: 4.18.2010.4

Date: 2020-10-29 21:36:32.7070000Z
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2020-11-01 18:03:03.4540000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-11-01 18:03:03.1760000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-10-31 22:32:07.5000000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\program1\avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-31 22:32:07.4610000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\program1\avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-31 22:32:07.4110000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\program1\avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-31 22:32:07.3300000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\program1\avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-31 22:32:07.2770000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\program1\avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-10-31 22:32:07.0020000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\program1\avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.03 04/20/2015
Motherboard: Acer Tashigi_BA
Processor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Percentage of memory in use: 62%
Total physical RAM: 4009.76 MB
Available physical RAM: 1511.87 MB
Total Virtual: 8105.76 MB
Available Virtual: 5003.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.5 GB) (Free:385.99 GB) NTFS
Drive d: (disk roman) (Fixed) (Total:931.5 GB) (Free:508.55 GB) NTFS
Drive h: (Verbatim HDD) (Fixed) (Total:465.76 GB) (Free:368.69 GB) NTFS

\\?\Volume{22333932-bdb1-4cdc-a0a5-1104af995f8f}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{6faf45d7-9a69-41a3-a4e1-f32d1ff7af2c}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: 24898A96)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A259ECD9)

Partition: GPT.

==========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: CCEAC4BE)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

a druhy se nevešel tak zabalen do rar

Teď spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

ok tady


# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-01-2020
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [14915 octets] - [23/11/2019 22:56:13]
AdwCleaner[S00].txt - [1400 octets] - [23/11/2019 22:56:49]
AdwCleaner[C00].txt - [1568 octets] - [23/11/2019 22:57:00]
AdwCleaner[S01].txt - [1584 octets] - [03/12/2019 20:09:47]
AdwCleaner[C01].txt - [1734 octets] - [03/12/2019 20:10:26]
AdwCleaner[S02].txt - [1706 octets] - [07/12/2019 19:01:10]
AdwCleaner[C02].txt - [1818 octets] - [07/12/2019 19:01:31]
AdwCleaner[S03].txt - [1828 octets] - [27/12/2019 16:37:48]
AdwCleaner[C03].txt - [1940 octets] - [27/12/2019 16:38:06]
AdwCleaner[S04].txt - [1950 octets] - [03/01/2020 18:44:45]
AdwCleaner[C04].txt - [2062 octets] - [03/01/2020 18:51:15]
AdwCleaner[S05].txt - [2072 octets] - [17/01/2020 16:37:06]
AdwCleaner[C05].txt - [2184 octets] - [17/01/2020 16:39:29]
AdwCleaner[S06].txt - [2934 octets] - [20/01/2020 20:44:12]
AdwCleaner[S07].txt - [2995 octets] - [20/01/2020 20:45:40]
AdwCleaner[C07].txt - [3234 octets] - [20/01/2020 20:48:55]
AdwCleaner[S08].txt - [2377 octets] - [30/01/2020 16:29:18]
AdwCleaner[C08].txt - [2489 octets] - [30/01/2020 16:30:09]
AdwCleaner[S09].txt - [2524 octets] - [02/02/2020 22:25:49]
AdwCleaner[S10].txt - [2585 octets] - [28/02/2020 16:47:09]
AdwCleaner[S11].txt - [2789 octets] - [20/03/2020 16:45:07]
AdwCleaner[C11].txt - [2886 octets] - [20/03/2020 16:45:44]
AdwCleaner[S12].txt - [2803 octets] - [29/04/2020 19:05:25]
AdwCleaner[S13].txt - [2864 octets] - [03/05/2020 20:55:08]
AdwCleaner[S14].txt - [2925 octets] - [05/05/2020 13:49:58]
AdwCleaner[S15].txt - [2986 octets] - [07/05/2020 00:13:04]
AdwCleaner[S16].txt - [3047 octets] - [04/06/2020 15:46:05]
AdwCleaner[S17].txt - [3108 octets] - [09/06/2020 20:41:36]
AdwCleaner[S18].txt - [3169 octets] - [16/06/2020 21:27:37]
AdwCleaner[C18].txt - [3339 octets] - [16/06/2020 21:28:38]
AdwCleaner[S19].txt - [3291 octets] - [19/06/2020 15:59:06]
AdwCleaner[C19].txt - [3461 octets] - [19/06/2020 16:23:19]
AdwCleaner[S20].txt - [3413 octets] - [25/06/2020 10:50:54]
AdwCleaner[S21].txt - [3421 octets] - [25/07/2020 16:44:59]
AdwCleaner[S22].txt - [3482 octets] - [25/07/2020 16:47:12]
AdwCleaner[S23].txt - [3596 octets] - [07/08/2020 13:08:38]
AdwCleaner[C23].txt - [3766 octets] - [07/08/2020 13:08:59]
AdwCleaner[S24].txt - [3718 octets] - [14/08/2020 15:40:49]
AdwCleaner[S25].txt - [3779 octets] - [30/08/2020 19:44:39]
AdwCleaner[C25].txt - [3949 octets] - [30/08/2020 19:44:55]
AdwCleaner[S26].txt - [3901 octets] - [30/08/2020 19:49:28]
AdwCleaner[C26].txt - [4071 octets] - [30/08/2020 19:49:47]
AdwCleaner[S27].txt - [3970 octets] - [30/08/2020 19:53:36]
AdwCleaner[C27].txt - [4160 octets] - [30/08/2020 19:53:50]
AdwCleaner[S28].txt - [4092 octets] - [02/09/2020 20:04:18]
AdwCleaner[S29].txt - [4153 octets] - [07/09/2020 13:36:31]
AdwCleaner[S30].txt - [4214 octets] - [22/09/2020 13:36:32]
AdwCleaner[S31].txt - [4275 octets] - [23/09/2020 19:43:00]
AdwCleaner[S32].txt - [4336 octets] - [25/09/2020 18:54:29]
AdwCleaner[C32].txt - [4526 octets] - [25/09/2020 18:55:54]
AdwCleaner[S33].txt - [4458 octets] - [09/10/2020 17:03:15]
AdwCleaner[S34].txt - [4519 octets] - [11/10/2020 16:37:23]
AdwCleaner[S35].txt - [4580 octets] - [11/10/2020 19:41:00]
AdwCleaner[S36].txt - [4641 octets] - [30/10/2020 19:46:01]
AdwCleaner[S37].txt - [4702 octets] - [01/11/2020 19:26:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C37].txt ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CkoseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
C:\Users\rossu\AppData\Local\Temp
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {067A76DD-FC3F-40E3-9519-11F07BB1FAD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-24] (Google LLC -> Google LLC)
Task: {19CBEC12-1A86-46FD-BBA6-3A73A64D9CF7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4057023617-2345177252-1567271487-1001Core => C:\Users\rossu\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-11-21] (Google Inc -> Google LLC)
Task: {9BBA5484-2F0B-47CB-95D0-0EFA68D977ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-24] (Google LLC -> Google LLC)
Task: {C3361258-59B3-4CB3-8FDA-DEA2D63AE4F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4057023617-2345177252-1567271487-1001UA => C:\Users\rossu\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-11-21] (Google Inc -> Google LLC)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

provedeno log tady

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by rossu (01-11-2020 20:03:19) Run:2
Running from C:\Users\rossu\Desktop
Loaded Profiles: rossu
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CkoseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
C:\Users\rossu\AppData\Local\Temp
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {067A76DD-FC3F-40E3-9519-11F07BB1FAD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-24] (Google LLC -> Google LLC)
Task: {19CBEC12-1A86-46FD-BBA6-3A73A64D9CF7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4057023617-2345177252-1567271487-1001Core => C:\Users\rossu\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-11-21] (Google Inc -> Google LLC)
Task: {9BBA5484-2F0B-47CB-95D0-0EFA68D977ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-24] (Google LLC -> Google LLC)
Task: {C3361258-59B3-4CB3-8FDA-DEA2D63AE4F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4057023617-2345177252-1567271487-1001UA => C:\Users\rossu\AppData\Local\Google\Update\GoogleUpdate.exe [154920 2019-11-21] (Google Inc -> Google LLC)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
*****************

CkoseProcesses: => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully

"C:\Users\rossu\AppData\Local\Temp" folder move:

Could not move "C:\Users\rossu\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{067A76DD-FC3F-40E3-9519-11F07BB1FAD7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{067A76DD-FC3F-40E3-9519-11F07BB1FAD7}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19CBEC12-1A86-46FD-BBA6-3A73A64D9CF7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19CBEC12-1A86-46FD-BBA6-3A73A64D9CF7}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4057023617-2345177252-1567271487-1001Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4057023617-2345177252-1567271487-1001Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BBA5484-2F0B-47CB-95D0-0EFA68D977ED}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BBA5484-2F0B-47CB-95D0-0EFA68D977ED}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3361258-59B3-4CB3-8FDA-DEA2D63AE4F5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3361258-59B3-4CB3-8FDA-DEA2D63AE4F5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4057023617-2345177252-1567271487-1001UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-4057023617-2345177252-1567271487-1001UA" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37092584 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 2676556 B
Edge => 0 B
Chrome => 442101177 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19726 B
NetworkService => 41518 B
rossu => 129261483 B

RecycleBin => 1555342643 B
EmptyTemp: => 2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-11-2020 20:08:58)

C:\Users\rossu\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:08:59 ====

Smazáno. Nastala nějaká změna?

dekuju uvidím projedu Windows Defender
...rychlá kontrola a zas to ukazuje

OK. Spusťte tedy tuto utilitu: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde. Pokud bude sken čistý, potom si to WinDefender vyfabuloval.

Rudy píše: ↑01 lis 2020 21:53 OK. Spusťte tedy tuto utilitu: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde. Pokud bude sken čistý, potom si to WinDefender vyfabuloval.

web není dostupný...............

Zkuste tady: https://www.kaspersky.com/downloads/tha ... ool?form=1 .

už jsem tady ...tak sken čistý

OK, tušil jsem to. Můžete ještě prověřit ty soubory online na www.virustotal.com , případně je rovnou dát do vyjímek.