VIRY.CZ

Dobrý den

Prosím o kontrolu notebooku, problémy nejsou žádné, akorát mi přijde, že je trochu pomalejší zejména při prohlížení internetových stránek, připojení mám ale kvalitní..ovšem může to být i tím že notebook není zrovna nejvýkonnější. Příkládám logy z FRST.

Děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-06-2021 01
Ran by Lenovo (administrator) on DESKTOP-CVQ9IOL (LENOVO 80G0) (06-06-2021 09:13:38)
Running from C:\Users\Lenovo\Downloads
Loaded Profiles: Lenovo
Platform: Windows 10 Home Version 2004 19041.985 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc.) [File not signed] C:\Windows\SysWOW64\UIUSrv.exe
(Fortemedia Inc -> ) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] (Fortemedia Inc -> )
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-11-20] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [5062384 2015-08-30] (Realtek Semiconductor Corp -> Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [122592 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2234086909-1374755945-2232299674-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33770112 2021-05-20] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2234086909-1374755945-2232299674-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [408888 2021-01-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BCC513C-E2D1-460C-B4F2-4BF66B588B4C} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {3716C008-8B7B-4D10-9ACD-86AD1B869091} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4808928 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
Task: {3EBD9238-955C-4A4E-A8F5-C0EDBAC9395A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {421DE017-6061-4BEF-AA75-72528996FA3D} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-05-20] (Piriform Software Ltd -> Piriform)
Task: {490DE79A-8221-40C3-9F14-E47D2EEDE9D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {62E5F115-5503-477D-8AAE-04457E974F4F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7A5A1CC2-67FF-4006-8D97-51441F41A5AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9C2057AD-78A1-4F13-8032-5B000C945300} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28158080 2021-05-20] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BBC4C284-0130-4D12-9538-3A7929D45224} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DF0AB20B-22A6-4823-A3FA-19E2B8AF57E0} - System32\Tasks\LUKKOMP\Cisteni OS => C:\dusting.cmd 0
Task: {E31D9039-457B-48D5-9707-630CE1CF46CC} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-04] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d4243ff1-ca74-45d7-b3a5-c5ec021b344e}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lenovo\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-03]

FireFox:
========
FF DefaultProfile: ccow8e9n.default
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\lrj1odvp.user [2021-06-03]
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\ccow8e9n.default [2020-10-09]
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\inag7a7p.default-release [2021-06-06]
FF Homepage: Mozilla\Firefox\Profiles\inag7a7p.default-release -> hxxps://www.seznam.cz/
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\inag7a7p.default-release\Extensions\firefox@ghostery.com.xpi [2021-05-26]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8151120 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [622816 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [370400 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [5026616 2021-01-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 UIUService; C:\Windows\SysWOW64\UIUSrv.exe [105984 2020-10-09] (Conexant Systems, Inc.) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35664 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [216360 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [365536 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250336 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99296 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17328 2021-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41296 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [180944 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [522864 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107792 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82856 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851144 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [471352 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215336 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [326976 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2021-01-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2021-01-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429296 2020-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-06 09:13 - 2021-06-06 09:14 - 000013447 _____ C:\Users\Lenovo\Downloads\FRST.txt
2021-06-06 09:13 - 2021-06-06 09:14 - 000000000 ____D C:\FRST
2021-06-06 09:11 - 2021-06-06 09:11 - 002300416 _____ (Farbar) C:\Users\Lenovo\Downloads\FRST64.exe
2021-06-05 11:58 - 2021-06-05 12:49 - 545343465 _____ C:\Users\Lenovo\Downloads\Slunce, seno a pár facek.mp4
2021-06-04 16:17 - 2021-06-04 16:17 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-06-04 10:26 - 2021-06-04 16:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-01 08:00 - 2021-06-01 08:00 - 000000000 _____ C:\Users\Lenovo\hkcubackup.hiv
2021-05-31 08:27 - 2021-05-31 08:26 - 000339680 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-05-31 08:27 - 2021-05-31 08:26 - 000215336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-05-30 15:10 - 2021-05-30 17:48 - 1468393472 _____ C:\Users\Lenovo\Downloads\Noční můra v Elm Street 2-Horror-1985-CZ-adriatic.avi
2021-05-30 09:24 - 2021-05-30 10:27 - 1147197646 _____ C:\Users\Lenovo\Downloads\Nocni mura v Elm Street 1 CZ 1984.avi
2021-05-29 19:27 - 2021-05-29 19:27 - 000017328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-05-24 19:17 - 2021-05-24 19:17 - 000261900 _____ C:\Users\Lenovo\Downloads\0024795062141.pkpass
2021-05-24 19:17 - 2021-05-24 19:17 - 000261900 _____ C:\Users\Lenovo\Downloads\0024795062141(1).pkpass
2021-05-24 19:14 - 2021-05-24 19:15 - 000093000 _____ C:\Users\Lenovo\Downloads\2479506214.pdf
2021-05-15 13:12 - 2021-05-15 13:12 - 001687040 _____ C:\Windows\system32\libcrypto.dll
2021-05-15 13:11 - 2021-05-15 13:11 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-05-15 13:11 - 2021-05-15 13:11 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-05-15 13:11 - 2021-05-15 13:11 - 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-05-15 13:10 - 2021-05-15 13:10 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-05-15 13:10 - 2021-05-15 13:10 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-05-15 13:10 - 2021-05-15 13:10 - 000011351 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-05-15 13:09 - 2021-05-15 13:09 - 001823816 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-05-15 13:09 - 2021-05-15 13:09 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-05-15 13:09 - 2021-05-15 13:09 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-05-15 13:08 - 2021-05-15 13:08 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-05-15 13:08 - 2021-05-15 13:08 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-06 09:12 - 2020-10-11 10:02 - 000000000 ____D C:\Program Files\CCleaner
2021-06-06 09:11 - 2020-10-09 11:28 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\Mozilla
2021-06-06 09:08 - 2020-10-09 11:17 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-06 09:07 - 2020-10-09 11:43 - 000000000 __SHD C:\Users\Lenovo\IntelGraphicsProfiles
2021-06-06 09:07 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-05 16:06 - 2021-01-15 12:19 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-06-05 16:06 - 2020-10-15 09:53 - 000003512 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-05 16:06 - 2020-10-15 09:53 - 000003288 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-05 16:06 - 2020-10-11 10:02 - 000002988 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-06-05 16:06 - 2020-10-11 10:02 - 000002238 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2021-06-05 16:06 - 2020-10-09 11:18 - 000003482 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-06-05 15:39 - 2020-10-09 10:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-06-05 10:12 - 2020-10-14 14:45 - 000000000 ____D C:\Users\Lenovo\Desktop\Filmy
2021-06-04 16:17 - 2020-10-09 11:17 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-04 16:17 - 2020-10-09 11:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-04 11:55 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-06-04 10:30 - 2020-10-15 09:54 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-04 10:30 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-04 10:30 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-06-03 18:13 - 2021-01-22 19:00 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-03 10:34 - 2021-04-27 16:38 - 000000000 ____D C:\Users\Lenovo\AppData\Local\AVAST Software
2021-06-03 10:06 - 2020-10-09 10:59 - 001693140 _____ C:\Windows\system32\PerfStringBackup.INI
2021-06-03 10:06 - 2019-12-07 16:41 - 000718024 _____ C:\Windows\system32\perfh005.dat
2021-06-03 10:06 - 2019-12-07 16:41 - 000145166 _____ C:\Windows\system32\perfc005.dat
2021-06-03 10:04 - 2021-01-15 12:19 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-06-03 10:02 - 2021-01-15 12:17 - 000000000 ____D C:\ProgramData\Avast Software
2021-06-03 10:02 - 2020-10-09 10:50 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-03 10:02 - 2020-10-09 10:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-06-03 09:54 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-06-03 09:48 - 2020-10-11 11:38 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\MPC-HC
2021-06-01 08:00 - 2020-10-09 11:08 - 000000000 ____D C:\Users\Lenovo
2021-05-31 12:27 - 2021-01-15 12:19 - 000522864 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-05-31 08:27 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-05-31 08:26 - 2021-01-15 12:19 - 000851144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000471352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000365536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000326976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000250336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000216360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000180944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000099296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000082856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000041296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-05-31 08:26 - 2021-01-15 12:19 - 000035664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-05-30 10:38 - 2021-01-23 13:00 - 000000000 ____D C:\Users\Lenovo\AppData\Local\CrashDumps
2021-05-30 10:38 - 2021-01-23 12:51 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\uTorrent
2021-05-25 07:48 - 2021-01-22 19:00 - 000725304 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-05-25 07:48 - 2021-01-22 19:00 - 000470328 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
2021-05-22 11:07 - 2020-10-11 11:09 - 000000000 ____D C:\Windows\Minidump
2021-05-20 20:12 - 2020-10-09 11:16 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\AIMP
2021-05-17 11:59 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-05-15 14:46 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-05-15 14:41 - 2020-10-09 10:50 - 000458488 _____ C:\Windows\system32\FNTCACHE.DAT
2021-05-15 14:40 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-05-15 14:40 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-05-15 14:40 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-05-15 14:40 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-05-15 14:40 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-05-15 14:39 - 2019-12-07 16:42 - 000000000 ____D C:\Windows\system32\OpenSSH
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\DiagTrack
2021-05-15 14:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-05-15 13:42 - 2019-12-07 16:44 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-05-15 13:37 - 2020-10-09 11:18 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-13 18:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-05-12 14:56 - 2020-10-09 12:03 - 000000000 ____D C:\Windows\system32\MRT
2021-05-12 14:46 - 2020-10-09 12:03 - 132732536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-05-11 08:31 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\tracing

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-06-2021 01
Ran by Lenovo (06-06-2021 09:17:00)
Running from C:\Users\Lenovo\Downloads
Windows 10 Home Version 2004 19041.985 (X64) (2020-10-09 08:55:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2234086909-1374755945-2232299674-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2234086909-1374755945-2232299674-503 - Limited - Disabled)
Guest (S-1-5-21-2234086909-1374755945-2232299674-501 - Limited - Disabled)
Lenovo (S-1-5-21-2234086909-1374755945-2232299674-1001 - Administrator - Enabled) => C:\Users\Lenovo
WDAGUtilityAccount (S-1-5-21-2234086909-1374755945-2232299674-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 20.02 alpha (x64) (HKLM\...\7-Zip) (Version: 20.02 alpha - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.70.2233, 08.10.2020 - AIMP DevTeam)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.4.2464 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.80 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.262.0 - Conexant Systems)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.14.0.1679 - Disc Soft Ltd)
Dashboard (HKLM-x32\...\Western Digital SSD Dashboard) (Version: 3.1.2.5 - Western Digital Corporation)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
ENE_QSI_Azeroth_HAL (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Azeroth_HAL (HKLM-x32\...\{b598bfc8-2eb9-4a18-94ae-abe59777bfc8}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5146 - Intel Corporation)
K-Lite Codec Pack 15.7.5 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.7.5 - KLCP)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
LibreOffice 7.0.2.2 (HKLM\...\{2D790347-9563-49DA-AAAD-A5D26B69C993}) (Version: 7.0.2.2 - The Document Foundation)
Lord of the Rings - Conquest Čeština (HKLM-x32\...\Lord of the Rings - Conquest Čeština 1.2.0) (Version: 1.2.0 - BonusWeb)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.41 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 89.0 (x64 cs) (HKLM\...\Mozilla Firefox 89.0 (x64 cs)) (Version: 89.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0.1 - Mozilla)
Pán Prsteňov: Bitka o Stredozem II SK (HKLM-x32\...\Pán Prsteňov: Bitka o Stredozem II SK) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
The Battle for Middle-earth (tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - )
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2234086909-1374755945-2232299674-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-31] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-31] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-31] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-01-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-31] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-01-23] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-05-31] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2234086909-1374755945-2232299674-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo\Downloads\109946568_2346219422350069_155889985520364008_o.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CA82B9F8-25BE-44BC-816D-E4DC542D0FE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D6C339AB-7D1E-4C69-8682-30626807341C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{78FC01CF-9EF6-4455-9EB7-F32B76FF8FB8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{3757693E-7095-4664-852C-70B445DC39CF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C5F469E1-696C-4A56-985A-9F4E8E059EAF}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth (tm)\game.dat () [File not signed]
FirewallRules: [{B105B649-B3B8-4266-BCD1-57191A5E7F08}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth (tm)\game.dat () [File not signed]
FirewallRules: [{1C9C71C6-9C46-4BAF-A44D-419F18F22F73}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{3BC738A4-02D0-43D3-B156-2572F118F5AD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{8FD148AD-4F7C-4CF4-8919-CE3CB09FDE24}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{896774A2-988B-47D4-8ED3-CF34E98338B7}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{914A16F9-9553-491C-8547-590668CD9F15}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat (*DEV!ANCE*) [File not signed]
FirewallRules: [{30D79E25-622B-486B-A477-4D566BB203A9}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat (*DEV!ANCE*) [File not signed]
FirewallRules: [{7A7F1180-9AAB-4DD3-81C0-FA7F7E78927A}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat (Electronic Arts Inc.) [File not signed]
FirewallRules: [{D90014AA-3CEF-4F8E-9C5D-79E5FF8A3243}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat (Electronic Arts Inc.) [File not signed]
FirewallRules: [{30A55166-F880-4A8F-970A-B01988E9D2B2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3BE70FFB-37D6-43D9-B091-57B39F32C91D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F2F0A1AB-5BC4-480F-9B2A-CE87A5CC7AB5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{298401BF-673F-402A-908B-C8097CA94272}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Restore Points =========================

15-05-2021 13:26:57 Instalační služba modulů systému Windows
25-05-2021 17:26:09 Naplánovaný kontrolní bod
03-06-2021 10:57:06 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/29/2021 07:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: uTorrent.exe, verze: 2.2.1.25110, časové razítko: 0x4d78393f
Název chybujícího modulu: GDI32.dll, verze: 10.0.19041.746, časové razítko: 0x1baae673
Kód výjimky: 0xc000041d
Posun chyby: 0x00005d67
ID chybujícího procesu: 0x1a14
Čas spuštění chybující aplikace: 0x01d754b0d86836d2
Cesta k chybující aplikaci: C:\Program Files (x86)\uTorrent\uTorrent.exe
Cesta k chybujícímu modulu: C:\Windows\System32\GDI32.dll
ID zprávy: b8f3dc7b-259c-48ab-a0ad-cd7aaecce1a2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (05/19/2021 04:27:49 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (05/19/2021 04:27:49 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/11/2021 07:03:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program svchost.exe verze 10.0.19041.546 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 9c8

Čas spuštění: 01d73e65d09d4f2d

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\System32\svchost.exe

ID hlášení: b0586945-baaf-441f-9c92-e882022ff05d

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (05/11/2021 07:02:39 PM) (Source: Wlclntfy) (EventID: 4005) (User: )
Description: Proces přihlášení do systému Windows byl neočekávaně ukončen.

Error: (04/22/2021 04:43:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/22/2021 04:43:40 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/22/2021 04:43:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.


System errors:
=============
Error: (06/06/2021 09:07:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby avast! Tools bylo dosaženo časového limitu (30000 ms).

Error: (06/05/2021 04:09:05 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CVQ9IOL)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/05/2021 04:09:05 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-CVQ9IOL)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/05/2021 10:03:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby avast! Tools bylo dosaženo časového limitu (30000 ms).

Error: (06/04/2021 06:40:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby avast! Tools bylo dosaženo časového limitu (30000 ms).

Error: (06/03/2021 10:02:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SAService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (06/03/2021 09:54:43 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Optimalizace doručení se po přijetí pokynu pro vypnutí neukončila správně.

Error: (06/03/2021 09:50:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba SAService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
================
Date: 2021-01-05 20:47:42
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ymacco.AA7C
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Lenovo\AppData\Local\Temp\Rar$EXb5976.38661\Step 3 - Setup_Install_Game.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-CVQ9IOL\Lenovo
Název procesu: C:\Users\Lenovo\Downloads\_Oceanofgames.com_Lord_of_the_Ring_Conquest\The Lord of the Rings\WinRAR.exe
Verze bezpečnostních informací: AV: 1.329.1700.0, AS: 1.329.1700.0, NIS: 1.329.1700.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-05 20:44:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ymacco.AA7C
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Lenovo\AppData\Local\Temp\7zO8163CD38\Step 3 - Setup_Install_Game.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-CVQ9IOL\Lenovo
Název procesu: C:\Program Files\7-Zip\7zFM.exe
Verze bezpečnostních informací: AV: 1.329.1700.0, AS: 1.329.1700.0, NIS: 1.329.1700.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-05 20:27:43
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ymacco.AA7C
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Lenovo\Downloads\Step 3 - Setup_Install_Game.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-CVQ9IOL\Lenovo
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.329.1700.0, AS: 1.329.1700.0, NIS: 1.329.1700.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-05 19:59:32
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ymacco.AA7C
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Lenovo\AppData\Local\Temp\Rar$EXb5136.49397\Step 3 - Setup_Install_Game.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-CVQ9IOL\Lenovo
Název procesu: C:\Program Files (x86)\WinRAR\WinRAR.exe
Verze bezpečnostních informací: AV: 1.329.1700.0, AS: 1.329.1700.0, NIS: 1.329.1700.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-05 19:52:03
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Ymacco.AA7C
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Lenovo\AppData\Local\Temp\Rar$EXb8988.094\Step 3 - Setup_Install_Game.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-CVQ9IOL\Lenovo
Název procesu: C:\Program Files (x86)\WinRAR\WinRAR.exe
Verze bezpečnostních informací: AV: 1.329.1700.0, AS: 1.329.1700.0, NIS: 1.329.1700.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2020-11-10 16:21:47
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.504.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-11-10 16:21:47
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.504.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-11-10 16:21:47
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.504.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-11-10 16:21:47
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.504.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-11-10 16:21:47
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.327.504.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17600.5
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===============
Date: 2021-06-06 09:11:23
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-06-06 09:08:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-06-06 09:07:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO A7CN40WW 07/18/2014
Motherboard: LENOVO Lancer 5A6
Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 65%
Total physical RAM: 3979.21 MB
Available physical RAM: 1371.76 MB
Total Virtual: 8075.21 MB
Available Virtual: 5336.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.96 GB) (Free:123.11 GB) NTFS

\\?\Volume{1e675e6c-5d4f-4e43-83ee-e26a19c83e25}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{c6306ec7-1824-46b3-84aa-368e5fcdfd22}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi