VIRY.CZ

dobrý večer prosím o kontrolu počítače vyskakující okna nechtěne posílám frst logAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2021
Ran by pc (29-11-2021 20:23:02)
Running from C:\Users\pc\Desktop
Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) (2021-01-16 13:52:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-591005949-3795881383-2982760695-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-591005949-3795881383-2982760695-503 - Limited - Disabled)
Guest (S-1-5-21-591005949-3795881383-2982760695-501 - Limited - Disabled)
pc (S-1-5-21-591005949-3795881383-2982760695-1001 - Administrator - Enabled) => C:\Users\pc
WDAGUtilityAccount (S-1-5-21-591005949-3795881383-2982760695-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2111.2126 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.7.25887 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.58.25058 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.13.0.11216 - Avira Operations GmbH & Co. KG) Hidden
Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
Batman Arkham Origins version 1.0.0.0 (HKLM-x32\...\Batman Arkham Origins_is1) (Version: 1.0.0.0 - Mr DJ)
BIOMUTANT (HKLM-x32\...\BIOMUTANT_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: 2.2.0.0205 - Foxit Software)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 53.0.8.0 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Hellbound (HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Hellbound) (Version: - HOODLUM)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{BCDD692B-172D-440A-9A1B-501C71D72CC8}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 94.0.2 (x64 cs)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 76.0 - Mozilla)
NVIDIA Ovladač HD audia 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Prince of Persia - The Two Thrones (HKLM-x32\...\1207659091_is1) (Version: 1.1 v2 - GOG.com)
Rayman Legends (HKLM-x32\...\UmF5bWFuTGVnZW5kcw==_is1) (Version: 1 - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skully (HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Skully) (Version: - HOODLUM)
The Saboteur (HKLM-x32\...\1403000599_is1) (Version: 2.1.0.4 - GOG.com)
The Saboteur Čeština (HKLM-x32\...\The Saboteur Čeština 1.2.0) (Version: 1.2.0 - BonusWeb)
Tomb Raider - The Angel of Darkness (HKLM-x32\...\1207659089_is1) (Version: 20171016 - GOG.com)
Tony Vočko a případ růžového tapíra (HKLM-x32\...\{EC27DF14-030F-4BF2-B323-723FF7F0D4AB}_is1) (Version: 1.0 - RelikZ)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 126.1.10597 - Ubisoft)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Unlocker (HKLM-x32\...\{5577A25D-E4FE-4BFB-A660-E0D766BC4EDD}) (Version: 1.9.2 - ajua Custom Installers)
Vampirem (HKLM-x32\...\Vampirem_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version: - )

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.3.262.0_x64__v10z8vjag6ke6 [2021-11-19] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\WINDOWS\system32\ff_vfw.dll [127488 2013-08-14] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2013-08-14] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-11-29 19:05 - 2021-11-29 19:05 - 000114176 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_ctypes.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000172544 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_elementtree.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 002255872 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_hashlib.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000032256 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_multiprocessing.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000046080 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_psutil_windows.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000047616 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_socket.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 002825216 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_ssl.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000026112 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_yappi.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000080896 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\bz2.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000015872 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\common.time34.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000007680 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\hashobjs_ext.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000301568 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\PIL._imaging.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000168448 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\pyexpat.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001084416 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\pysqlite2._sqlite.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000548864 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\pythoncom27.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000137728 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\pywintypes27.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000010752 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\select.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000020992 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\thumbnails_ext.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000689664 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\unicodedata.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000119808 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\usb_ext.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000128512 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32api.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000438784 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32com.shell.shell.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000011776 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32crypt.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000023040 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32event.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000149504 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32file.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000223232 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32gui.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000048128 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32inet.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000029696 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32pdh.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000027648 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32pipe.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000044032 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32process.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000020480 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32profile.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000136192 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32security.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000026624 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32ts.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000034304 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.conditional.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000037888 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.connectivity.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000071680 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.device_monitor.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000103936 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.volumes.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000019968 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.winwrap.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001325056 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._controls_.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001489408 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._core_.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001007104 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._gdi_.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000103424 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._html2.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000916992 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._misc_.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001039872 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._windows_.pyd
2009-11-17 21:58 - 2009-11-17 21:58 - 000342656 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2009-11-17 21:58 - 2009-11-17 21:58 - 000559232 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2011-04-29 10:34 - 2011-04-29 10:34 - 000934400 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2011-04-29 10:34 - 2011-04-29 10:34 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2011-04-29 18:08 - 2011-04-29 18:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000054784 _____ (Hewlett-Packard) [File not signed] C:\WINDOWS\SYSTEM32\hpzipr12.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\python27.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxbase30u_net_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxbase30u_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxmsw30u_adv_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxmsw30u_core_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxmsw30u_html_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-05-07 17:01 - 2021-05-24 20:18 - 000002480 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site

2020-07-18 07:47 - 2020-07-18 07:47 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-591005949-3795881383-2982760695-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\luis royo wallpaper 9.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{658F35B1-839A-49DE-8AC3-A19E394A9205}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{DB249C55-CD66-46C6-AF15-111ED2CB68BE}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{8400D88A-CC4A-4489-8445-53C4AAF9BB0C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FC73ADF5-7360-4EA6-A38D-C712B6B1E2DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{463C951F-D8EC-49CD-8817-B9C245007F5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4F23A84-2D83-47A3-BB27-A3F1BF10F42E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2084A04-C463-40F0-8A4B-AD2115AA69D1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63B878E9-043A-4C32-AE45-20AC85F133F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F9841C4F-1715-466C-B820-6DB61F024157}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
FirewallRules: [{63D5F674-0F91-4CF0-9742-90FE28320534}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
FirewallRules: [TCP Query User{B37CD51F-3EFE-42CF-A741-976412DC326D}C:\program files (x86)\rayman legends\rayman legends.exe] => (Block) C:\program files (x86)\rayman legends\rayman legends.exe (Ubisoft Chengdu Co., Ltd. -> )
FirewallRules: [UDP Query User{DABCFF11-4FB7-470F-BD2E-D74CC80D740E}C:\program files (x86)\rayman legends\rayman legends.exe] => (Block) C:\program files (x86)\rayman legends\rayman legends.exe (Ubisoft Chengdu Co., Ltd. -> )
FirewallRules: [{9635D2FE-9ECF-4786-A61E-F05F28BCFB1A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{13F23B79-56BB-4704-AB15-98F5DF9DD240}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0160A890-7392-4298-9E49-43CC5F45A75B}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{88BECD09-4095-4B69-8C9B-003875D51DC5}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{5172A3AB-C121-46DD-9737-47012E449026}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

26-11-2021 14:49:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: PC Camera
Description: PC Camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/29/2021 06:52:55 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (11/28/2021 01:31:53 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (11/26/2021 09:56:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/26/2021 09:56:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/26/2021 09:35:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/26/2021 02:36:08 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (11/23/2021 10:09:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: firefox.exe, verze: 94.0.2.7993, časové razítko: 0x6197bf0a
Název chybujícího modulu: firefox.exe, verze: 94.0.2.7993, časové razítko: 0x6197bf0a
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003a2c0
ID chybujícího procesu: 0x1c3c
Čas spuštění chybující aplikace: 0x01d7e0ae74fd3428
Cesta k chybující aplikaci: C:\Program Files\Mozilla Firefox\firefox.exe
Cesta k chybujícímu modulu: C:\Program Files\Mozilla Firefox\firefox.exe
ID zprávy: bcdb92e6-28cb-4bdc-aa23-022554f68a0f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/23/2021 10:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: firefox.exe, verze: 94.0.2.7993, časové razítko: 0x6197bf0a
Název chybujícího modulu: firefox.exe, verze: 94.0.2.7993, časové razítko: 0x6197bf0a
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003a2c0
ID chybujícího procesu: 0x1ed4
Čas spuštění chybující aplikace: 0x01d7e0ae6f8d91c4
Cesta k chybující aplikaci: C:\Program Files\Mozilla Firefox\firefox.exe
Cesta k chybujícímu modulu: C:\Program Files\Mozilla Firefox\firefox.exe
ID zprávy: 8c0e3326-9be2-4c59-9529-9e5f9dbadbf3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (11/29/2021 06:08:28 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/29/2021 01:56:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/28/2021 06:17:59 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/28/2021 02:31:40 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/26/2021 11:59:09 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/24/2021 07:08:21 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (11/24/2021 07:03:41 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/24/2021 06:41:51 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.


Windows Defender:
================
Date: 2021-02-02 16:35:04
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A3964236-309C-48F8-A8F5-541A79E6CEC3}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-02 16:24:54
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {990F0FA3-4E9D-45FA-9DD2-677A669554CE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-02 16:14:16
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/GameHack
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe; file:_C:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe; file:_D:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-BUIQGPN\pc
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.331.33.0, AS: 1.331.33.0, NIS: 1.331.33.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-02 16:13:59
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {021DB1EC-4EE5-4E5A-A12E-3D17722759E1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-02 15:49:34
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/GameHack
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe; file:_D:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-BUIQGPN\pc
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.331.33.0, AS: 1.331.33.0, NIS: 1.331.33.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

CodeIntegrity:
===============
Date: 2021-10-01 17:10:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Intel Corp. BLH6710H.86A.0119.2011.0523.1030 05/23/2011
Motherboard: Intel Corporation DH67CL
Processor: Intel(R) Pentium(R) CPU G860 @ 3.00GHz
Percentage of memory in use: 66%
Total physical RAM: 8169.45 MB
Available physical RAM: 2744.11 MB
Total Virtual: 9961.45 MB
Available Virtual: 1437.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:291.92 GB) (Free:25.26 GB) NTFS
Drive d: () (Fixed) (Total:172.79 GB) (Free:93.64 GB) NTFS

\\?\Volume{81168116-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{81168116-0000-0000-0000-801d49000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 81168116)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=291.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=520 MB) - (Type=27)
Partition 4: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-07-2021
# Duration: 00:00:10
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1249 octets] - [06/04/2019 22:39:54]
AdwCleaner[S01].txt - [1310 octets] - [21/03/2021 20:02:09]
AdwCleaner[C01].txt - [1496 octets] - [21/03/2021 20:03:04]
AdwCleaner[S02].txt - [1432 octets] - [20/05/2021 06:41:07]
AdwCleaner[C02].txt - [1618 octets] - [20/05/2021 06:41:50]
AdwCleaner[S03].txt - [1820 octets] - [25/05/2021 12:13:26]
AdwCleaner[C03].txt - [1972 octets] - [25/05/2021 12:13:59]
AdwCleaner[S04].txt - [1832 octets] - [26/05/2021 21:27:33]
AdwCleaner[C04].txt - [2022 octets] - [26/05/2021 21:27:49]
AdwCleaner[S05].txt - [1954 octets] - [27/05/2021 05:59:34]
AdwCleaner[C05].txt - [2144 octets] - [27/05/2021 05:59:55]
AdwCleaner[S06].txt - [1920 octets] - [02/09/2021 20:21:57]
AdwCleaner[C06].txt - [2106 octets] - [02/09/2021 20:22:30]
AdwCleaner[S07].txt - [2198 octets] - [07/12/2021 20:56:43]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C07].txt ##########

Toto je OK. Přidejte ještě obsah souboru frst.txt (je na ploše) a pak dočistíme od zbytečností.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2021
Ran by pc (administrator) on DESKTOP-BUIQGPN (29-11-2021 20:16:48)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc
Platform: Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG -> Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\53.0.8.0\crashpad_handler.exe <2>
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe <7>
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett Packard -> Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2111.1001.3.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2111.1001.3.0_x64__8wekyb3d8bbwe\XboxPcApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.11001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.11001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [269cb9d1f0c741c63247e1d77e6f3f30] => C:\WINDOWS\system32\.. [0 2021-11-23] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49952424 2021-10-19] (Google LLC -> )
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [] => [X]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpfpp70v: C:\Windows\System32\spool\prtprocs\x64\hpfpp70v.dll [248320 2009-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\hpf3l70v.dll: C:\WINDOWS\system32\hpf3l70v.dll [136704 2009-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-16] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2020-05-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-29] () [File not signed] <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {020B8D4F-ED6C-48BF-A706-92C3EDA12CEA} - System32\Tasks\ebtools => C:\Program Files (x86)\EUROBYTE TOOLS\vp4.exe [302976 2021-03-01] (EUROBYTE SOFTWARE s.r.o. -> OEM)
Task: {0FABBC8C-8AEF-48D8-8871-753D43761435} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29851288 2021-10-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {281E568C-0480-4449-8924-7237C56CD085} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {6FAE0226-890D-4314-BCB9-D455DB44FEDD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {8D68F718-A2F0-4B69-8CCF-DA61A8732A0A} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {B801D9EA-FFD7-4934-9D43-47B421E171A2} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1673272 2021-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {BEFD7BD7-FD32-4988-961B-945621A32EA3} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [237952 2021-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
Task: {E3A062A3-6759-4C8E-9778-34FD8FCAB1D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EC10146E-D00E-4384-8E9F-84ED36D86EF5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {F6BB5510-A28C-4034-AF85-DF98D6A003BB} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2648424 2021-11-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {F9F0FA52-F2E7-4497-9B0A-CAA949D11636} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {FB9D81C3-BBB1-4011-A130-2DFBD1AF8465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{56e852ca-19c1-4a7c-8ee5-466a0ea91c03}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\pc\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-14]

FireFox:
========
FF DefaultProfile: dc063tec.default
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\dc063tec.default [2021-06-02]
FF Extension: (Avira Password Manager) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\dc063tec.default\Extensions\passwordmanager@avira.com [2020-05-08]
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315 [2021-11-29]
FF Extension: (Blokátor reklam AdGuard) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\Extensions\adguardadblocker@adguard.com.xpi [2021-08-26]
FF Extension: (To Google Translate) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2021-06-22]
FF Extension: (Linkificator) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\Extensions\linkificator@markapola.xpi [2021-03-22]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2021-08-25]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-07-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-25]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-25]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\pc\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2021-07-19]
CHR HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

Opera:
=======
OPR Profile: C:\Users\pc\AppData\Roaming\Opera Software\Opera Stable [2021-06-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206648 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [538000 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485048 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485048 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574672 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989160 2021-08-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384480 2021-08-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [272448 2021-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [275088 2021-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [25720 2020-08-18] (Avira Operations GmbH & Co. KG -> Olof Lagerkvist)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2021-02-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22848 2021-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [209088 2021-11-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2021-02-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2021-02-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2021-02-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [95376 2020-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Olof Lagerkvist)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-01-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-01-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-29 20:16 - 2021-11-29 20:18 - 000019820 _____ C:\Users\pc\Desktop\FRST.txt
2021-11-29 20:16 - 2021-11-29 20:16 - 000000000 ____D C:\Users\pc\Downloads\FRST-OlderVersion
2021-11-29 20:16 - 2021-11-29 20:16 - 000000000 ____D C:\Users\pc\Desktop\FRST-OlderVersion
2021-11-29 19:07 - 2021-11-29 19:14 - 1386656960 _____ C:\Users\pc\Downloads\Snoubenec.nebo.milenec.Hab.2020.480p.webrip.cz.dabing.5.1.avi
2021-11-27 14:30 - 2021-11-27 14:46 - 1993558390 _____ C:\Users\pc\Downloads\Venom.2.Carnage.prichazi.Venom.Let.There.Be.Carnage.2021.1080p.WEBRip.x264.CZ.titulky.mkv
2021-11-24 16:23 - 2021-11-24 17:45 - 3547685207 _____ C:\Users\pc\Downloads\Chlapec kteremu ríkaji Vanoce - A.Boy.Called.Christmas.2021.1080p.WEBRip.CZ.dabing.5.1.mkv
2021-11-22 21:21 - 2021-11-22 22:24 - 1338967089 _____ C:\Users\pc\Downloads\Kovboj.Bebop-Lovec.odmen.S01E06.1080p.WEBRip.CS.dabing.5.1(1).mkv
2021-11-14 18:46 - 2021-11-14 18:46 - 000000000 ____D C:\Users\pc\Downloads\The_Saboteur_CZ(1)
2021-11-14 10:42 - 2021-11-14 10:42 - 001765698 _____ C:\Users\pc\Downloads\94706a4de4efbf85c040d142d6a5b21c6190d48fc95a88.47700651.png.pdf
2021-11-12 16:38 - 2021-11-12 16:38 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-12 16:37 - 2021-11-12 16:37 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-12 16:37 - 2021-11-12 16:37 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-12 16:36 - 2021-11-12 16:36 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-12 15:50 - 2021-11-12 15:50 - 000000000 ___HD C:\$WinREAgent
2021-11-04 19:08 - 2021-11-04 19:08 - 000000000 ____D C:\Users\pc\AppData\Roaming\The Saboteur Čeština
2021-11-04 19:08 - 2021-11-04 19:08 - 000000000 ____D C:\ProgramData\Caphyon
2021-11-04 19:08 - 2021-11-04 19:08 - 000000000 ____D C:\Program Files\Electronic Arts
2021-11-04 19:07 - 2021-11-04 19:07 - 000000000 ____D C:\Users\pc\AppData\Roaming\BonusWeb
2021-11-04 19:06 - 2021-11-04 19:06 - 000000000 ____D C:\Users\pc\Downloads\The Saboteur Čeština
2021-11-03 19:16 - 2021-11-03 19:16 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2021-11-03 19:16 - 2021-11-03 19:16 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2021-11-03 19:16 - 2021-11-03 19:16 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2021-11-03 19:16 - 2021-11-03 19:16 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2021-11-03 19:16 - 2021-11-03 19:16 - 000000000 ____D C:\Program Files (x86)\OpenAL
2021-11-03 18:20 - 2021-11-03 18:20 - 000001708 _____ C:\Users\Public\Desktop\Tomb Raider - The Angel of Darkness.lnk
2021-11-03 18:20 - 2021-11-03 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tomb Raider - The Angel of Darkness [GOG.com]
2021-11-03 18:15 - 2021-11-03 18:15 - 000000000 ____D C:\Users\pc\Downloads\Tomb.Raider.The.Angel.of.Darkness
2021-11-03 17:24 - 2021-11-03 17:24 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-03 17:24 - 2021-11-03 17:24 - 000000000 ____D C:\Program Files\PCHealthCheck

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-29 20:19 - 2020-05-08 02:15 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-29 20:18 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-29 20:17 - 2021-05-28 15:45 - 000000000 ____D C:\FRST
2021-11-29 20:16 - 2021-05-28 15:45 - 002311680 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2021-11-29 20:16 - 2021-05-28 15:44 - 002311680 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2021-11-29 19:07 - 2020-05-07 17:07 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-29 19:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-29 19:06 - 2018-07-05 12:19 - 000000000 ____D C:\Users\pc\AppData\LocalLow\Mozilla
2021-11-29 18:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-29 18:57 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-29 18:53 - 2020-05-08 02:15 - 000000000 ____D C:\Program Files\CCleaner
2021-11-29 18:51 - 2021-10-11 13:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-29 18:51 - 2021-01-16 14:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-29 18:51 - 2021-01-16 14:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-29 18:51 - 2020-05-07 17:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-29 18:51 - 2020-05-07 16:27 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-29 18:50 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-29 18:42 - 2021-01-16 14:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-24 21:24 - 2021-01-16 14:33 - 000000000 ____D C:\Users\pc
2021-11-24 16:17 - 2020-06-06 16:49 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-24 16:17 - 2020-06-06 16:49 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-23 22:26 - 2021-01-27 19:37 - 000000000 ____D C:\Users\pc\AppData\Local\ElevatedDiagnostics
2021-11-23 22:25 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-23 22:09 - 2021-10-13 22:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-23 22:09 - 2020-05-07 17:07 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-22 21:09 - 2021-01-16 14:43 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-22 21:09 - 2019-12-07 15:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-11-22 21:09 - 2019-12-07 15:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-11-22 18:27 - 2021-10-01 16:25 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-11-22 18:27 - 2021-10-01 16:25 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-11-22 18:27 - 2021-10-01 16:25 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-11-22 18:27 - 2021-10-01 16:25 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-11-21 14:17 - 2020-05-07 17:01 - 000000000 ____D C:\ProgramData\Packages
2021-11-20 08:54 - 2021-01-16 14:51 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-11-19 06:48 - 2021-04-16 21:41 - 000001078 _____ C:\Users\Public\Desktop\Avira.lnk
2021-11-19 06:48 - 2021-04-16 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-11-19 06:48 - 2021-02-02 19:05 - 000003644 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2021-11-19 06:45 - 2021-05-29 19:15 - 002224592 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000332224 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000197048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000061904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-11-17 14:50 - 2021-01-21 21:17 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6ec0cff30e22e
2021-11-17 14:50 - 2021-01-16 14:51 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-16 21:37 - 2020-05-08 02:08 - 000000000 ____D C:\Users\pc\AppData\Roaming\vlc
2021-11-16 21:31 - 2020-05-08 02:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-16 21:31 - 2020-05-08 02:15 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-12 20:16 - 2021-01-16 14:26 - 000266504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-12 20:12 - 2019-12-07 15:47 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-11-12 20:12 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-12 20:12 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-12 16:47 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-12 15:45 - 2020-05-07 20:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-12 15:40 - 2020-05-07 20:09 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-03 19:22 - 2020-05-08 02:17 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-03 19:16 - 2021-02-02 22:44 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-11-03 19:14 - 2020-06-26 15:09 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2021-11-03 18:23 - 2021-01-16 09:49 - 000000000 ____D C:\Users\pc\AppData\Local\D3DSCache
2021-11-03 18:19 - 2021-10-12 16:09 - 000000000 ____D C:\GOG Games
2021-11-01 20:35 - 2021-02-02 18:22 - 000209088 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

==================== Files in the root of some directories ========

2021-05-16 20:27 - 2021-05-17 17:31 - 000012288 _____ () C:\Users\pc\AppData\Roaming\emp.bin

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-29] () [File not signed] <==== ATTENTION
Task: {FB9D81C3-BBB1-4011-A130-2DFBD1AF8465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
Task: {BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\Users\pc\AppData\Local\Temp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
FirewallRules: [{F9841C4F-1715-466C-B820-6DB61F024157}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
FirewallRules: [{63D5F674-0F91-4CF0-9742-90FE28320534}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
C:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by pc (15-12-2021 22:38:30) Run:2
Running from C:\Users\pc\Desktop
Loaded Profiles: pc
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-29] () [File not signed] <==== ATTENTION
Task: {FB9D81C3-BBB1-4011-A130-2DFBD1AF8465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
Task: {BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\Users\pc\AppData\Local\Temp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
FirewallRules: [{F9841C4F-1715-466C-B820-6DB61F024157}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
FirewallRules: [{63D5F674-0F91-4CF0-9742-90FE28320534}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
C:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-591005949-3795881383-2982760695-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB9D81C3-BBB1-4011-A130-2DFBD1AF8465}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB9D81C3-BBB1-4011-A130-2DFBD1AF8465}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\Users\pc\AppData\Local\Temp => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9841C4F-1715-466C-B820-6DB61F024157}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63D5F674-0F91-4CF0-9742-90FE28320534}" => removed successfully
"C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe" => not found
"C:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe" => not found
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92513418 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 147456 B
Firefox => 1159682521 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 39822 B
NetworkService => 39822 B
pc => 5290698 B

RecycleBin => 1437375643 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-12-2021 20:59:07)

C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 20:59:08 ====

Smazáno. Nastala nějaká změna?

děkuji vše se zdá být v pořádku

To jsem rád a nemáte zač!