Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu - podezření na malware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Pover
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 29 lis 2005 22:01
Bydliště: Třebíč

Prosím o kontrolu logu - podezření na malware

#1 Příspěvek od Pover »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2023
Ran by Danka (administrator) on DESKTOP-MF7F71F (MSI MS-7846) (16-03-2023 17:55:42)
Running from C:\Users\Danka\Desktop
Loaded Profiles: Danka
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

========================================================

C:\FRST\FRST64.exe => moved successfully
C:\FRST\RSITx64.exe => moved successfully

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.43\identity_helper.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_none_7e14edbc7c88b7d5\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1899162997-3971115008-3701127281-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630536 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1899162997-3971115008-3701127281-1001\...\Run: [MicrosoftEdgeAutoLaunch_038E5604E029B0D0DEC31266BE27F897] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-15] (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6BC33D-C835-4ABD-882F-3884D5B31A0C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4205448 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {252D1EB3-D40A-4F96-B76E-B023424AB170} - System32\Tasks\Avira_FallbackUpdater => C:\Windows\system32\sc.exe start AviraFallbackUpdater Delayed=false
Task: {42ABE4D1-5613-4472-8418-F361CEA3DA94} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {5806FB76-1C95-411D-945E-D4A1936C798C} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {5806FB76-1C95-411D-945E-D4A1936C798C} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {5806FB76-1C95-411D-945E-D4A1936C798C} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {5F26729B-4091-4568-AB02-D73476488B42} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [261064 2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {60ACEC59-7090-4924-A595-A6CB5A8F6167} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1899162997-3971115008-3701127281-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4205448 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {73C8DAA9-4517-4B6A-A44B-133FD77BCCE7} - System32\Tasks\Avira_Security_Update => C:\Windows\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {7A4FFAFA-9401-473A-B73F-BCECE3BC3ED2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26294704 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {951C4DC2-06A5-4C24-83A7-84174DA9CB1C} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1773248 2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {A17C3510-BAF1-4AF9-91B0-2945B021102E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8161CDA-F315-44B5-A5C6-8DF8D19F06E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26294704 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE3379B7-FE41-4B50-A03D-E3D8399467D8} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [35437192 2023-02-09] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {FC2505CC-7864-4249-9146-6F836AFCE15C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9489ca75-661d-405e-ac48-0fb2309d52c0}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Danka\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-16]
Edge Notifications: Default -> hxxps://37yito.mictiotom.com; hxxps://cotoistionceous.com
Edge StartupUrls: Default -> "hxxp://www.seznam.cz/"
Edge Extension: (Avira Safe Shopping) - C:\Users\Danka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2022-12-18]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-12-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-12-25] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6520504 2023-02-13] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3002640 2022-09-08] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [386864 2022-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [265424 2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [295920 2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12512256 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8999232 2023-03-13] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8999232 2023-03-13] (Avira Operations GmbH -> Avira Operations GmbH)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncHelper.exe [3412400 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.043.0226.0001\OneDriveUpdaterService.exe [3795336 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2023-02-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [185704 2022-12-13] (NortonLifeLock Inc. -> BullGuard Ltd.)
R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [263000 2023-01-31] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 netprotection_network_filter; C:\Windows\System32\drivers\netprotection_network_filter.sys [112184 2022-12-15] (Avira Operations GmbH -> Avira Operations GmbH)
S0 rtp_elam; C:\Windows\System32\DRIVERS\rtp_elam.sys [28128 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
R2 rtp_filesystem_filter; C:\Windows\System32\DRIVERS\rtp_filesystem_filter.sys [226248 2023-03-08] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_process_monitor; C:\Windows\system32\DRIVERS\rtp_process_monitor.sys [229896 2023-03-08] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\Windows\system32\DRIVERS\rtp_traverse.sys [67272 2023-03-08] (Avira Operations GmbH -> Avira Operations GmbH)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49576 2023-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [473336 2023-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-16 17:55 - 2023-03-16 17:56 - 000014518 _____ C:\Users\Danka\Desktop\FRST.txt
2023-03-16 17:46 - 2023-03-15 17:17 - 002378752 _____ (Farbar) C:\Users\Danka\Desktop\FRST64.exe
2023-03-16 17:45 - 2023-03-16 17:55 - 000000000 ____D C:\FRST
2023-03-16 17:42 - 2023-03-16 17:42 - 000000000 ___HD C:\$WinREAgent
2023-03-13 19:24 - 2023-03-13 19:24 - 000000000 ____D C:\Users\Danka\AppData\Local\OneDrive
2023-03-08 19:23 - 2023-03-08 19:23 - 000003888 _____ C:\Windows\system32\Tasks\Avira_Security_Maintenance
2023-03-08 19:23 - 2023-03-08 19:23 - 000003428 _____ C:\Windows\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2023-03-08 19:23 - 2023-03-08 19:23 - 000002818 _____ C:\Windows\system32\Tasks\Avira_Security_Systray
2023-03-06 19:04 - 2023-03-06 19:04 - 001227452 _____ C:\Windows\Minidump\030623-4500-01.dmp
2023-03-06 16:16 - 2023-03-06 16:29 - 2810747515 _____ C:\Users\Danka\Downloads\Twin+Peaks+(1992)+Twin+Peaks+-+Fire+Walk+with+Me+CZdabing.mkv
2023-02-25 19:59 - 2023-02-25 20:16 - 531831650 _____ C:\Users\Danka\Downloads\Městečko Twin Peaks 02#25 by UgarE.mp4
2023-02-24 13:37 - 2023-02-24 13:37 - 000599966 _____ C:\Users\Danka\Downloads\Žádost o provedení pracovnělékařské prohlídky.pdf
2023-02-24 13:37 - 2023-02-24 13:37 - 000599966 _____ C:\Users\Danka\Downloads\Žádost o provedení pracovnělékařské prohlídky (1).pdf
2023-02-24 13:36 - 2023-02-24 13:36 - 000146924 _____ C:\Users\Danka\Downloads\priloha_anonymized (1).pdf
2023-02-24 13:35 - 2023-02-24 13:35 - 000146924 _____ C:\Users\Danka\Downloads\priloha_anonymized.pdf
2023-02-19 17:08 - 2023-02-19 17:10 - 378977220 _____ C:\Users\Danka\Downloads\f29f0243e5eb86386b4e.mp4
2023-02-19 15:36 - 2023-02-19 16:05 - 538459332 _____ C:\Users\Danka\Downloads\Městečko Twin Peaks 02#13 by_UgarE.mp4
2023-02-18 16:38 - 2023-03-16 17:54 - 001462136 _____ C:\Windows\system32\rtp.db
2023-02-17 17:24 - 2023-02-18 16:38 - 000014256 _____ C:\Windows\system32\.tmp
2023-02-14 18:09 - 2023-02-14 18:10 - 001171303 _____ C:\Users\Danka\Downloads\eTicket_4850200.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-16 17:56 - 2022-12-18 12:14 - 000003702 _____ C:\Windows\system32\Tasks\Avira_FallbackUpdater
2023-03-16 17:55 - 2022-12-18 12:02 - 000000000 ____D C:\ProgramData\NVIDIA
2023-03-16 17:55 - 2022-12-18 11:50 - 000008192 ___SH C:\DumpStack.log.tmp
2023-03-16 17:55 - 2022-12-18 11:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-03-16 17:55 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-03-16 17:54 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-03-16 17:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-03-16 17:54 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-03-16 17:44 - 2022-12-18 14:57 - 000004212 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{7A792003-A558-4C91-A2A5-DE1F1B59BC4C}
2023-03-16 17:43 - 2022-12-18 12:15 - 000000000 ____D C:\Users\Danka\AppData\Local\D3DSCache
2023-03-16 17:42 - 2023-01-16 16:43 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-03-16 17:42 - 2022-12-18 11:50 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-13 19:28 - 2022-12-25 10:25 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-03-13 18:21 - 2022-12-25 09:49 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-03-13 18:21 - 2022-12-25 09:48 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-13 18:21 - 2022-12-18 12:07 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1899162997-3971115008-3701127281-1001
2023-03-11 19:19 - 2022-12-18 11:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-03-11 09:41 - 2022-12-25 09:45 - 000000000 ____D C:\Program Files\Microsoft Office
2023-03-08 19:23 - 2022-12-18 12:13 - 000003474 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2023-03-08 19:23 - 2022-12-18 12:13 - 000001078 _____ C:\Users\Public\Desktop\Avira.lnk
2023-03-08 19:23 - 2022-12-18 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2023-03-08 19:14 - 2022-12-18 12:15 - 000229896 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_process_monitor.sys
2023-03-08 19:14 - 2022-12-18 12:15 - 000226248 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_filesystem_filter.sys
2023-03-08 19:14 - 2022-12-18 12:15 - 000067272 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_traverse.sys
2023-03-06 20:01 - 2022-12-18 12:02 - 000000000 ____D C:\Users\Danka
2023-03-06 19:06 - 2022-12-18 11:50 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-03-06 19:04 - 2023-01-07 20:59 - 880755038 _____ C:\Windows\MEMORY.DMP
2023-03-06 19:04 - 2023-01-07 20:59 - 000000000 ____D C:\Windows\Minidump
2023-03-03 10:17 - 2022-12-18 11:50 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-03-03 10:17 - 2022-12-18 11:50 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-01 18:56 - 2022-12-25 09:26 - 000000000 ____D C:\Users\Public\Security Sessions
2023-02-18 16:42 - 2022-12-18 12:01 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-18 16:42 - 2019-12-07 15:43 - 000682184 _____ C:\Windows\system32\perfh005.dat
2023-02-18 16:42 - 2019-12-07 15:43 - 000137000 _____ C:\Windows\system32\perfc005.dat
2023-02-18 16:42 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-02-18 16:38 - 2022-12-18 11:50 - 000439928 _____ C:\Windows\system32\FNTCACHE.DAT
2023-02-18 16:37 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2023-02-18 13:22 - 2022-12-18 12:55 - 000000000 ____D C:\Users\Danka\AppData\Local\CrashDumps
2023-02-18 13:03 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-02-18 13:00 - 2022-12-18 11:55 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-02-18 12:54 - 2022-12-20 18:03 - 000000000 ____D C:\Windows\system32\MRT
2023-02-18 12:52 - 2022-12-20 18:03 - 149955784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-02-16 18:52 - 2022-12-18 12:06 - 000000000 ___RD C:\Users\Danka\OneDrive
2023-02-15 19:48 - 2022-12-18 12:15 - 000028128 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_elam.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2023
Ran by Danka (16-03-2023 17:57:47)
Running from C:\Users\Danka\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) (2022-12-18 10:54:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1899162997-3971115008-3701127281-500 - Administrator - Disabled)
Danka (S-1-5-21-1899162997-3971115008-3701127281-1001 - Administrator - Enabled) => C:\Users\Danka
DefaultAccount (S-1-5-21-1899162997-3971115008-3701127281-503 - Limited - Disabled)
Guest (S-1-5-21-1899162997-3971115008-3701127281-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1899162997-3971115008-3701127281-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Security (Enabled - Up to date) {2AF5B707-827E-6586-3C2C-03228A21FF9A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Avira Security (Enabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
FW: Avira Security (Enabled) {12CE3622-C811-64DE-1773-AA1774F2B8E1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version: - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.41.1.25731 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.84.8 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.24.0.14 - Avira Operations GmbH) Hidden
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2212.305 - Avira Operations GmbH & Co. KG) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.69 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - cs-cz (HKLM\...\ProPlus2021Retail - cs-cz) (Version: 16.0.16130.20218 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.043.0226.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1899162997-3971115008-3701127281-1001\...\Teams) (Version: 1.5.00.33362 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
NVIDIA Ovladače grafiky 516.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.94 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation)

Packages:
=========
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.47.3.0_x64__6rarf9sa4v8jt [2023-03-03] (Disney)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-11] (NVIDIA Corp.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-20] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0 [2023-03-03] (Spotify AB) [Startup Task]
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-24] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-24] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1899162997-3971115008-3701127281-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Danka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\nvshext.dll [2022-08-23] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1899162997-3971115008-3701127281-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Danka\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\vlk.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6411210B-B8B9-4765-91FF-BED95D90464D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CFE7850D-216E-4922-B7ED-173ADC046770}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A48F6E23-BA78-4C06-A17C-630A832646F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{33CD196F-9CA8-4D6C-8BEF-A942FD8D501D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4ACB4B89-9183-482B-878B-59D8DA5B801D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1A1DA995-AE25-4C25-89CD-6C0B101EFD28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{812AB971-FD1F-473B-8DA0-7665C541F57A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F960172B-612A-4F5A-A439-2846ADCB9540}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F3BCBECB-DB7B-4530-84C1-B0AA18C71D70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{19E2C7CC-1650-430E-81C3-B5CFAEAB84C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{676B6754-7D53-47CA-A8AE-338C7DB6F14D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{06662923-0140-4572-A417-FE4EFA206568}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{31057815-4574-412E-B69F-C8F492BBB7B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39E007E8-4335-44AF-B8B2-50783770DD5A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.61 GB) (Free:33.19 GB) (28%)

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/16/2023 05:55:25 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (03/16/2023 05:46:50 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\system32\sysmain.dll (kód chyby Win32 126).

Error: (03/13/2023 07:29:07 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (03/13/2023 07:20:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/13/2023 07:19:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/08/2023 07:14:42 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (03/08/2023 07:13:41 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\system32\sysmain.dll (kód chyby Win32 126).

Error: (03/06/2023 05:48:33 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (03/16/2023 05:54:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MF7F71F)
Description: Server {628ACE20-B77A-456F-A88D-547DB6CEEDD5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/06/2023 07:04:29 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x00000119 (0x0000000000000001, 0x0000000000239c79, 0x0000000000239c98, 0xffffdc8c84ef5000). Výpis byl uložen do: C:\Windows\MEMORY.DMP. ID hlášení: 74d0a709-d173-46c4-91c5-28a106909100

Error: (03/06/2023 07:04:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (17:47:49, ‎06.‎03.‎2023) bylo neočekávané.

Error: (03/05/2023 08:43:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.383.1046.0).

Error: (03/05/2023 08:43:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): Aktualizace antimalwarové platformy programu Microsoft Defender Antivirus – KB4052623 (verze 4.18.2301.6).

Error: (03/05/2023 08:41:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (17:17:09, ‎04.‎03.‎2023) bylo neočekávané.

Error: (03/03/2023 11:41:29 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: NT AUTHORITY)
Description: Došlo k závažné chybě hardwaru. Záznam chyby s popisem stavu je obsažen v datové části této události.

Error: (02/28/2023 05:52:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.


CodeIntegrity:
===============
Date: 2023-03-16 17:57:02
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V20.0 04/18/2014
Motherboard: MSI H97M-E35 (MS-7846)
Processor: Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 34%
Total physical RAM: 8124 MB
Available physical RAM: 5322.65 MB
Total Virtual: 9404 MB
Available Virtual: 6206.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.61 GB) (Free:33.18 GB) (Model: Verbatim Vi550 S3) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.29 GB) (Model: WDC WD10EZEX-00BN5A0) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:930.73 GB) (Free:812.54 GB) (Model: WDC WD10EZEX-00BN5A0) NTFS
Drive g: (USB) (Removable) (Total:7.21 GB) (Free:0.74 GB) NTFS

\\?\Volume{dc7d06f0-2829-4194-a8f7-fcb6fd9b16d4}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{ab7a10c5-bc29-43f4-85c9-511b7409fbb3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F13CC7E1)
Partition 1: (Active) - (Size=352 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 7.2 GB) (Disk ID: 0E83B442)
Partition 1: (Active) - (Size=7.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu - podezření na malware

#2 Příspěvek od Rudy »

Zdravím!

Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Pover
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 29 lis 2005 22:01
Bydliště: Třebíč

Re: Prosím o kontrolu logu - podezření na malware

#3 Příspěvek od Pover »

Bez nálezu

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-16-2023
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.2604)
# Scanned: 32067
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu - podezření na malware

#4 Příspěvek od Rudy »

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcweesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět