VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2023
Ran by Danka (administrator) on DESKTOP-MF7F71F (MSI MS-7846) (16-03-2023 17:55:42)
Running from C:\Users\Danka\Desktop
Loaded Profiles: Danka
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

========================================================

C:\FRST\FRST64.exe => moved successfully
C:\FRST\RSITx64.exe => moved successfully

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.43\identity_helper.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_none_7e14edbc7c88b7d5\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1899162997-3971115008-3701127281-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2630536 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1899162997-3971115008-3701127281-1001\...\Run: [MicrosoftEdgeAutoLaunch_038E5604E029B0D0DEC31266BE27F897] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-15] (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A6BC33D-C835-4ABD-882F-3884D5B31A0C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4205448 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {252D1EB3-D40A-4F96-B76E-B023424AB170} - System32\Tasks\Avira_FallbackUpdater => C:\Windows\system32\sc.exe start AviraFallbackUpdater Delayed=false
Task: {42ABE4D1-5613-4472-8418-F361CEA3DA94} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {5806FB76-1C95-411D-945E-D4A1936C798C} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {5806FB76-1C95-411D-945E-D4A1936C798C} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {5806FB76-1C95-411D-945E-D4A1936C798C} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {5F26729B-4091-4568-AB02-D73476488B42} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [261064 2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {60ACEC59-7090-4924-A595-A6CB5A8F6167} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1899162997-3971115008-3701127281-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4205448 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {73C8DAA9-4517-4B6A-A44B-133FD77BCCE7} - System32\Tasks\Avira_Security_Update => C:\Windows\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {7A4FFAFA-9401-473A-B73F-BCECE3BC3ED2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26294704 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {951C4DC2-06A5-4C24-83A7-84174DA9CB1C} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1773248 2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {A17C3510-BAF1-4AF9-91B0-2945B021102E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8161CDA-F315-44B5-A5C6-8DF8D19F06E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26294704 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE3379B7-FE41-4B50-A03D-E3D8399467D8} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [35437192 2023-02-09] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {FC2505CC-7864-4249-9146-6F836AFCE15C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144280 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9489ca75-661d-405e-ac48-0fb2309d52c0}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Danka\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-16]
Edge Notifications: Default -> hxxps://37yito.mictiotom.com; hxxps://cotoistionceous.com
Edge StartupUrls: Default -> "hxxp://www.seznam.cz/"
Edge Extension: (Avira Safe Shopping) - C:\Users\Danka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2022-12-18]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-12-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-12-25] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6520504 2023-02-13] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3002640 2022-09-08] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [386864 2022-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [265424 2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [295920 2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12512256 2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8999232 2023-03-13] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8999232 2023-03-13] (Avira Operations GmbH -> Avira Operations GmbH)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncHelper.exe [3412400 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.043.0226.0001\OneDriveUpdaterService.exe [3795336 2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2023-02-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [185704 2022-12-13] (NortonLifeLock Inc. -> BullGuard Ltd.)
R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [263000 2023-01-31] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 netprotection_network_filter; C:\Windows\System32\drivers\netprotection_network_filter.sys [112184 2022-12-15] (Avira Operations GmbH -> Avira Operations GmbH)
S0 rtp_elam; C:\Windows\System32\DRIVERS\rtp_elam.sys [28128 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
R2 rtp_filesystem_filter; C:\Windows\System32\DRIVERS\rtp_filesystem_filter.sys [226248 2023-03-08] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_process_monitor; C:\Windows\system32\DRIVERS\rtp_process_monitor.sys [229896 2023-03-08] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\Windows\system32\DRIVERS\rtp_traverse.sys [67272 2023-03-08] (Avira Operations GmbH -> Avira Operations GmbH)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49576 2023-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [473336 2023-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-16 17:55 - 2023-03-16 17:56 - 000014518 _____ C:\Users\Danka\Desktop\FRST.txt
2023-03-16 17:46 - 2023-03-15 17:17 - 002378752 _____ (Farbar) C:\Users\Danka\Desktop\FRST64.exe
2023-03-16 17:45 - 2023-03-16 17:55 - 000000000 ____D C:\FRST
2023-03-16 17:42 - 2023-03-16 17:42 - 000000000 ___HD C:\$WinREAgent
2023-03-13 19:24 - 2023-03-13 19:24 - 000000000 ____D C:\Users\Danka\AppData\Local\OneDrive
2023-03-08 19:23 - 2023-03-08 19:23 - 000003888 _____ C:\Windows\system32\Tasks\Avira_Security_Maintenance
2023-03-08 19:23 - 2023-03-08 19:23 - 000003428 _____ C:\Windows\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2023-03-08 19:23 - 2023-03-08 19:23 - 000002818 _____ C:\Windows\system32\Tasks\Avira_Security_Systray
2023-03-06 19:04 - 2023-03-06 19:04 - 001227452 _____ C:\Windows\Minidump\030623-4500-01.dmp
2023-03-06 16:16 - 2023-03-06 16:29 - 2810747515 _____ C:\Users\Danka\Downloads\Twin+Peaks+(1992)+Twin+Peaks+-+Fire+Walk+with+Me+CZdabing.mkv
2023-02-25 19:59 - 2023-02-25 20:16 - 531831650 _____ C:\Users\Danka\Downloads\Městečko Twin Peaks 02#25 by UgarE.mp4
2023-02-24 13:37 - 2023-02-24 13:37 - 000599966 _____ C:\Users\Danka\Downloads\Žádost o provedení pracovnělékařské prohlídky.pdf
2023-02-24 13:37 - 2023-02-24 13:37 - 000599966 _____ C:\Users\Danka\Downloads\Žádost o provedení pracovnělékařské prohlídky (1).pdf
2023-02-24 13:36 - 2023-02-24 13:36 - 000146924 _____ C:\Users\Danka\Downloads\priloha_anonymized (1).pdf
2023-02-24 13:35 - 2023-02-24 13:35 - 000146924 _____ C:\Users\Danka\Downloads\priloha_anonymized.pdf
2023-02-19 17:08 - 2023-02-19 17:10 - 378977220 _____ C:\Users\Danka\Downloads\f29f0243e5eb86386b4e.mp4
2023-02-19 15:36 - 2023-02-19 16:05 - 538459332 _____ C:\Users\Danka\Downloads\Městečko Twin Peaks 02#13 by_UgarE.mp4
2023-02-18 16:38 - 2023-03-16 17:54 - 001462136 _____ C:\Windows\system32\rtp.db
2023-02-17 17:24 - 2023-02-18 16:38 - 000014256 _____ C:\Windows\system32\.tmp
2023-02-14 18:09 - 2023-02-14 18:10 - 001171303 _____ C:\Users\Danka\Downloads\eTicket_4850200.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-16 17:56 - 2022-12-18 12:14 - 000003702 _____ C:\Windows\system32\Tasks\Avira_FallbackUpdater
2023-03-16 17:55 - 2022-12-18 12:02 - 000000000 ____D C:\ProgramData\NVIDIA
2023-03-16 17:55 - 2022-12-18 11:50 - 000008192 ___SH C:\DumpStack.log.tmp
2023-03-16 17:55 - 2022-12-18 11:50 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-03-16 17:55 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-03-16 17:54 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-03-16 17:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-03-16 17:54 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-03-16 17:44 - 2022-12-18 14:57 - 000004212 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{7A792003-A558-4C91-A2A5-DE1F1B59BC4C}
2023-03-16 17:43 - 2022-12-18 12:15 - 000000000 ____D C:\Users\Danka\AppData\Local\D3DSCache
2023-03-16 17:42 - 2023-01-16 16:43 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-03-16 17:42 - 2022-12-18 11:50 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-13 19:28 - 2022-12-25 10:25 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-03-13 18:21 - 2022-12-25 09:49 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-03-13 18:21 - 2022-12-25 09:48 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-13 18:21 - 2022-12-18 12:07 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1899162997-3971115008-3701127281-1001
2023-03-11 19:19 - 2022-12-18 11:50 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-03-11 09:41 - 2022-12-25 09:45 - 000000000 ____D C:\Program Files\Microsoft Office
2023-03-08 19:23 - 2022-12-18 12:13 - 000003474 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2023-03-08 19:23 - 2022-12-18 12:13 - 000001078 _____ C:\Users\Public\Desktop\Avira.lnk
2023-03-08 19:23 - 2022-12-18 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2023-03-08 19:14 - 2022-12-18 12:15 - 000229896 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_process_monitor.sys
2023-03-08 19:14 - 2022-12-18 12:15 - 000226248 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_filesystem_filter.sys
2023-03-08 19:14 - 2022-12-18 12:15 - 000067272 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_traverse.sys
2023-03-06 20:01 - 2022-12-18 12:02 - 000000000 ____D C:\Users\Danka
2023-03-06 19:06 - 2022-12-18 11:50 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-03-06 19:04 - 2023-01-07 20:59 - 880755038 _____ C:\Windows\MEMORY.DMP
2023-03-06 19:04 - 2023-01-07 20:59 - 000000000 ____D C:\Windows\Minidump
2023-03-03 10:17 - 2022-12-18 11:50 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-03-03 10:17 - 2022-12-18 11:50 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-01 18:56 - 2022-12-25 09:26 - 000000000 ____D C:\Users\Public\Security Sessions
2023-02-18 16:42 - 2022-12-18 12:01 - 001605602 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-18 16:42 - 2019-12-07 15:43 - 000682184 _____ C:\Windows\system32\perfh005.dat
2023-02-18 16:42 - 2019-12-07 15:43 - 000137000 _____ C:\Windows\system32\perfc005.dat
2023-02-18 16:42 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-02-18 16:38 - 2022-12-18 11:50 - 000439928 _____ C:\Windows\system32\FNTCACHE.DAT
2023-02-18 16:37 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-02-18 16:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2023-02-18 13:22 - 2022-12-18 12:55 - 000000000 ____D C:\Users\Danka\AppData\Local\CrashDumps
2023-02-18 13:03 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-02-18 13:00 - 2022-12-18 11:55 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-02-18 12:54 - 2022-12-20 18:03 - 000000000 ____D C:\Windows\system32\MRT
2023-02-18 12:52 - 2022-12-20 18:03 - 149955784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-02-16 18:52 - 2022-12-18 12:06 - 000000000 ___RD C:\Users\Danka\OneDrive
2023-02-15 19:48 - 2022-12-18 12:15 - 000028128 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_elam.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2023
Ran by Danka (16-03-2023 17:57:47)
Running from C:\Users\Danka\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) (2022-12-18 10:54:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1899162997-3971115008-3701127281-500 - Administrator - Disabled)
Danka (S-1-5-21-1899162997-3971115008-3701127281-1001 - Administrator - Enabled) => C:\Users\Danka
DefaultAccount (S-1-5-21-1899162997-3971115008-3701127281-503 - Limited - Disabled)
Guest (S-1-5-21-1899162997-3971115008-3701127281-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1899162997-3971115008-3701127281-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Security (Enabled - Up to date) {2AF5B707-827E-6586-3C2C-03228A21FF9A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Avira Security (Enabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
FW: Avira Security (Enabled) {12CE3622-C811-64DE-1773-AA1774F2B8E1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version: - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.41.1.25731 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.84.8 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.24.0.14 - Avira Operations GmbH) Hidden
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2212.305 - Avira Operations GmbH & Co. KG) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.43 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.69 - Microsoft Corporation)
Microsoft Office Professional Plus 2021 - cs-cz (HKLM\...\ProPlus2021Retail - cs-cz) (Version: 16.0.16130.20218 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.043.0226.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1899162997-3971115008-3701127281-1001\...\Teams) (Version: 1.5.00.33362 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
NVIDIA Ovladače grafiky 516.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.94 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation)

Packages:
=========
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.47.3.0_x64__6rarf9sa4v8jt [2023-03-03] (Disney)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-03-11] (NVIDIA Corp.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-20] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0 [2023-03-03] (Spotify AB) [Startup Task]
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-24] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-24] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1899162997-3971115008-3701127281-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Danka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-03-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncShell64.dll [2023-03-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_ee20464bb4ac57f4\nvshext.dll [2022-08-23] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1899162997-3971115008-3701127281-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Danka\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\vlk.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6411210B-B8B9-4765-91FF-BED95D90464D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CFE7850D-216E-4922-B7ED-173ADC046770}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A48F6E23-BA78-4C06-A17C-630A832646F2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{33CD196F-9CA8-4D6C-8BEF-A942FD8D501D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4ACB4B89-9183-482B-878B-59D8DA5B801D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1A1DA995-AE25-4C25-89CD-6C0B101EFD28}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{812AB971-FD1F-473B-8DA0-7665C541F57A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F960172B-612A-4F5A-A439-2846ADCB9540}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F3BCBECB-DB7B-4530-84C1-B0AA18C71D70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{19E2C7CC-1650-430E-81C3-B5CFAEAB84C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{676B6754-7D53-47CA-A8AE-338C7DB6F14D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{06662923-0140-4572-A417-FE4EFA206568}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{31057815-4574-412E-B69F-C8F492BBB7B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.206.863.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39E007E8-4335-44AF-B8B2-50783770DD5A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.61 GB) (Free:33.19 GB) (28%)

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Řadič sběrnice SM
Description: Řadič sběrnice SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (03/16/2023 05:55:25 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (03/16/2023 05:46:50 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\system32\sysmain.dll (kód chyby Win32 126).

Error: (03/13/2023 07:29:07 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (03/13/2023 07:20:31 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/13/2023 07:19:48 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/08/2023 07:14:42 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_OFF došlo k chybě.

Error: (03/08/2023 07:13:41 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\system32\sysmain.dll (kód chyby Win32 126).

Error: (03/06/2023 05:48:33 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

System errors:
=============
Error: (03/16/2023 05:54:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-MF7F71F)
Description: Server {628ACE20-B77A-456F-A88D-547DB6CEEDD5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/06/2023 07:04:29 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: Počítač byl restartován z procesu kontroly chyb. Kontrola chyb: 0x00000119 (0x0000000000000001, 0x0000000000239c79, 0x0000000000239c98, 0xffffdc8c84ef5000). Výpis byl uložen do: C:\Windows\MEMORY.DMP. ID hlášení: 74d0a709-d173-46c4-91c5-28a106909100

Error: (03/06/2023 07:04:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (17:47:49, ‎06.‎03.‎2023) bylo neočekávané.

Error: (03/05/2023 08:43:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.383.1046.0).

Error: (03/05/2023 08:43:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240017): Aktualizace antimalwarové platformy programu Microsoft Defender Antivirus – KB4052623 (verze 4.18.2301.6).

Error: (03/05/2023 08:41:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (17:17:09, ‎04.‎03.‎2023) bylo neočekávané.

Error: (03/03/2023 11:41:29 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: NT AUTHORITY)
Description: Došlo k závažné chybě hardwaru. Záznam chyby s popisem stavu je obsažen v datové části této události.

Error: (02/28/2023 05:52:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

CodeIntegrity:
===============
Date: 2023-03-16 17:57:02
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. V20.0 04/18/2014
Motherboard: MSI H97M-E35 (MS-7846)
Processor: Intel(R) Core(TM) i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 34%
Total physical RAM: 8124 MB
Available physical RAM: 5322.65 MB
Total Virtual: 9404 MB
Available Virtual: 6206.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.61 GB) (Free:33.18 GB) (Model: Verbatim Vi550 S3) NTFS
Drive d: (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.29 GB) (Model: WDC WD10EZEX-00BN5A0) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:930.73 GB) (Free:812.54 GB) (Model: WDC WD10EZEX-00BN5A0) NTFS
Drive g: (USB) (Removable) (Total:7.21 GB) (Free:0.74 GB) NTFS

\\?\Volume{dc7d06f0-2829-4194-a8f7-fcb6fd9b16d4}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{ab7a10c5-bc29-43f4-85c9-511b7409fbb3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F13CC7E1)
Partition 1: (Active) - (Size=352 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 7.2 GB) (Disk ID: 0E83B442)
Partition 1: (Active) - (Size=7.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Zdravím!

Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Bez nálezu

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-16-2023
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.2604)
# Scanned: 32067
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcweesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

VIRY.CZ

Prosím o kontrolu logu - podezření na malware

Prosím o kontrolu logu - podezření na malware

Re: Prosím o kontrolu logu - podezření na malware

Re: Prosím o kontrolu logu - podezření na malware

Re: Prosím o kontrolu logu - podezření na malware