Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Oznámení o detekci viru

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
mlzd
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 02 led 2005 00:36
Bydliště: VDF

Oznámení o detekci viru

#1 Příspěvek od mlzd »

Dobrý večer,
chtěl bych požádat o radu jak se zbavit neustálého načítání varovného hlášení v sekci oznámení. Zdenek

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2025
Ran by Honza (administrator) on 14WG (UMAX Visionbook 14Wg) (24-08-2025 20:44:09)
Running from C:\Users\Honza\Desktop\FRST64.exe
Loaded Profiles: Honza
Platform: Microsoft Windows 10 Pro Version 22H2 19045.6216 (X64) Language: Čeština (Česko)
Default browser: "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_2bee269ff6068a49\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2bee269ff6068a49\igfxEM.exe
(Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\CCleaner\CCleaner64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <49>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_2bee269ff6068a49\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_b56b111c605faf54\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2a338cd7e65b34c8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2a338cd7e65b34c8\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(sihost.exe ->) (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe <10>
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2530.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.26.430.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Honza\AppData\Local\Microsoft\OneDrive\25.149.0803.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [798456 2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM-x32\...\Run: [mo_global] => C:\Program Files (x86)\FunPlus\Sea of Conquest\Launcher.exe (No File)
HKLM-x32\...\Run: [mo_global_desktop] => C:\Program Files (x86)\FunPlus\Sea of Conquest\1.0.0.40\Sea of Conquest WebHelper.exe (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45988576 2025-08-14] (Gen Digital Inc. -> Gen Digital Inc.)
HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\Run: [MicrosoftEdgeAutoLaunch_CB28A05F8534A2E6C66A60A8DCA4F8C3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [4117544 2025-08-15] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\139.0.31477.68\Installer\chrmstp.exe [2025-08-20] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\139.0.7258.139\Installer\chrmstp.exe [2025-08-24] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03E6F7FB-FA75-4AA8-987B-C318B1844B41} - System32\Tasks\Avast Software\Avast Antivirus Patcher => C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus.exe [8943920 2025-07-18] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {E67A5D01-0D94-440A-ABEB-3CCF3B657F1F} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5490936 2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {A8446118-B469-4DEE-BE20-654BC6C6063E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2564904 2024-11-19] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {D4686A74-8B41-44FC-9A34-906FB78C2088} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3616640 2025-08-13] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {142F95FD-06C5-4F65-90FD-EBEA45BBD6D8} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3616640 2025-08-13] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {86A13AE4-D567-4BDC-8E5A-A9C681826F13} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [3480504 2025-08-14] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {2B78C199-6300-46E3-8DDC-047726FDE3BC} - System32\Tasks\CCleanerBrowserProtectS-1-5-21-3067901247-1822622897-3061423007-1002 => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowserProtect.exe [1717416 2024-04-23] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {D7A56622-BD41-45F4-8555-EF2B05E4BAC8} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [6140640 2025-08-14] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "f4af0231-8b4d-4159-b241-fad3f4522f2c" --version "6.39.0.11548" --silent
Task: {BC448BFF-1456-41EC-8F75-37A687765F28} - System32\Tasks\CCleanerSkipUAC - Honza => C:\Program Files\CCleaner\CCleaner.exe [39822560 2025-08-14] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {4C785C6F-C3FD-47A1-82F9-4B78A0CA6823} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208168 2023-08-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {0A7EF85A-CBF9-437C-8DB9-85D0AC65F419} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208168 2023-08-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {956EC34A-8C38-4D62-8EEB-A5F018362D61} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7340.0{9B81E9E0-E4A7-4191-8ADE-D527A03CD08D} => C:\Program Files (x86)\Google\GoogleUpdater\141.0.7340.0\updater.exe [5948568 2025-08-06] (Google LLC -> Google LLC)
Task: {075A32C1-3B3E-41AA-A3A6-1BA51C6B6ABC} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ActionsServer\ActionsServer.exe [16889712 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E9C6A36E-8589-4257-B3B8-0BC0A253EA18} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28813696 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B807994A-8FE1-454F-A8CF-C095E88CCBEE} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [70048 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DA9CECE-FA28-47D3-81AF-9C95148950DE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28813696 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {803BBA41-52B6-439D-A86B-3EA2FAC388CC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311152 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {61BC8A04-F2C3-44A6-ADF6-2AB9088B95FF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311152 2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {F5CA5CAE-1E08-4976-9C05-B4CE53CA12BA} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [1355064 2025-08-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {503CE998-65D2-4D6B-98CC-CBFEDBF8CFD6} - System32\Tasks\OneDrive Startup Task-S-1-5-21-3067901247-1822622897-3061423007-1002 => C:\Users\Honza\AppData\Local\Microsoft\OneDrive\25.149.0803.0003\OneDriveLauncher.exe [725352 2025-08-23] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{fcdd1958-9484-4321-9c84-97335b0be912}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{fcdd1958-9484-4321-9c84-97335b0be912}: [DhcpDomain] Home
Tcpip\..\Interfaces\{fcdd1958-9484-4321-9c84-97335b0be912}\23330373E45647: [DhcpNameServer] 10.2.255.1 10.2.255.2
Tcpip\..\Interfaces\{fcdd1958-9484-4321-9c84-97335b0be912}\94E6475627E65647F56303: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{fcdd1958-9484-4321-9c84-97335b0be912}\94E6475627E65647F56303: [DhcpDomain] Home

Edge:
=======
Edge Profile: C:\Users\Honza\AppData\Local\Microsoft\Edge\User Data\Default [2025-08-24]
Edge StartupUrls: Default -> "hxxps://www.google.com/"
Edge Extension: (Dokumenty Google offline) - C:\Users\Honza\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-08-23]
Edge Extension: (Edge relevant text changes) - C:\Users\Honza\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-08-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1636.4\npCCleanerBrowserUpdate3.dll [2023-08-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1636.4\npCCleanerBrowserUpdate3.dll [2023-08-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default [2025-08-24]
CHR Notifications: Default -> hxxps://cnn.iprima.cz; hxxps://dozhdevikdogs.com; hxxps://watch.vidfav.me; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Dokumenty Google offline) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-08-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7719672 2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [1027320 2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1079544 2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-08-10] (Avast Software s.r.o. -> AVAST Software)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208168 2023-08-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\139.0.31477.68\elevation_service.exe [2408008 2025-08-13] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208168 2023-08-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1080544 2025-08-14] (Gen Digital Inc. -> Gen Digital Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13283728 2025-08-18] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [918456 2025-08-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [21072 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [245304 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391224 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [299600 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [85560 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [29144 2025-07-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [29752 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [281168 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [571984 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [92216 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [72272 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [886864 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1278032 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [202296 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [392248 2025-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 ESAuDriver; C:\WINDOWS\System32\drivers\ESAuDriver.sys [88000 2021-03-19] (WDKTestCert yangx,131692850569054652 -> Everest Semiconducor Co., Ltd)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [137432 2021-02-21] (GENESYS LOGIC, INC. -> Genesys Logic)
R3 IntcSST; C:\WINDOWS\System32\drivers\IntcSST.sys [652328 2018-08-27] (Intel(R) Smart Sound Technology -> Intel(R) Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-08-24 20:44 - 2025-08-24 20:45 - 000019497 _____ C:\Users\Honza\Desktop\FRST.txt
2025-08-24 20:43 - 2025-08-24 20:44 - 000000000 ____D C:\FRST
2025-08-24 20:42 - 2025-08-24 20:42 - 002409472 _____ (Farbar) C:\Users\Honza\Desktop\FRST64.exe
2025-08-24 19:48 - 2025-08-24 19:48 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-08-24 19:48 - 2025-08-24 19:48 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-08-24 19:48 - 2025-08-24 19:48 - 000000000 ____D C:\Program Files\Google
2025-08-24 19:47 - 2025-08-24 19:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2025-08-24 19:46 - 2025-08-24 19:46 - 011065272 _____ (Google LLC) C:\Users\Honza\Downloads\ChromeSetup.exe
2025-08-24 19:44 - 2025-08-24 19:44 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2025-08-24 18:51 - 2025-08-24 19:24 - 000000000 ____D C:\Users\Honza\AppData\Local\Malwarebytes
2025-08-24 18:45 - 2025-08-24 18:45 - 002844576 _____ (Malwarebytes) C:\Users\Honza\Downloads\MBSetup.exe
2025-08-24 18:41 - 2025-08-24 18:41 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-08-18 11:52 - 2025-08-18 11:52 - 000023734 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-08-18 07:44 - 2025-08-18 07:44 - 000023734 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-08-08 12:20 - 2025-08-08 12:20 - 000108276 _____ C:\Users\Honza\Downloads\0012553481_134449_.pdf
2025-08-05 13:45 - 2025-08-05 13:45 - 000000000 ____D C:\Users\Honza\AppData\Roaming\Seznam Browser
2025-08-05 13:40 - 2025-08-05 13:41 - 005350952 _____ (Seznam.cz) C:\Users\Honza\Downloads\Seznam.cz-install (1).exe
2025-08-05 13:40 - 2025-08-05 13:40 - 005350952 _____ (Seznam.cz) C:\Users\Honza\Downloads\Seznam.cz-install.exe
2025-08-01 13:03 - 2025-08-01 13:03 - 000107487 _____ C:\Users\Honza\Downloads\Vypis_z_uctu_000000-0639667113_z_20250731.pdf
2025-07-29 12:35 - 2025-07-29 12:34 - 000321272 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2025-07-25 17:48 - 2025-07-25 17:55 - 086028376 _____ (Chengdu Legou Technology Co.,Ltd ) C:\Users\Honza\Downloads\rokpc_7aa945ed147134e962d4aee21ea6fe18 (7).exe
2025-07-25 17:47 - 2025-07-25 17:55 - 086028376 _____ (Chengdu Legou Technology Co.,Ltd ) C:\Users\Honza\Downloads\rokpc_7aa945ed147134e962d4aee21ea6fe18.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-08-24 20:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-08-24 19:48 - 2023-10-07 17:30 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-08-24 19:47 - 2023-08-10 12:06 - 000000000 ____D C:\Program Files (x86)\Google
2025-08-24 19:42 - 2023-08-10 12:10 - 000000000 ____D C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome
2025-08-24 19:39 - 2025-07-12 07:49 - 000003386 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-08-24 19:39 - 2025-03-14 19:22 - 000000670 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-08-24 19:39 - 2023-08-10 12:44 - 000000000 ____D C:\Program Files\CCleaner
2025-08-24 19:24 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-08-24 19:24 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2025-08-24 18:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-08-24 18:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-08-24 18:40 - 2021-04-07 06:16 - 000000000 ____D C:\Program Files\Microsoft Office
2025-08-24 18:40 - 2021-04-06 05:31 - 000685078 _____ C:\WINDOWS\system32\perfh005.dat
2025-08-24 18:40 - 2021-04-06 05:31 - 000137842 _____ C:\WINDOWS\system32\perfc005.dat
2025-08-24 18:40 - 2020-11-19 09:54 - 001605606 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-08-24 18:33 - 2020-11-19 09:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-08-24 17:57 - 2023-08-10 12:03 - 000000000 ____D C:\ProgramData\Avast Software
2025-08-24 17:57 - 2023-08-10 11:42 - 000000000 __SHD C:\Users\Honza\IntelGraphicsProfiles
2025-08-24 17:57 - 2021-04-07 05:13 - 000000000 ____D C:\Intel
2025-08-24 17:57 - 2021-04-07 03:54 - 000008192 ___SH C:\DumpStack.log.tmp
2025-08-24 17:57 - 2020-11-19 09:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-08-24 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2025-08-24 17:56 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2025-08-23 07:53 - 2025-02-01 08:57 - 000003576 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-3067901247-1822622897-3061423007-1002
2025-08-23 07:53 - 2023-08-10 15:03 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3067901247-1822622897-3061423007-1002
2025-08-23 07:53 - 2023-08-10 11:46 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3067901247-1822622897-3061423007-1002
2025-08-23 07:53 - 2023-08-10 11:40 - 000002391 _____ C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-08-22 10:30 - 2024-02-09 19:36 - 000002840 _____ C:\WINDOWS\system32\Tasks\CCleanerBrowserProtectS-1-5-21-3067901247-1822622897-3061423007-1002
2025-08-22 10:30 - 2023-08-26 08:07 - 000003104 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2025-08-22 10:30 - 2023-08-26 08:07 - 000002622 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2025-08-22 10:30 - 2023-08-26 07:57 - 000003456 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineUA
2025-08-22 10:30 - 2023-08-26 07:57 - 000003232 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineCore
2025-08-22 10:30 - 2023-08-10 12:05 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2025-08-22 10:30 - 2023-08-07 12:48 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3067901247-1822622897-3061423007-500
2025-08-22 10:30 - 2020-11-19 09:46 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-08-22 10:30 - 2020-11-19 09:46 - 000003342 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-08-22 09:59 - 2023-08-10 12:44 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2025-08-22 09:59 - 2023-08-10 12:44 - 000002254 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Honza
2025-08-20 19:24 - 2020-11-19 09:43 - 000439880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-08-20 19:23 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-08-20 19:22 - 2024-07-20 07:17 - 000000000 ____D C:\WINDOWS\system32\compatrel
2025-08-20 19:22 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-08-20 19:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-08-20 19:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-08-20 19:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-08-20 19:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-08-20 19:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-08-20 19:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-08-20 17:37 - 2023-08-26 08:07 - 000002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2025-08-20 17:37 - 2023-08-26 07:57 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2025-08-20 14:03 - 2025-01-22 13:46 - 000056128 _____ (Gen Digital Inc.) C:\WINDOWS\system32\icarus_rvrt.exe
2025-08-18 07:44 - 2020-11-19 09:45 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-08-17 17:19 - 2023-08-10 11:42 - 000000000 ____D C:\Users\Honza\AppData\Local\Packages
2025-08-17 17:19 - 2020-11-19 09:46 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-08-17 17:19 - 2020-11-19 09:46 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-08-17 17:17 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-08-05 18:10 - 2020-11-19 09:48 - 000000000 ____D C:\ProgramData\Packages
2025-07-29 12:35 - 2023-08-10 12:04 - 001278032 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2025-07-29 12:35 - 2023-08-10 12:04 - 000392248 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000886864 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000571984 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000391224 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000299600 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000281168 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000245304 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000092216 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000085560 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000072272 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000029752 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000029144 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswElam.sys
2025-07-29 12:34 - 2023-08-10 12:04 - 000021072 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArDisk.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2025
Ran by Honza (24-08-2025 20:46:38)
Running from C:\Users\Honza\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.6216 (X64) (2023-08-07 11:14:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3067901247-1822622897-3061423007-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3067901247-1822622897-3061423007-503 - Limited - Disabled)
Guest (S-1-5-21-3067901247-1822622897-3061423007-501 - Limited - Disabled)
Honza (S-1-5-21-3067901247-1822622897-3061423007-1002 - Administrator - Enabled) => C:\Users\Honza
WDAGUtilityAccount (S-1-5-21-3067901247-1822622897-3061423007-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 25.7.10308.2972 - Gen Digital Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.39 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 139.0.31477.68 - Autoři prohlížeče CCleaner Browser)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1636.4 - Piriform Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 139.0.7258.139 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10101.6917 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 2.2.1.375 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM\...\{97B7DB53-C2AD-46EF-8310-20F8CE5AEFE1}) (Version: 10.1.17968.8131 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{19E91C91-8FF5-4A53-AAF8-D4D543CB7553}) (Version: 30.100.1841.3 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1841.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1916.4.0.1051 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{9C959275-76F7-4A4B-B6F6-2A959BBDCEDF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{C103A065-63DB-4B5B-9D07-5462C9892E5C}) (Version: 1.1.1.1 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine Driver (HKLM\...\{B1A19781-6E24-4387-BCAF-F7DC7C1D7487}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) TXE Storage Proxy Driver (HKLM\...\{496BFCDE-CB26-4437-BA07-BFBCA8AD20B6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{ffddf9dd-c47f-453a-92f5-ac6c98af8b5b}) (Version: 10.1.17968.8131 - Intel(R) Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.19029.20208 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\{DE493D86-8367-3619-97B6-69B997F0DBE3}) (Version: 139.0.3405.102 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 139.0.3405.102 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\OneDriveSetup.exe) (Version: 25.149.0803.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{77DC487A-02B7-4909-B341-B0FF671F51CF}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{A2896A75-ECFA-4D9D-B19D-20CBCE78C2E3}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.19029.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)

Chrome apps:
============
Disk Google (HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\11bc23b08dd698573f47e2133060f6ca) (Version: 1.0 - Google\Chrome)
Dokumenty (HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\950a5c219ee29263ac2ffcc18b3897d2) (Version: 1.0 - Google\Chrome)
Facebook (HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\d1ede37fc4778033e1f4a1fb2b7849c2) (Version: 1.0 - Google\Chrome)
Gmail (HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\ee84d25ae9783b8f03b6cd4b44b035fc) (Version: 1.0 - Google\Chrome)
Prezentace (HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\129c5298b78c916d0f784406fae51805) (Version: 1.0 - Google\Chrome)
Seznam.cz (HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\092869fed3d962224710a80089e5e658) (Version: 1.0 - Google\Chrome)
Tabulky (HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\d699484455bfed68f9fd710e10357333) (Version: 1.0 - Google\Chrome)
YouTube (HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\...\d1d0527428281396469e6ce6c2a1b762) (Version: 1.0 - Google\Chrome)

Packages:
=========
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.42.0_x64__w1wdnht996qgy [2025-02-26] (LinkedIn) [Startup Task]
Local Artificial Intelligence Manager -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\AI [2025-08-24] ()
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2408.15001.0_x64__8wekyb3d8bbwe [2024-10-05] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_55.20610.576.0_x64__8wekyb3d8bbwe [2025-07-07] (Microsoft Corporation)
Microsoft.Office.ActionsServer -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\ActionsServer [2025-08-24] ()
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-08-24] ()
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2023-08-12] (Microsoft Corporation)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-08] (INTEL CORP) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2530.2.0_x64__cv1g1gvanyjgm [2025-08-01] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3067901247-1822622897-3061423007-1002_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> C:\Users\Honza\AppData\Local\Microsoft\OneDrive\25.149.0803.0003\OneDrive.Sync.Service.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3067901247-1822622897-3061423007-1002_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> C:\Users\Honza\AppData\Local\Microsoft\OneDrive\25.149.0803.0003\OneDrive.Sync.Service.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-07-29] (Avast Software s.r.o. -> Gen Digital Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Honza\Desktop\Facebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kippjfofjhjlffjecoapiogbkgbpmgej
ShortcutWithArgument: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kippjfofjhjlffjecoapiogbkgbpmgej\Facebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kippjfofjhjlffjecoapiogbkgbpmgej
ShortcutWithArgument: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_dkncgicdohgfdncecojfiapgebmlnaoc\Seznam.cz.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Disk Google.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Dokumenty.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Facebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kippjfofjhjlffjecoapiogbkgbpmgej
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Prezentace.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Seznam.cz.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Tabulky.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Facebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kippjfofjhjlffjecoapiogbkgbpmgej
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Facebook.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kippjfofjhjlffjecoapiogbkgbpmgej
ShortcutWithArgument: C:\Users\Honza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Seznam.cz.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.umax.cz
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-08-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-08-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-08-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-08-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-08-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-08-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-08-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-08-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-08-05] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 10.0.0.138
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi 2: Intel(R) Dual Band Wireless-AC 3165 -> Netwtw04.sys

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3067901247-1822622897-3061423007-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 0) (TamperProtectionSource: )
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A84CB470-9021-42A1-B80C-A929A9DA8985}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{A5BEFA1F-0562-479D-B961-BC2C4FD876C9}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{CD2D8503-819B-42B7-B079-AB5B2F50B4B8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB3BCF3C-70EF-4B75-8EFE-71C841DA921D}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
FirewallRules: [{C4C5F0AD-02F3-49E0-A8C7-EB915A0488D6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:57.16 GB) (Free:13.05 GB) (23%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (08/24/2025 07:24:11 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (08/20/2025 07:24:39 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (08/20/2025 07:24:39 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (08/20/2025 07:24:39 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (08/20/2025 07:24:39 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (08/20/2025 07:24:39 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (08/20/2025 07:24:39 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (08/20/2025 07:24:39 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17


System errors:
=============
Error: (08/24/2025 06:34:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (08/24/2025 06:34:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Aktualizace Google (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (08/24/2025 06:34:07 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (08/24/2025 06:34:07 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (08/24/2025 05:57:35 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Intel(R) Audio Service skončila s následující chybou specifickou pro službu:
Operace byla dokončena úspěšně.

Error: (08/24/2025 05:56:44 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba aswbIDSAgent se po přijetí pokynu pro vypnutí neukončila správně.

Error: (08/24/2025 05:56:34 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby dosvc s argumenty Není k dispozici za účelem spuštění serveru:
{5B99FA76-721C-423C-ADAC-56D03C8A8007}

Error: (08/24/2025 05:56:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby dosvc s argumenty Není k dispozici za účelem spuštění serveru:
{5B99FA76-721C-423C-ADAC-56D03C8A8007}


CodeIntegrity:
===============
Date: 2025-08-24 19:24:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.

Date: 2025-08-24 19:24:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.

Date: 2025-08-24 19:23:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. V0.5.0_P4S0M2E0F0L2B0T0P2G00A0U0D601_ENE 07/02/2021
Motherboard: To be filled by O.E.M. Visionbook 14Wg
Processor: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz
Percentage of memory in use: 88%
Total physical RAM: 3920.14 MB
Available physical RAM: 443.36 MB
Total Virtual: 7707.71 MB
Available Virtual: 1279.91 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:57.16 GB) (Free:13.05 GB) (Model: Generic SCA64G) NTFS

\\?\Volume{15c96057-d994-4d8d-b737-5d6a4eba4629}\ (Recovery) (Fixed) (Total:0.98 GB) (Free:0.39 GB) NTFS
\\?\Volume{bdd6349e-1cb2-45da-b226-007408743f9d}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 58.3 GB) (Disk ID: 3B3BC079)

Partition: GPT.

==================== End of Addition.txt =======================
Snímek obrazovky viry.jpg
Snímek obrazovky viry.jpg (75.36 KiB) Zobrazeno 227 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119486
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Oznámení o detekci viru

#2 Příspěvek od Rudy »

Zdravím!
Nejprve spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mlzd
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 02 led 2005 00:36
Bydliště: VDF

Re: Oznámení o detekci viru

#3 Příspěvek od mlzd »

# -------------------------------
# Malwarebytes AdwCleaner 8.6.0.613
# -------------------------------
# Build: 08-19-2025
# Database: 2025-08-19.3 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 08-24-2025
# Duration: 00:00:14
# OS: Windows 10 (Build 19045.6216)
# Scanned: 32082
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119486
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Oznámení o detekci viru

#4 Příspěvek od Rudy »

Toto je čisté. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [mo_global] => C:\Program Files (x86)\FunPlus\Sea of Conquest\Launcher.exe (No File)
HKLM-x32\...\Run: [mo_global_desktop] => C:\Program Files (x86)\FunPlus\Sea of Conquest\1.0.0.40\Sea of Conquest WebHelper.exe (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
C:\DumpStack.log.tmp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mlzd
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 02 led 2005 00:36
Bydliště: VDF

Re: Oznámení o detekci viru

#5 Příspěvek od mlzd »

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2025
Ran by Honza (25-08-2025 09:42:05) Run:1
Running from C:\Users\Honza\Desktop
Loaded Profiles: Honza
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [mo_global] => C:\Program Files (x86)\FunPlus\Sea of Conquest\Launcher.exe (No File)
HKLM-x32\...\Run: [mo_global_desktop] => C:\Program Files (x86)\FunPlus\Sea of Conquest\1.0.0.40\Sea of Conquest WebHelper.exe (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
C:\DumpStack.log.tmp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mo_global" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mo_global_desktop" => not found
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1835008 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19001605 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 12332779 B
Edge => 0 B
Chrome => 189582171 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1518256054 B
systemprofile32 => 1518256054 B
LocalService => 1518268092 B
NetworkService => 1518268092 B
Honza => 1545948646 B

RecycleBin => 7228416 B
EmptyTemp: => 7.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-08-2025 09:43:45)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 09:43:45 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119486
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Oznámení o detekci viru

#6 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
mlzd
Návštěvník
Návštěvník
Příspěvky: 130
Registrován: 02 led 2005 00:36
Bydliště: VDF

Re: Oznámení o detekci viru

#7 Příspěvek od mlzd »

Ano. Už je klid. Oznámení se nezobrazuje.
Vřelé díky! Zdeněk.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119486
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Oznámení o detekci viru

#8 Příspěvek od Rudy »

Nemáte zač! :-)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“