Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
poshukach - obyčejná řešení nefungují
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
- Návštěvník
- Příspěvky: 10
- Registrován: 14 zář 2021 10:34
poshukach - obyčejná řešení nefungují
Dobrý den,
koupil jsem nový notebook a samozřejmě se mi na něj záhadným způsobem podařilo nainstalovat hijacker poshukach. Zkoušel jsem jej odstranit pomocí internetového návodu, ve kterém říkali, že mám odstranit podezřelé addony ve firefoxu, neúspěšně, pak jsem stáhnul malwerbytes antimalware, jestli to náhodou nenajde, nenašel. Podle dalšího návodu to měl obejvit Loaris Trojan Remover, tam také neúspěch. Ručně jsem pak vymazal jeden registr umístěn v HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - jmenoval se web companion, takže jsem si říkal, že to beztak bude ono, ale beze změny. Momentálně funguji tak, že mám defaultní vyhledávač google, ale při spuštění firefoxu se mi pořád zapíná nejdříve poshukach. Už vůbec nevím, co mám dělat, abych se ho zbavil, ono mi to jakože tak úplně neznemožňuje dělat cokoliv nebo tak, ale prostě to tam nechci, jestli mi rozumíte
Rád poskytnu veškeré informace, které budete potřebovat.
Mnohokrát děkuji za jakoukoliv nabídnutou pomoc.
Martin
koupil jsem nový notebook a samozřejmě se mi na něj záhadným způsobem podařilo nainstalovat hijacker poshukach. Zkoušel jsem jej odstranit pomocí internetového návodu, ve kterém říkali, že mám odstranit podezřelé addony ve firefoxu, neúspěšně, pak jsem stáhnul malwerbytes antimalware, jestli to náhodou nenajde, nenašel. Podle dalšího návodu to měl obejvit Loaris Trojan Remover, tam také neúspěch. Ručně jsem pak vymazal jeden registr umístěn v HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run - jmenoval se web companion, takže jsem si říkal, že to beztak bude ono, ale beze změny. Momentálně funguji tak, že mám defaultní vyhledávač google, ale při spuštění firefoxu se mi pořád zapíná nejdříve poshukach. Už vůbec nevím, co mám dělat, abych se ho zbavil, ono mi to jakože tak úplně neznemožňuje dělat cokoliv nebo tak, ale prostě to tam nechci, jestli mi rozumíte
Rád poskytnu veškeré informace, které budete potřebovat.
Mnohokrát děkuji za jakoukoliv nabídnutou pomoc.
Martin
Re: poshukach - obyčejná řešení nefungují
Ahoj
Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679
Temu som zaroven presunul do spravnej sekcie.
Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679
Temu som zaroven presunul do spravnej sekcie.
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 10
- Registrován: 14 zář 2021 10:34
Re: poshukach - obyčejná řešení nefungují
Zdravím
díky za rychlou odpověď a za tu špatnou sekci se moc omlouvám.
FRST.txt :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2021
Ran by X230 (administrator) on DESKTOP-KNL8DH0 (LENOVO 2325VJV) (14-09-2021 13:41:36)
Running from C:\Users\X230\Downloads
Loaded Profiles: X230
Platform: Windows 10 Pro Version 21H1 19043.1202 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\X230\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_6df953d54d3099b9\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\tposd.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\X230\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify AB -> Spotify Ltd) C:\Users\X230\AppData\Roaming\Spotify\Spotify.exe <7>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [124184 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35145856 2021-08-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [Spotify] => C:\Users\X230\AppData\Roaming\Spotify\Spotify.exe [24857736 2021-09-11] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\MountPoints2: {887ba6e6-1213-11ec-b4c4-2cd05a7fe6a2} - "D:\Lenovo_Suite.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.63\Installer\chrmstp.exe [2021-09-10] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleanerSkipUAC - X230" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\DolbySelectorTask" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3269600821-496837758-4138566819-1001" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {0FBFACBC-98F7-4129-8E24-BF2E605DBC6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {1238FE4A-1A2C-49A8-A5DD-6E861D95D205} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {1B5D9D24-638A-4CA0-BCD7-3983D608214E} - System32\Tasks\CCleanerSkipUAC - X230 => C:\Program Files\CCleaner\CCleaner.exe [29212288 2021-08-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2C846061-65C6-4667-A1EA-B3D56B2340BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {45F4698D-D292-4E36-8BE8-EF1C4DF0E6A2} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [62136 2021-07-11] (Lenovo -> )
Task: {5C25C2A1-8B52-4A8C-A3F5-CC91069B8FB9} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {652601B9-3875-46FB-A770-96F48A4B84D4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-08-27] (Piriform Software Ltd -> Piriform)
Task: {714623CE-A3A8-4F3A-80C6-5324846B6D80} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4917528 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
Task: {7244790E-DD85-4F0D-9912-91FF836522EA} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris Trojan Remover\ltr.exe [18323704 2021-09-10] (Loaris, LLC -> Loaris Inc.)
Task: {76E7445D-D02F-4AA2-9239-3694C5B2D8FD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {926C4A5E-A7C8-4C34-AA40-DCB36BEE19AA} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112824 2021-07-11] (Lenovo -> Lenovo)
Task: {C02C6542-F1E8-4454-AC45-98827C1C3360} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {C3BBF21D-C392-4935-826D-905F84FD7666} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3269600821-496837758-4138566819-1001 => C:\Users\X230\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-08-18] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {E28B1C7D-860A-4EE3-917C-C359E47F94B7} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {E7BAA6EC-057F-4742-BF34-8709F489D312} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-09-11] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{98c74573-7e83-4ad0-be21-bcc636c59d39}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a7530307-1f26-43a0-aa24-ffdedaf46210}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Profile: C:\Users\X230\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-14]
FireFox:
========
FF DefaultProfile: ptdnnier.default
FF ProfilePath: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\ptdnnier.default [2021-09-14]
FF Homepage: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF ProfilePath: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release [2021-09-14]
FF Homepage: Mozilla\Firefox\Profiles\xft4p477.default-release -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\xft4p477.default-release -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF Extension: (Facebook Container) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\@contain-facebook.xpi [2021-09-11]
FF Extension: (AdBlocker Ultimate) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-09-11]
FF Extension: (Dictionary Anywhere) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\{e90f5de4-8510-4515-9f67-3b6654e1e8c2}.xpi [2021-09-14]
FF SearchPlugin: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\searchplugins\Poshukach Engin Search.xml [2021-09-11]
FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default [2021-09-14]
CHR Extension: (Prezentace) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-20]
CHR Extension: (Dokumenty) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-20]
CHR Extension: (Disk Google) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-06-20]
CHR Extension: (Adobe Acrobat) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-06-20]
CHR Extension: (Tabulky) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-20]
CHR Extension: (Gmail) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-20]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8303184 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_6df953d54d3099b9\driver\TPHKLOAD.exe [465192 2021-03-30] (Lenovo -> Lenovo Group Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35712 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [221584 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367632 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250384 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99344 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17344 2021-09-11] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41344 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184120 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538464 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107840 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851704 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [553496 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215384 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 GemCCID; C:\Windows\System32\drivers\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 ldiagio; C:\Program Files\Lenovo\Lenovo Diagnostics Tool\ldiagio.sys [31568 2020-09-01] (WDKTestCert andre.luis,132164092889939783 -> Lenovo Group Limited (R))
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo(Japan)Ltd. -> Lenovo)
R3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [81392 2015-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Ericsson AB)
R3 MkBusFilter; C:\Windows\system32\DRIVERS\MbmDeviceFilter.sys [42208 2015-06-30] (Ericsson AB -> )
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 risdxc; C:\Windows\System32\drivers\risdxc64.sys [106496 2013-09-08] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [433384 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-14 13:41 - 2021-09-14 13:42 - 000020353 _____ C:\Users\X230\Downloads\FRST.txt
2021-09-14 13:41 - 2021-09-14 13:41 - 002303488 _____ (Farbar) C:\Users\X230\Downloads\FRST64.exe
2021-09-14 13:41 - 2021-09-14 13:41 - 000000000 ____D C:\FRST
2021-09-14 12:50 - 2021-09-14 12:50 - 000003206 _____ C:\Windows\system32\Tasks\Trojan Remover
2021-09-14 11:09 - 2021-09-14 11:09 - 000000913 _____ C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
2021-09-14 11:09 - 2021-09-14 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover
2021-09-14 11:09 - 2021-09-14 11:09 - 000000000 ____D C:\ProgramData\Loaris
2021-09-14 11:09 - 2021-09-14 11:09 - 000000000 ____D C:\Program Files\Loaris Trojan Remover
2021-09-14 11:07 - 2021-09-14 11:07 - 001171376 _____ (Loaris LLC) C:\Users\X230\Downloads\loaris-mypc.exe
2021-09-14 11:03 - 2021-09-14 11:03 - 000000000 ____D C:\Users\X230\AppData\Local\CrashDumps
2021-09-14 11:02 - 2021-09-14 11:02 - 000000000 ____D C:\Users\X230\AppData\Local\mbam
2021-09-14 11:01 - 2021-09-14 11:01 - 000000000 ____D C:\Program Files\Malwarebytes
2021-09-14 11:00 - 2021-09-14 11:01 - 002101944 _____ (Malwarebytes) C:\Users\X230\Downloads\MBSetup-119967.119967-consumer.exe
2021-09-14 10:46 - 2021-09-14 10:46 - 002527040 _____ (Wiper Software, UAB) C:\Users\X230\Downloads\WiperSoft-installer.exe
2021-09-11 14:49 - 2021-09-14 11:37 - 000000000 ____D C:\Users\X230\AppData\Roaming\Spotify
2021-09-11 14:49 - 2021-09-13 11:20 - 000000000 ____D C:\Users\X230\AppData\Local\Spotify
2021-09-11 14:49 - 2021-09-11 14:49 - 000770280 _____ (Spotify Ltd) C:\Users\X230\Downloads\SpotifySetup.exe
2021-09-11 14:49 - 2021-09-11 14:49 - 000001845 _____ C:\Users\X230\Desktop\Spotify.lnk
2021-09-11 14:49 - 2021-09-11 14:49 - 000001831 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2021-09-11 14:26 - 2021-09-11 14:40 - 000000000 ____D C:\Users\X230\AppData\Local\Avast Software
2021-09-11 14:26 - 2021-09-11 14:26 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-09-11 14:26 - 2021-09-11 14:26 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-09-11 14:26 - 2021-09-11 14:26 - 000000000 ____D C:\Users\X230\AppData\Roaming\Avast Software
2021-09-11 14:26 - 2021-09-11 14:26 - 000000000 ____D C:\Users\X230\AppData\Local\CEF
2021-09-11 14:25 - 2021-09-14 12:39 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-09-11 14:25 - 2021-09-13 21:06 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-09-11 14:25 - 2021-09-11 14:25 - 000851704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000553496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000538464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000367632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000340248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-09-11 14:25 - 2021-09-11 14:25 - 000328568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000250384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000221584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000215384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000184120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000107840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000099344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000082904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000041344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000035712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000017344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-09-11 14:24 - 2021-09-11 14:24 - 000000000 ____D C:\Program Files\Avast Software
2021-09-11 13:41 - 2021-09-11 13:44 - 000000000 ____D C:\Users\X230\AppData\Local\PlaceholderTileLogoFolder
2021-09-11 13:17 - 2021-09-11 13:17 - 000000000 ____D C:\Users\X230\AppData\Local\BitTorrentHelper
2021-09-11 13:16 - 2021-09-11 14:40 - 000000000 ____D C:\ProgramData\Avast Software
2021-09-11 13:16 - 2021-09-11 13:16 - 000224552 _____ (AVAST Software) C:\Users\X230\Downloads\avast_free_antivirus_setup_online.exe
2021-09-11 13:16 - 2021-09-11 13:16 - 000000000 ____D C:\Users\X230\AppData\LocalLow\uTorrent
2021-09-11 13:15 - 2021-09-11 13:15 - 000000000 ____D C:\Users\X230\AppData\Local\D3DSCache
2021-09-11 13:14 - 2021-09-11 15:33 - 000000000 ____D C:\Users\X230\AppData\Roaming\uTorrent
2021-09-11 13:14 - 2021-09-11 13:14 - 000000895 _____ C:\Users\X230\Desktop\µTorrent.lnk
2021-09-11 13:14 - 2021-09-11 13:14 - 000000875 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-09-11 13:13 - 2021-09-11 13:13 - 000000000 ____D C:\Users\X230\AppData\Local\UT008
2021-09-11 13:12 - 2021-09-11 13:12 - 005140776 _____ (BitTorrent Inc.) C:\Users\X230\Downloads\uTorrent.exe
2021-09-11 13:09 - 2021-09-11 13:10 - 021118840 _____ (BitTorrent, Inc.) C:\Users\X230\Downloads\utweb_installer.exe
2021-09-11 12:07 - 2021-09-11 12:07 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-09-11 11:47 - 2021-09-14 12:39 - 000003048 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-09-11 11:47 - 2021-09-14 12:39 - 000002310 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - X230
2021-09-11 11:47 - 2021-09-14 11:47 - 000000000 ____D C:\Program Files\CCleaner
2021-09-11 11:47 - 2021-09-11 11:47 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-09-11 11:47 - 2021-09-11 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-09-11 11:45 - 2021-09-11 11:45 - 036097408 _____ (Piriform Software Ltd) C:\Users\X230\Downloads\ccsetup584_pro_trial.exe
2021-09-11 11:43 - 2021-09-14 11:31 - 000000000 ____D C:\Users\X230\AppData\LocalLow\Mozilla
2021-09-11 11:43 - 2021-09-11 12:20 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000333064 _____ (Mozilla) C:\Users\X230\Downloads\Firefox Installer.exe
2021-09-11 11:43 - 2021-09-11 11:43 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-11 11:43 - 2021-09-11 11:43 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Users\X230\AppData\Roaming\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Users\X230\AppData\Local\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-10 10:24 - 2021-09-10 10:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-09-10 10:24 - 2021-09-10 10:24 - 000170496 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll
2021-09-10 10:24 - 2021-09-10 10:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-09-10 10:23 - 2021-09-10 10:23 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-09-10 10:23 - 2021-09-10 10:23 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-10 10:23 - 2021-09-10 10:23 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-09-10 10:23 - 2021-09-10 10:23 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-09-10 10:23 - 2021-09-10 10:23 - 000011345 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-09-10 10:18 - 2021-09-10 10:18 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-14 12:39 - 2021-06-20 21:03 - 000002334 _____ C:\Windows\system32\Tasks\DolbySelectorTask
2021-09-14 12:39 - 2021-06-20 21:02 - 000003542 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-09-14 12:39 - 2021-06-20 20:44 - 000003462 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-14 12:39 - 2021-06-20 20:44 - 000003238 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-14 12:39 - 2021-06-20 20:25 - 000002918 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3269600821-496837758-4138566819-1001
2021-09-14 12:39 - 2021-06-20 19:35 - 000003572 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-09-14 12:39 - 2021-06-20 19:35 - 000003348 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-09-14 12:38 - 2021-06-20 20:44 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-14 11:09 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-09-14 10:35 - 2021-06-20 21:08 - 000000000 __SHD C:\Users\X230\IntelGraphicsProfiles
2021-09-14 10:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-14 01:19 - 2021-06-20 19:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-13 13:34 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-13 13:34 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-13 11:27 - 2021-06-20 20:23 - 000000000 ____D C:\ProgramData\Packages
2021-09-13 11:21 - 2021-06-20 19:35 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-11 13:41 - 2021-06-20 20:23 - 000000000 ____D C:\Users\X230\AppData\Local\Packages
2021-09-11 12:07 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-09-11 11:48 - 2021-06-20 20:34 - 000000000 ____D C:\Windows\Panther
2021-09-11 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2021-09-10 10:53 - 2021-06-20 19:41 - 001693712 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-10 10:53 - 2019-12-07 16:43 - 000718160 _____ C:\Windows\system32\perfh005.dat
2021-09-10 10:53 - 2019-12-07 16:43 - 000145302 _____ C:\Windows\system32\perfc005.dat
2021-09-10 10:46 - 2021-06-20 19:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-10 10:46 - 2021-06-20 19:34 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-10 10:45 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-09-10 10:34 - 2021-06-20 19:35 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-09-10 10:30 - 2021-06-20 20:23 - 000002374 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-10 10:29 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-09-10 10:28 - 2021-06-20 19:34 - 000258096 _____ C:\Windows\system32\FNTCACHE.DAT
2021-09-10 10:28 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-09-10 10:28 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-09-10 10:17 - 2021-06-20 20:39 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-10 10:16 - 2021-06-20 20:44 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-10 10:16 - 2021-06-20 20:44 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-10 10:14 - 2021-06-20 20:37 - 000000000 ____D C:\Windows\system32\MRT
2021-09-10 10:11 - 2021-06-20 21:01 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-10 10:09 - 2021-06-20 21:14 - 000000000 ____D C:\Users\X230\AppData\Local\LenovoServiceBridge
2021-09-10 10:09 - 2021-06-20 20:37 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-10 10:08 - 2021-06-20 21:00 - 000000000 ____D C:\Users\X230\AppData\Local\Adobe
2021-09-10 10:08 - 2021-06-20 20:38 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-08-17 01:22 - 2021-06-20 20:39 - 000740168 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-08-17 01:22 - 2021-06-20 20:39 - 000486728 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt.:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2021
Ran by X230 (14-09-2021 13:43:21)
Running from C:\Users\X230\Downloads
Windows 10 Pro Version 21H1 19043.1202 (X64) (2021-06-20 17:37:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3269600821-496837758-4138566819-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3269600821-496837758-4138566819-503 - Limited - Disabled)
Guest (S-1-5-21-3269600821-496837758-4138566819-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3269600821-496837758-4138566819-504 - Limited - Disabled)
X230 (S-1-5-21-3269600821-496837758-4138566819-1001 - Administrator - Enabled) => C:\Users\X230
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\uTorrent) (Version: 3.5.5.46090 - BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.7.2481 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.84 - Piriform)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.63 - Google LLC)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo)
Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.35.4 - LENOVO (UNITED STATES) INC.)
Lenovo Service Bridge (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.5 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0110 - Lenovo)
Loaris Trojan Remover 3.1.88 (HKLM\...\{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1) (Version: 3.1.88 - Loaris Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM\...\{053BB205-59BA-44E5-AD33-F5402494BAB7}) (Version: 8.2.5 - Lenovo) Hidden
Mobile Broadband Drivers v8.2.5 (HKLM-x32\...\{47786bea-6a7b-4d85-9b51-d1db1d022f0a}) (Version: 8.2.5 - Lenovo)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 92.0 (x64 cs)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 92.0 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Spotify) (Version: 1.1.67.586.gbb5ef64e - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.142 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-09-13] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3269600821-496837758-4138566819-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Loaris Trojan Remover] -> {4B884539-D34B-4F5B-B008-3A6F3B213E5C} => C:\Program Files\Loaris Trojan Remover\shellext.dll [2021-09-10] (Loaris, LLC -> Loaris Inc.)
ContextMenuHandlers2: [Loaris Trojan Remover] -> {4B884539-D34B-4F5B-B008-3A6F3B213E5C} => C:\Program Files\Loaris Trojan Remover\shellext.dll [2021-09-10] (Loaris, LLC -> Loaris Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Loaris Trojan Remover] -> {4B884539-D34B-4F5B-B008-3A6F3B213E5C} => C:\Program Files\Loaris Trojan Remover\shellext.dll [2021-09-10] (Loaris, LLC -> Loaris Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Loaris Trojan Remover] -> {4B884539-D34B-4F5B-B008-3A6F3B213E5C} => C:\Program Files\Loaris Trojan Remover\shellext.dll [2021-09-10] (Loaris, LLC -> Loaris Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-06-20 20:44 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\X230\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{14BA4E3A-7D6D-411E-A854-E68DB6657B20}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{3CB7F4CE-A0CD-44DB-8724-DDC8C42B0F4E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{3C26D6F1-86A8-4666-AFD5-02D3596CF25B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{04B74FA1-22C6-41EF-9881-D43329E81F52}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C631656-2423-4109-A640-0E7C95C33477}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B88BA6D-5CC3-441E-9A3C-E20F81B1AD73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D31E1C0-07E5-48C7-AE2D-3463894D010D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B838B66-40B2-45B6-90CC-1B617C8164A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{055D82F8-0018-4DC7-8068-54237050EAF9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{86371322-1E4A-4C16-99A1-0FC911BE819B}] => (Allow) C:\Users\X230\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F7798305-FF48-4408-A78A-7411A2D571B0}] => (Allow) C:\Users\X230\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BBEE2B1D-511A-4990-8763-D17FF41EB1D7}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{85B0F42C-D9E3-4FAD-A977-1F255D581971}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{6E7EE9A2-1C52-464C-9B2F-72239A42F538}C:\users\x230\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x230\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7D9D31D0-F22E-4B0B-A347-B0F23FCCD84D}C:\users\x230\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x230\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
10-09-2021 10:16:07 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/14/2021 11:08:42 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.
Error: (09/14/2021 11:03:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamtray.exe, verze: 4.0.0.1117, časové razítko: 0x61321f0b
Název chybujícího modulu: Qt5Core.dll, verze: 5.14.1.0, časové razítko: 0x603971ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000219dc5
ID chybujícího procesu: 0x3c70
Čas spuštění chybující aplikace: 0x01d7a94742044d7f
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID zprávy: 4c594f60-89cc-4b08-a636-d63e02582e1a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/13/2021 11:19:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x1cb4
Čas spuštění chybující aplikace: 0x01d7a6fdc984cf0c
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: 916664a2-be84-4b79-b50e-b8ea1fe6b830
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/11/2021 11:54:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x3344
Čas spuštění chybující aplikace: 0x01d7a6f19a76030a
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: 191ad598-be4e-4fb2-bea3-2a9006be1b48
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/10/2021 12:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0xea4
Čas spuštění chybující aplikace: 0x01d7a6204fae6bf5
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: c519bf50-fae0-46e6-9c7f-b0a16a4d497f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/10/2021 10:33:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0xe2c
Čas spuštění chybující aplikace: 0x01d7a61de5772aed
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: 4173ef7f-62f8-4832-ae78-6ba6545ebc34
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (07/08/2021 01:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0xe54
Čas spuštění chybující aplikace: 0x01d773dc138c786b
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: baa85169-870e-4dc1-a833-7cf3ffc9b93b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (07/08/2021 11:07:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x1080
Čas spuštění chybující aplikace: 0x01d7660b71aacb72
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: cf988ff8-ba2d-4d3b-abe6-4cdd332d639e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (09/13/2021 11:42:19 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (09/13/2021 11:19:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Biometrická služba systému Windows byla neočekávaně ukončena. Tento stav nastal již 3krát.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2021-09-11 13:12:49
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/uTorrent
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\X230\Downloads\uTorrent.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-KNL8DH0\X230
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.349.536.0, AS: 1.349.536.0, NIS: 1.349.536.0
Verze modulu: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-09-11 13:11:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: App:Utorrent_BundleInstaller
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\X230\Downloads\utweb_installer.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-KNL8DH0\X230
Název procesu: C:\Program Files\Mozilla Firefox\firefox.exe
Verze bezpečnostních informací: AV: 1.349.536.0, AS: 1.349.536.0, NIS: 1.349.536.0
Verze modulu: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-09-11 12:05:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {1F7A08C1-4117-42DC-95B0-1374EC7499ED}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-09-11 11:54:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {756DFA09-DE59-4F6C-9B8D-10AEEE3F0686}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-09-11 11:52:10
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {8D7862E3-4F7F-49BE-A78A-17B0343D9A02}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-07-08 11:17:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:17:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:17:16
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:10:43
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:10:43
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
CodeIntegrity:
===============
Date: 2021-09-14 11:08:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-09-14 11:08:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO G2ETB7WW (2.77 ) 09/24/2019
Motherboard: LENOVO 2325VJV
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 85%
Total physical RAM: 8009.91 MB
Available physical RAM: 1198.6 MB
Total Virtual: 9929.91 MB
Available Virtual: 1933.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.96 GB) (Free:183.4 GB) NTFS
\\?\Volume{1770d6a2-6fd8-48b2-a01d-abe3e3e39064}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{1e5900d8-02cf-46a0-8634-ac17005e7dbc}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Díky za ochotu pomoci, zatím ahoj
díky za rychlou odpověď a za tu špatnou sekci se moc omlouvám.
FRST.txt :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-09-2021
Ran by X230 (administrator) on DESKTOP-KNL8DH0 (LENOVO 2325VJV) (14-09-2021 13:41:36)
Running from C:\Users\X230\Downloads
Loaded Profiles: X230
Platform: Windows 10 Pro Version 21H1 19043.1202 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Fortemedia Inc. -> ) C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\X230\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> ) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_6df953d54d3099b9\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\tposd.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\X230\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify AB -> Spotify Ltd) C:\Users\X230\AppData\Roaming\Spotify\Spotify.exe <7>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [124184 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35145856 2021-08-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [Spotify] => C:\Users\X230\AppData\Roaming\Spotify\Spotify.exe [24857736 2021-09-11] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\MountPoints2: {887ba6e6-1213-11ec-b4c4-2cd05a7fe6a2} - "D:\Lenovo_Suite.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.63\Installer\chrmstp.exe [2021-09-10] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Acrobat Update Task" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleanerSkipUAC - X230" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\DolbySelectorTask" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-3269600821-496837758-4138566819-1001" /ENABLE
Task: {0EF3FACF-1447-475D-AFBA-3BAD87C30271} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {0FBFACBC-98F7-4129-8E24-BF2E605DBC6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {1238FE4A-1A2C-49A8-A5DD-6E861D95D205} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {1B5D9D24-638A-4CA0-BCD7-3983D608214E} - System32\Tasks\CCleanerSkipUAC - X230 => C:\Program Files\CCleaner\CCleaner.exe [29212288 2021-08-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2C846061-65C6-4667-A1EA-B3D56B2340BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {45F4698D-D292-4E36-8BE8-EF1C4DF0E6A2} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [62136 2021-07-11] (Lenovo -> )
Task: {5C25C2A1-8B52-4A8C-A3F5-CC91069B8FB9} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {652601B9-3875-46FB-A770-96F48A4B84D4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-08-27] (Piriform Software Ltd -> Piriform)
Task: {714623CE-A3A8-4F3A-80C6-5324846B6D80} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4917528 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
Task: {7244790E-DD85-4F0D-9912-91FF836522EA} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris Trojan Remover\ltr.exe [18323704 2021-09-10] (Loaris, LLC -> Loaris Inc.)
Task: {76E7445D-D02F-4AA2-9239-3694C5B2D8FD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {926C4A5E-A7C8-4C34-AA40-DCB36BEE19AA} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112824 2021-07-11] (Lenovo -> Lenovo)
Task: {C02C6542-F1E8-4454-AC45-98827C1C3360} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {C3BBF21D-C392-4935-826D-905F84FD7666} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3269600821-496837758-4138566819-1001 => C:\Users\X230\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-08-18] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {E28B1C7D-860A-4EE3-917C-C359E47F94B7} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758648 2020-09-08] (Lenovo -> )
Task: {E7BAA6EC-057F-4742-BF34-8709F489D312} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-09-11] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{98c74573-7e83-4ad0-be21-bcc636c59d39}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a7530307-1f26-43a0-aa24-ffdedaf46210}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Profile: C:\Users\X230\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-14]
FireFox:
========
FF DefaultProfile: ptdnnier.default
FF ProfilePath: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\ptdnnier.default [2021-09-14]
FF Homepage: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF ProfilePath: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release [2021-09-14]
FF Homepage: Mozilla\Firefox\Profiles\xft4p477.default-release -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\xft4p477.default-release -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF Extension: (Facebook Container) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\@contain-facebook.xpi [2021-09-11]
FF Extension: (AdBlocker Ultimate) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-09-11]
FF Extension: (Dictionary Anywhere) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\{e90f5de4-8510-4515-9f67-3b6654e1e8c2}.xpi [2021-09-14]
FF SearchPlugin: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\searchplugins\Poshukach Engin Search.xml [2021-09-11]
FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default [2021-09-14]
CHR Extension: (Prezentace) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-20]
CHR Extension: (Dokumenty) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-20]
CHR Extension: (Disk Google) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-06-20]
CHR Extension: (Adobe Acrobat) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-06-20]
CHR Extension: (Tabulky) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-20]
CHR Extension: (Gmail) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-20]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8303184 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_6df953d54d3099b9\driver\TPHKLOAD.exe [465192 2021-03-30] (Lenovo -> Lenovo Group Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35712 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [221584 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367632 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250384 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99344 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17344 2021-09-11] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41344 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184120 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538464 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107840 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851704 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [553496 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215384 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 GemCCID; C:\Windows\System32\drivers\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 ldiagio; C:\Program Files\Lenovo\Lenovo Diagnostics Tool\ldiagio.sys [31568 2020-09-01] (WDKTestCert andre.luis,132164092889939783 -> Lenovo Group Limited (R))
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo(Japan)Ltd. -> Lenovo)
R3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [81392 2015-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Ericsson AB)
R3 MkBusFilter; C:\Windows\system32\DRIVERS\MbmDeviceFilter.sys [42208 2015-06-30] (Ericsson AB -> )
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 risdxc; C:\Windows\System32\drivers\risdxc64.sys [106496 2013-09-08] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [433384 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-14 13:41 - 2021-09-14 13:42 - 000020353 _____ C:\Users\X230\Downloads\FRST.txt
2021-09-14 13:41 - 2021-09-14 13:41 - 002303488 _____ (Farbar) C:\Users\X230\Downloads\FRST64.exe
2021-09-14 13:41 - 2021-09-14 13:41 - 000000000 ____D C:\FRST
2021-09-14 12:50 - 2021-09-14 12:50 - 000003206 _____ C:\Windows\system32\Tasks\Trojan Remover
2021-09-14 11:09 - 2021-09-14 11:09 - 000000913 _____ C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
2021-09-14 11:09 - 2021-09-14 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover
2021-09-14 11:09 - 2021-09-14 11:09 - 000000000 ____D C:\ProgramData\Loaris
2021-09-14 11:09 - 2021-09-14 11:09 - 000000000 ____D C:\Program Files\Loaris Trojan Remover
2021-09-14 11:07 - 2021-09-14 11:07 - 001171376 _____ (Loaris LLC) C:\Users\X230\Downloads\loaris-mypc.exe
2021-09-14 11:03 - 2021-09-14 11:03 - 000000000 ____D C:\Users\X230\AppData\Local\CrashDumps
2021-09-14 11:02 - 2021-09-14 11:02 - 000000000 ____D C:\Users\X230\AppData\Local\mbam
2021-09-14 11:01 - 2021-09-14 11:01 - 000000000 ____D C:\Program Files\Malwarebytes
2021-09-14 11:00 - 2021-09-14 11:01 - 002101944 _____ (Malwarebytes) C:\Users\X230\Downloads\MBSetup-119967.119967-consumer.exe
2021-09-14 10:46 - 2021-09-14 10:46 - 002527040 _____ (Wiper Software, UAB) C:\Users\X230\Downloads\WiperSoft-installer.exe
2021-09-11 14:49 - 2021-09-14 11:37 - 000000000 ____D C:\Users\X230\AppData\Roaming\Spotify
2021-09-11 14:49 - 2021-09-13 11:20 - 000000000 ____D C:\Users\X230\AppData\Local\Spotify
2021-09-11 14:49 - 2021-09-11 14:49 - 000770280 _____ (Spotify Ltd) C:\Users\X230\Downloads\SpotifySetup.exe
2021-09-11 14:49 - 2021-09-11 14:49 - 000001845 _____ C:\Users\X230\Desktop\Spotify.lnk
2021-09-11 14:49 - 2021-09-11 14:49 - 000001831 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2021-09-11 14:26 - 2021-09-11 14:40 - 000000000 ____D C:\Users\X230\AppData\Local\Avast Software
2021-09-11 14:26 - 2021-09-11 14:26 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-09-11 14:26 - 2021-09-11 14:26 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-09-11 14:26 - 2021-09-11 14:26 - 000000000 ____D C:\Users\X230\AppData\Roaming\Avast Software
2021-09-11 14:26 - 2021-09-11 14:26 - 000000000 ____D C:\Users\X230\AppData\Local\CEF
2021-09-11 14:25 - 2021-09-14 12:39 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-09-11 14:25 - 2021-09-13 21:06 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-09-11 14:25 - 2021-09-11 14:25 - 000851704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000553496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000538464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000367632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000340248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-09-11 14:25 - 2021-09-11 14:25 - 000328568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000250384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000221584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000215384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000184120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000107840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000099344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000082904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000041344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000035712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000017344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-09-11 14:24 - 2021-09-11 14:24 - 000000000 ____D C:\Program Files\Avast Software
2021-09-11 13:41 - 2021-09-11 13:44 - 000000000 ____D C:\Users\X230\AppData\Local\PlaceholderTileLogoFolder
2021-09-11 13:17 - 2021-09-11 13:17 - 000000000 ____D C:\Users\X230\AppData\Local\BitTorrentHelper
2021-09-11 13:16 - 2021-09-11 14:40 - 000000000 ____D C:\ProgramData\Avast Software
2021-09-11 13:16 - 2021-09-11 13:16 - 000224552 _____ (AVAST Software) C:\Users\X230\Downloads\avast_free_antivirus_setup_online.exe
2021-09-11 13:16 - 2021-09-11 13:16 - 000000000 ____D C:\Users\X230\AppData\LocalLow\uTorrent
2021-09-11 13:15 - 2021-09-11 13:15 - 000000000 ____D C:\Users\X230\AppData\Local\D3DSCache
2021-09-11 13:14 - 2021-09-11 15:33 - 000000000 ____D C:\Users\X230\AppData\Roaming\uTorrent
2021-09-11 13:14 - 2021-09-11 13:14 - 000000895 _____ C:\Users\X230\Desktop\µTorrent.lnk
2021-09-11 13:14 - 2021-09-11 13:14 - 000000875 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-09-11 13:13 - 2021-09-11 13:13 - 000000000 ____D C:\Users\X230\AppData\Local\UT008
2021-09-11 13:12 - 2021-09-11 13:12 - 005140776 _____ (BitTorrent Inc.) C:\Users\X230\Downloads\uTorrent.exe
2021-09-11 13:09 - 2021-09-11 13:10 - 021118840 _____ (BitTorrent, Inc.) C:\Users\X230\Downloads\utweb_installer.exe
2021-09-11 12:07 - 2021-09-11 12:07 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-09-11 11:47 - 2021-09-14 12:39 - 000003048 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-09-11 11:47 - 2021-09-14 12:39 - 000002310 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - X230
2021-09-11 11:47 - 2021-09-14 11:47 - 000000000 ____D C:\Program Files\CCleaner
2021-09-11 11:47 - 2021-09-11 11:47 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-09-11 11:47 - 2021-09-11 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-09-11 11:45 - 2021-09-11 11:45 - 036097408 _____ (Piriform Software Ltd) C:\Users\X230\Downloads\ccsetup584_pro_trial.exe
2021-09-11 11:43 - 2021-09-14 11:31 - 000000000 ____D C:\Users\X230\AppData\LocalLow\Mozilla
2021-09-11 11:43 - 2021-09-11 12:20 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000333064 _____ (Mozilla) C:\Users\X230\Downloads\Firefox Installer.exe
2021-09-11 11:43 - 2021-09-11 11:43 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-11 11:43 - 2021-09-11 11:43 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Users\X230\AppData\Roaming\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Users\X230\AppData\Local\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-10 10:24 - 2021-09-10 10:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-09-10 10:24 - 2021-09-10 10:24 - 000170496 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll
2021-09-10 10:24 - 2021-09-10 10:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-09-10 10:23 - 2021-09-10 10:23 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-09-10 10:23 - 2021-09-10 10:23 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-10 10:23 - 2021-09-10 10:23 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-09-10 10:23 - 2021-09-10 10:23 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-09-10 10:23 - 2021-09-10 10:23 - 000011345 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-09-10 10:18 - 2021-09-10 10:18 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-14 12:39 - 2021-06-20 21:03 - 000002334 _____ C:\Windows\system32\Tasks\DolbySelectorTask
2021-09-14 12:39 - 2021-06-20 21:02 - 000003542 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-09-14 12:39 - 2021-06-20 20:44 - 000003462 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-14 12:39 - 2021-06-20 20:44 - 000003238 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-14 12:39 - 2021-06-20 20:25 - 000002918 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3269600821-496837758-4138566819-1001
2021-09-14 12:39 - 2021-06-20 19:35 - 000003572 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-09-14 12:39 - 2021-06-20 19:35 - 000003348 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-09-14 12:38 - 2021-06-20 20:44 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-14 11:09 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-09-14 10:35 - 2021-06-20 21:08 - 000000000 __SHD C:\Users\X230\IntelGraphicsProfiles
2021-09-14 10:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-14 01:19 - 2021-06-20 19:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-13 13:34 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-13 13:34 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-13 11:27 - 2021-06-20 20:23 - 000000000 ____D C:\ProgramData\Packages
2021-09-13 11:21 - 2021-06-20 19:35 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-11 13:41 - 2021-06-20 20:23 - 000000000 ____D C:\Users\X230\AppData\Local\Packages
2021-09-11 12:07 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-09-11 11:48 - 2021-06-20 20:34 - 000000000 ____D C:\Windows\Panther
2021-09-11 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2021-09-10 10:53 - 2021-06-20 19:41 - 001693712 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-10 10:53 - 2019-12-07 16:43 - 000718160 _____ C:\Windows\system32\perfh005.dat
2021-09-10 10:53 - 2019-12-07 16:43 - 000145302 _____ C:\Windows\system32\perfc005.dat
2021-09-10 10:46 - 2021-06-20 19:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-10 10:46 - 2021-06-20 19:34 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-10 10:45 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-09-10 10:34 - 2021-06-20 19:35 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-09-10 10:30 - 2021-06-20 20:23 - 000002374 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-10 10:29 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-09-10 10:28 - 2021-06-20 19:34 - 000258096 _____ C:\Windows\system32\FNTCACHE.DAT
2021-09-10 10:28 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-09-10 10:28 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-09-10 10:17 - 2021-06-20 20:39 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-10 10:16 - 2021-06-20 20:44 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-10 10:16 - 2021-06-20 20:44 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-10 10:14 - 2021-06-20 20:37 - 000000000 ____D C:\Windows\system32\MRT
2021-09-10 10:11 - 2021-06-20 21:01 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-10 10:09 - 2021-06-20 21:14 - 000000000 ____D C:\Users\X230\AppData\Local\LenovoServiceBridge
2021-09-10 10:09 - 2021-06-20 20:37 - 133215968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-10 10:08 - 2021-06-20 21:00 - 000000000 ____D C:\Users\X230\AppData\Local\Adobe
2021-09-10 10:08 - 2021-06-20 20:38 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-08-17 01:22 - 2021-06-20 20:39 - 000740168 _____ (Microsoft Corporation) C:\Windows\system32\sedplugins.dll
2021-08-17 01:22 - 2021-06-20 20:39 - 000486728 _____ (Microsoft Corporation) C:\Windows\system32\QualityUpdateAssistant.dll
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt.:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2021
Ran by X230 (14-09-2021 13:43:21)
Running from C:\Users\X230\Downloads
Windows 10 Pro Version 21H1 19043.1202 (X64) (2021-06-20 17:37:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3269600821-496837758-4138566819-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3269600821-496837758-4138566819-503 - Limited - Disabled)
Guest (S-1-5-21-3269600821-496837758-4138566819-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3269600821-496837758-4138566819-504 - Limited - Disabled)
X230 (S-1-5-21-3269600821-496837758-4138566819-1001 - Administrator - Enabled) => C:\Users\X230
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\uTorrent) (Version: 3.5.5.46090 - BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.7.2481 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.84 - Piriform)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.63 - Google LLC)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo)
Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.35.4 - LENOVO (UNITED STATES) INC.)
Lenovo Service Bridge (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.5 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0110 - Lenovo)
Loaris Trojan Remover 3.1.88 (HKLM\...\{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1) (Version: 3.1.88 - Loaris Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Mobile Broadband Drivers (HKLM\...\{053BB205-59BA-44E5-AD33-F5402494BAB7}) (Version: 8.2.5 - Lenovo) Hidden
Mobile Broadband Drivers v8.2.5 (HKLM-x32\...\{47786bea-6a7b-4d85-9b51-d1db1d022f0a}) (Version: 8.2.5 - Lenovo)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 92.0 (x64 cs)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 92.0 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Spotify) (Version: 1.1.67.586.gbb5ef64e - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.142 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-09-13] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3269600821-496837758-4138566819-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Loaris Trojan Remover] -> {4B884539-D34B-4F5B-B008-3A6F3B213E5C} => C:\Program Files\Loaris Trojan Remover\shellext.dll [2021-09-10] (Loaris, LLC -> Loaris Inc.)
ContextMenuHandlers2: [Loaris Trojan Remover] -> {4B884539-D34B-4F5B-B008-3A6F3B213E5C} => C:\Program Files\Loaris Trojan Remover\shellext.dll [2021-09-10] (Loaris, LLC -> Loaris Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Loaris Trojan Remover] -> {4B884539-D34B-4F5B-B008-3A6F3B213E5C} => C:\Program Files\Loaris Trojan Remover\shellext.dll [2021-09-10] (Loaris, LLC -> Loaris Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Loaris Trojan Remover] -> {4B884539-D34B-4F5B-B008-3A6F3B213E5C} => C:\Program Files\Loaris Trojan Remover\shellext.dll [2021-09-10] (Loaris, LLC -> Loaris Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-06-20 20:44 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\X230\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{14BA4E3A-7D6D-411E-A854-E68DB6657B20}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{3CB7F4CE-A0CD-44DB-8724-DDC8C42B0F4E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{3C26D6F1-86A8-4666-AFD5-02D3596CF25B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{04B74FA1-22C6-41EF-9881-D43329E81F52}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C631656-2423-4109-A640-0E7C95C33477}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B88BA6D-5CC3-441E-9A3C-E20F81B1AD73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D31E1C0-07E5-48C7-AE2D-3463894D010D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B838B66-40B2-45B6-90CC-1B617C8164A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{055D82F8-0018-4DC7-8068-54237050EAF9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{86371322-1E4A-4C16-99A1-0FC911BE819B}] => (Allow) C:\Users\X230\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F7798305-FF48-4408-A78A-7411A2D571B0}] => (Allow) C:\Users\X230\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BBEE2B1D-511A-4990-8763-D17FF41EB1D7}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{85B0F42C-D9E3-4FAD-A977-1F255D581971}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{6E7EE9A2-1C52-464C-9B2F-72239A42F538}C:\users\x230\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x230\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7D9D31D0-F22E-4B0B-A347-B0F23FCCD84D}C:\users\x230\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x230\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
10-09-2021 10:16:07 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/14/2021 11:08:42 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.
Error: (09/14/2021 11:03:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamtray.exe, verze: 4.0.0.1117, časové razítko: 0x61321f0b
Název chybujícího modulu: Qt5Core.dll, verze: 5.14.1.0, časové razítko: 0x603971ce
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000219dc5
ID chybujícího procesu: 0x3c70
Čas spuštění chybující aplikace: 0x01d7a94742044d7f
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID zprávy: 4c594f60-89cc-4b08-a636-d63e02582e1a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/13/2021 11:19:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x1cb4
Čas spuštění chybující aplikace: 0x01d7a6fdc984cf0c
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: 916664a2-be84-4b79-b50e-b8ea1fe6b830
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/11/2021 11:54:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x3344
Čas spuštění chybující aplikace: 0x01d7a6f19a76030a
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: 191ad598-be4e-4fb2-bea3-2a9006be1b48
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/10/2021 12:14:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0xea4
Čas spuštění chybující aplikace: 0x01d7a6204fae6bf5
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: c519bf50-fae0-46e6-9c7f-b0a16a4d497f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/10/2021 10:33:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0xe2c
Čas spuštění chybující aplikace: 0x01d7a61de5772aed
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: 4173ef7f-62f8-4832-ae78-6ba6545ebc34
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (07/08/2021 01:28:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0xe54
Čas spuštění chybující aplikace: 0x01d773dc138c786b
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: baa85169-870e-4dc1-a833-7cf3ffc9b93b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (07/08/2021 11:07:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x1080
Čas spuštění chybující aplikace: 0x01d7660b71aacb72
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: cf988ff8-ba2d-4d3b-abe6-4cdd332d639e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (09/13/2021 11:42:19 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (09/13/2021 11:19:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Biometrická služba systému Windows byla neočekávaně ukončena. Tento stav nastal již 3krát.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (09/11/2021 03:33:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KNL8DH0)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2021-09-11 13:12:49
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/uTorrent
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\X230\Downloads\uTorrent.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-KNL8DH0\X230
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.349.536.0, AS: 1.349.536.0, NIS: 1.349.536.0
Verze modulu: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-09-11 13:11:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: App:Utorrent_BundleInstaller
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\X230\Downloads\utweb_installer.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-KNL8DH0\X230
Název procesu: C:\Program Files\Mozilla Firefox\firefox.exe
Verze bezpečnostních informací: AV: 1.349.536.0, AS: 1.349.536.0, NIS: 1.349.536.0
Verze modulu: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-09-11 12:05:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {1F7A08C1-4117-42DC-95B0-1374EC7499ED}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-09-11 11:54:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {756DFA09-DE59-4F6C-9B8D-10AEEE3F0686}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-09-11 11:52:10
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {8D7862E3-4F7F-49BE-A78A-17B0343D9A02}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-07-08 11:17:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:17:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:17:16
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:10:43
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:10:43
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
CodeIntegrity:
===============
Date: 2021-09-14 11:08:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-09-14 11:08:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO G2ETB7WW (2.77 ) 09/24/2019
Motherboard: LENOVO 2325VJV
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 85%
Total physical RAM: 8009.91 MB
Available physical RAM: 1198.6 MB
Total Virtual: 9929.91 MB
Available Virtual: 1933.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.96 GB) (Free:183.4 GB) NTFS
\\?\Volume{1770d6a2-6fd8-48b2-a01d-abe3e3e39064}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{1e5900d8-02cf-46a0-8634-ac17005e7dbc}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Díky za ochotu pomoci, zatím ahoj
Re: poshukach - obyčejná řešení nefungují
Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
- Uloz na plochu a ukonci vsetky programy
- Spusti AdwCleaner ako spravca
- Odsuhlas licencne podmienky
- Klikni na Spustit skenovani a pockaj na dokoncenie
- V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
- V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
- Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
- Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
- Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 10
- Registrován: 14 zář 2021 10:34
Re: poshukach - obyčejná řešení nefungují
Zdravím, posílám log:
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-15-2021
# Duration: 00:00:02
# OS: Windows 10 Pro
# Cleaned: 14
# Awaiting reboot:1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\X230\Downloads\WIPERSOFT-INSTALLER.EXE
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.LenovoHotkeyManager Folder C:\Program Files\LENOVO\HOTKEY
Deleted Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Classes\CLSID\{A48CA1A4-C36B-44f2-8090-19E08DF4365E}
Deleted Preinstalled.LenovoPowerManager Folder C:\Windows\SysWOW64\LENOVO\POWERMGR
Deleted Preinstalled.LenovoPowerManager Folder C:\Windows\System32\LENOVO\POWERMGR
Deleted Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Deleted Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Deleted Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Deleted Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1
Needs Reboot Preinstalled.LenovoServiceBridge Folder C:\Users\X230\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
***** [ Folders ] *****
Cleaning failed C:\Users\X230\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
*************************
AdwCleaner[S00].txt - [2733 octets] - [15/09/2021 11:46:33]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-09-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-15-2021
# Duration: 00:00:02
# OS: Windows 10 Pro
# Cleaned: 14
# Awaiting reboot:1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\X230\Downloads\WIPERSOFT-INSTALLER.EXE
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.LenovoHotkeyManager Folder C:\Program Files\LENOVO\HOTKEY
Deleted Preinstalled.LenovoHotkeyManager Registry HKLM\Software\Classes\CLSID\{A48CA1A4-C36B-44f2-8090-19E08DF4365E}
Deleted Preinstalled.LenovoPowerManager Folder C:\Windows\SysWOW64\LENOVO\POWERMGR
Deleted Preinstalled.LenovoPowerManager Folder C:\Windows\System32\LENOVO\POWERMGR
Deleted Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Deleted Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Deleted Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Deleted Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1
Needs Reboot Preinstalled.LenovoServiceBridge Folder C:\Users\X230\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
***** [ Folders ] *****
Cleaning failed C:\Users\X230\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
*************************
AdwCleaner[S00].txt - [2733 octets] - [15/09/2021 11:46:33]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Re: poshukach - obyčejná řešení nefungují
Poprosim obidva nove logy z FRST.
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
-
- Návštěvník
- Příspěvky: 10
- Registrován: 14 zář 2021 10:34
Re: poshukach - obyčejná řešení nefungují
Díky za odpověď
FRST.txt :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by X230 (administrator) on DESKTOP-KNL8DH0 (LENOVO 2325VJV) (17-09-2021 00:33:52)
Running from C:\Users\X230\Downloads
Loaded Profiles: X230
Platform: Windows 10 Pro Version 21H1 19043.1237 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\X230\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_6df953d54d3099b9\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\tposd.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\X230\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(sonarr.tv) [File not signed] C:\ProgramData\Sonarr\bin\Sonarr.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [124184 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35145856 2021-08-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [Spotify] => C:\Users\X230\AppData\Roaming\Spotify\Spotify.exe [24857736 2021-09-11] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282600 2021-09-10] (Valve -> Valve Corporation)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\MountPoints2: {887ba6e6-1213-11ec-b4c4-2cd05a7fe6a2} - "D:\Lenovo_Suite.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-16] (Google LLC -> Google LLC)
Startup: C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sonarr.lnk [2021-09-15]
ShortcutTarget: Sonarr.lnk -> C:\ProgramData\Sonarr\bin\Sonarr.exe (sonarr.tv) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FBFACBC-98F7-4129-8E24-BF2E605DBC6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {1B5D9D24-638A-4CA0-BCD7-3983D608214E} - System32\Tasks\CCleanerSkipUAC - X230 => C:\Program Files\CCleaner\CCleaner.exe [29212288 2021-08-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2C846061-65C6-4667-A1EA-B3D56B2340BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {45F4698D-D292-4E36-8BE8-EF1C4DF0E6A2} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [62136 2021-07-11] (Lenovo -> )
Task: {5C25C2A1-8B52-4A8C-A3F5-CC91069B8FB9} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {652601B9-3875-46FB-A770-96F48A4B84D4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-08-27] (Piriform Software Ltd -> Piriform)
Task: {714623CE-A3A8-4F3A-80C6-5324846B6D80} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4917528 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
Task: {7244790E-DD85-4F0D-9912-91FF836522EA} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris Trojan Remover\ltr.exe
Task: {76E7445D-D02F-4AA2-9239-3694C5B2D8FD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {926C4A5E-A7C8-4C34-AA40-DCB36BEE19AA} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
Task: {940647A7-876B-4EEA-9A58-D4A5823F979F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {C02C6542-F1E8-4454-AC45-98827C1C3360} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {C3BBF21D-C392-4935-826D-905F84FD7666} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3269600821-496837758-4138566819-1001 => C:\Users\X230\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-08-18] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {E28B1C7D-860A-4EE3-917C-C359E47F94B7} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {E7BAA6EC-057F-4742-BF34-8709F489D312} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-09-11] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{98c74573-7e83-4ad0-be21-bcc636c59d39}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a7530307-1f26-43a0-aa24-ffdedaf46210}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Profile: C:\Users\X230\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-16]
FireFox:
========
FF DefaultProfile: ptdnnier.default
FF ProfilePath: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\ptdnnier.default [2021-09-14]
FF Homepage: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF ProfilePath: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release [2021-09-17]
FF NewTab: Mozilla\Firefox\Profiles\xft4p477.default-release -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF Extension: (Facebook Container) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\@contain-facebook.xpi [2021-09-11]
FF Extension: (AdBlocker Ultimate) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-09-11]
FF Extension: (English (GB) Language Pack) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2021-09-14]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\marcoagpinto@mail.telepac.pt.xpi [2021-09-14]
FF Extension: (Dictionary Anywhere) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\{e90f5de4-8510-4515-9f67-3b6654e1e8c2}.xpi [2021-09-14]
FF SearchPlugin: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\searchplugins\Poshukach Engin Search.xml [2021-09-11]
FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default [2021-09-14]
CHR Extension: (Prezentace) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-20]
CHR Extension: (Dokumenty) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-20]
CHR Extension: (Disk Google) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-06-20]
CHR Extension: (Adobe Acrobat) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-06-20]
CHR Extension: (Tabulky) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-20]
CHR Extension: (Gmail) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-20]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8303184 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_6df953d54d3099b9\driver\TPHKLOAD.exe [465192 2021-03-30] (Lenovo -> Lenovo Group Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35712 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [221584 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367632 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250384 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99344 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17344 2021-09-11] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41344 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184120 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538464 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107840 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851704 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [553496 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215384 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 GemCCID; C:\Windows\System32\drivers\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 ldiagio; C:\Program Files\Lenovo\Lenovo Diagnostics Tool\ldiagio.sys [31568 2020-09-01] (WDKTestCert andre.luis,132164092889939783 -> Lenovo Group Limited (R))
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo(Japan)Ltd. -> Lenovo)
R3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [81392 2015-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Ericsson AB)
R3 MkBusFilter; C:\Windows\system32\DRIVERS\MbmDeviceFilter.sys [42208 2015-06-30] (Ericsson AB -> )
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 risdxc; C:\Windows\System32\drivers\risdxc64.sys [106496 2013-09-08] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [433384 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-17 00:33 - 2021-09-17 00:33 - 000000000 ___HD C:\$AV_ASW
2021-09-17 00:33 - 2021-09-17 00:33 - 000000000 ____D C:\Users\X230\Downloads\FRST-OlderVersion
2021-09-16 19:16 - 2021-09-16 19:16 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-16 19:16 - 2021-09-16 19:16 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-09-16 19:16 - 2021-09-16 19:16 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-09-16 19:16 - 2021-09-16 19:16 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2021-09-16 19:16 - 2021-09-16 19:16 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2021-09-16 19:16 - 2021-09-16 19:16 - 000011355 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-09-16 19:11 - 2021-09-16 19:11 - 000000000 ___HD C:\$WinREAgent
2021-09-16 13:46 - 2021-09-16 13:47 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2021-09-16 13:46 - 2021-09-16 13:46 - 003086696 _____ C:\Users\X230\Downloads\instspeedfan452.exe
2021-09-16 13:46 - 2021-09-16 13:46 - 000001076 _____ C:\Users\X230\Desktop\SpeedFan.lnk
2021-09-16 13:46 - 2021-09-16 13:46 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2021-09-16 13:46 - 2021-09-16 13:46 - 000000000 ____D C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2021-09-15 21:49 - 2021-09-15 21:49 - 000000877 _____ C:\Users\Public\Desktop\Sonarr.lnk
2021-09-15 21:49 - 2021-09-15 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarr
2021-09-15 21:48 - 2021-09-17 00:32 - 000000000 ____D C:\ProgramData\Sonarr
2021-09-15 21:48 - 2021-09-15 21:48 - 013013277 _____ (Team Sonarr ) C:\Users\X230\Downloads\Sonarr.main.3.0.6.1265.windows.exe
2021-09-15 12:59 - 2021-09-15 12:59 - 000002258 _____ C:\Users\Public\Desktop\Mirror's Edge™.lnk
2021-09-15 12:58 - 2021-09-15 12:58 - 000000000 ____D C:\Program Files (x86)\EA Games
2021-09-15 12:56 - 2021-09-15 12:56 - 000000000 ____D C:\Windows\SysWOW64\AGEIA
2021-09-15 12:56 - 2021-09-15 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-09-15 12:56 - 2021-09-15 12:56 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2021-09-15 12:54 - 2021-09-15 12:56 - 000000000 ____D C:\martinovo
2021-09-15 12:52 - 2009-01-14 00:03 - 2239692800 _____ C:\Users\X230\Downloads\rld-mirk.iso
2021-09-15 12:51 - 2021-09-15 12:51 - 003338648 _____ (Alexander Roshal) C:\Users\X230\Downloads\winrar-x64-602.exe
2021-09-15 12:51 - 2021-09-15 12:51 - 000000000 ____D C:\Users\X230\AppData\Roaming\WinRAR
2021-09-15 12:51 - 2021-09-15 12:51 - 000000000 ____D C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-15 12:51 - 2021-09-15 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-15 12:51 - 2021-09-15 12:51 - 000000000 ____D C:\Program Files\WinRAR
2021-09-15 12:15 - 2021-09-15 12:36 - 000000000 ____D C:\Users\X230\Downloads\Mirrors.Edge-RELOADED
2021-09-15 12:11 - 2021-09-15 12:11 - 000000000 ____D C:\Users\X230\AppData\Local\ElevatedDiagnostics
2021-09-15 12:09 - 2021-09-15 12:09 - 000000000 ____D C:\Users\X230\Documents\EA Games
2021-09-15 12:05 - 2021-09-15 12:07 - 000000000 ____D C:\Windows\SysWOW64\directx
2021-09-15 12:05 - 2021-09-15 12:06 - 000000000 ___HD C:\Windows\msdownld.tmp
2021-09-15 11:46 - 2021-09-15 11:47 - 000000000 ____D C:\AdwCleaner
2021-09-15 11:43 - 2021-09-15 11:43 - 008553680 _____ (Malwarebytes) C:\Users\X230\Desktop\AdwCleaner.exe
2021-09-15 00:27 - 2021-09-15 01:59 - 004765703 _____ C:\Users\X230\Downloads\pan-prstenu-3-navrat-krale.pdf
2021-09-14 23:18 - 2021-09-14 23:18 - 000026918 _____ C:\Users\X230\Desktop\The Office (US) - S01E01 - Pilot.en.srt
2021-09-14 23:17 - 2021-09-14 23:17 - 000028479 _____ C:\Users\X230\Desktop\The.Office.S01E01.Pilot.srt
2021-09-14 21:00 - 2021-09-14 22:05 - 1866794693 _____ C:\Users\X230\Downloads\MirrorsEdge.zip
2021-09-14 13:58 - 2021-09-16 12:31 - 000000000 ____D C:\SHBLAS
2021-09-14 13:52 - 2021-09-14 13:52 - 000000000 ____D C:\Users\X230\AppData\Local\Steam
2021-09-14 13:51 - 2021-09-14 13:59 - 000000000 ____D C:\Program Files (x86)\Steam
2021-09-14 13:51 - 2021-09-14 13:51 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2021-09-14 13:51 - 2021-09-14 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-09-14 13:50 - 2021-09-14 13:50 - 001770744 _____ C:\Users\X230\Downloads\SteamSetup.exe
2021-09-14 13:43 - 2021-09-14 13:44 - 000027357 _____ C:\Users\X230\Downloads\Addition.txt
2021-09-14 13:41 - 2021-09-17 00:34 - 000018408 _____ C:\Users\X230\Downloads\FRST.txt
2021-09-14 13:41 - 2021-09-17 00:34 - 000000000 ____D C:\FRST
2021-09-14 13:41 - 2021-09-17 00:33 - 002304000 _____ (Farbar) C:\Users\X230\Downloads\FRST64.exe
2021-09-14 12:50 - 2021-09-16 18:05 - 000002394 _____ C:\Windows\system32\Tasks\Trojan Remover
2021-09-14 11:09 - 2021-09-15 11:28 - 000000000 ____D C:\Program Files\Loaris Trojan Remover
2021-09-14 11:09 - 2021-09-14 11:09 - 000000000 ____D C:\ProgramData\Loaris
2021-09-14 11:07 - 2021-09-14 11:07 - 001171376 _____ (Loaris LLC) C:\Users\X230\Downloads\loaris-mypc.exe
2021-09-14 11:03 - 2021-09-15 12:11 - 000000000 ____D C:\Users\X230\AppData\Local\CrashDumps
2021-09-14 11:02 - 2021-09-14 11:02 - 000000000 ____D C:\Users\X230\AppData\Local\mbam
2021-09-14 11:00 - 2021-09-14 11:01 - 002101944 _____ (Malwarebytes) C:\Users\X230\Downloads\MBSetup-119967.119967-consumer.exe
2021-09-11 14:49 - 2021-09-16 18:05 - 000000000 ____D C:\Users\X230\AppData\Local\Spotify
2021-09-11 14:49 - 2021-09-16 17:21 - 000000000 ____D C:\Users\X230\AppData\Roaming\Spotify
2021-09-11 14:49 - 2021-09-11 14:49 - 000770280 _____ (Spotify Ltd) C:\Users\X230\Downloads\SpotifySetup.exe
2021-09-11 14:49 - 2021-09-11 14:49 - 000001845 _____ C:\Users\X230\Desktop\Spotify.lnk
2021-09-11 14:49 - 2021-09-11 14:49 - 000001831 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2021-09-11 14:26 - 2021-09-15 11:55 - 000000000 ____D C:\Users\X230\AppData\Local\Avast Software
2021-09-11 14:26 - 2021-09-11 14:26 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-09-11 14:26 - 2021-09-11 14:26 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-09-11 14:26 - 2021-09-11 14:26 - 000000000 ____D C:\Users\X230\AppData\Roaming\Avast Software
2021-09-11 14:26 - 2021-09-11 14:26 - 000000000 ____D C:\Users\X230\AppData\Local\CEF
2021-09-11 14:25 - 2021-09-16 13:55 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-09-11 14:25 - 2021-09-15 21:44 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-09-11 14:25 - 2021-09-11 14:25 - 000851704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000553496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000538464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000367632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000340248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-09-11 14:25 - 2021-09-11 14:25 - 000328568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000250384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000221584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000215384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000184120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000107840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000099344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000082904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000041344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000035712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000017344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-09-11 14:24 - 2021-09-11 14:24 - 000000000 ____D C:\Program Files\Avast Software
2021-09-11 13:41 - 2021-09-14 14:33 - 000000000 ____D C:\Users\X230\AppData\Local\PlaceholderTileLogoFolder
2021-09-11 13:17 - 2021-09-15 12:41 - 000000000 ____D C:\Users\X230\AppData\Local\BitTorrentHelper
2021-09-11 13:16 - 2021-09-16 19:42 - 000000000 ____D C:\ProgramData\Avast Software
2021-09-11 13:16 - 2021-09-11 13:16 - 000224552 _____ (AVAST Software) C:\Users\X230\Downloads\avast_free_antivirus_setup_online.exe
2021-09-11 13:15 - 2021-09-11 13:15 - 000000000 ____D C:\Users\X230\AppData\Local\D3DSCache
2021-09-11 13:14 - 2021-09-15 12:57 - 000000000 ____D C:\Users\X230\AppData\Roaming\uTorrent
2021-09-11 13:14 - 2021-09-11 13:14 - 000000895 _____ C:\Users\X230\Desktop\µTorrent.lnk
2021-09-11 13:14 - 2021-09-11 13:14 - 000000875 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-09-11 13:13 - 2021-09-11 13:13 - 000000000 ____D C:\Users\X230\AppData\Local\UT008
2021-09-11 13:12 - 2021-09-11 13:12 - 005140776 _____ (BitTorrent Inc.) C:\Users\X230\Downloads\uTorrent.exe
2021-09-11 13:09 - 2021-09-11 13:10 - 021118840 _____ (BitTorrent, Inc.) C:\Users\X230\Downloads\utweb_installer.exe
2021-09-11 12:07 - 2021-09-11 12:07 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-09-11 11:47 - 2021-09-16 23:47 - 000000000 ____D C:\Program Files\CCleaner
2021-09-11 11:47 - 2021-09-16 18:05 - 000002988 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-09-11 11:47 - 2021-09-16 18:05 - 000002250 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - X230
2021-09-11 11:47 - 2021-09-11 11:47 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-09-11 11:47 - 2021-09-11 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-09-11 11:45 - 2021-09-11 11:45 - 036097408 _____ (Piriform Software Ltd) C:\Users\X230\Downloads\ccsetup584_pro_trial.exe
2021-09-11 11:43 - 2021-09-17 00:17 - 000000000 ____D C:\Users\X230\AppData\LocalLow\Mozilla
2021-09-11 11:43 - 2021-09-11 12:20 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000333064 _____ (Mozilla) C:\Users\X230\Downloads\Firefox Installer.exe
2021-09-11 11:43 - 2021-09-11 11:43 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-11 11:43 - 2021-09-11 11:43 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Users\X230\AppData\Roaming\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Users\X230\AppData\Local\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-10 10:24 - 2021-09-10 10:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-09-10 10:24 - 2021-09-10 10:24 - 000170496 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll
2021-09-10 10:24 - 2021-09-10 10:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-09-10 10:23 - 2021-09-10 10:23 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-09-10 10:23 - 2021-09-10 10:23 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-09-10 10:23 - 2021-09-10 10:23 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-17 00:14 - 2021-06-20 20:44 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-17 00:11 - 2021-06-20 19:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-16 20:13 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-16 19:50 - 2021-06-20 19:41 - 001693712 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-16 19:50 - 2019-12-07 16:43 - 000718160 _____ C:\Windows\system32\perfh005.dat
2021-09-16 19:50 - 2019-12-07 16:43 - 000145302 _____ C:\Windows\system32\perfc005.dat
2021-09-16 19:50 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-09-16 19:43 - 2021-06-20 21:08 - 000000000 __SHD C:\Users\X230\IntelGraphicsProfiles
2021-09-16 19:42 - 2021-06-20 19:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-16 19:42 - 2021-06-20 19:34 - 000258096 _____ C:\Windows\system32\FNTCACHE.DAT
2021-09-16 19:42 - 2021-06-20 19:34 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-16 19:42 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-09-16 19:42 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-09-16 19:42 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-09-16 19:42 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-09-16 19:17 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-09-16 18:19 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-16 18:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-16 18:05 - 2021-06-20 21:03 - 000002274 _____ C:\Windows\system32\Tasks\DolbySelectorTask
2021-09-16 18:05 - 2021-06-20 21:02 - 000003482 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-09-16 18:05 - 2021-06-20 20:44 - 000003402 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-16 18:05 - 2021-06-20 20:44 - 000003178 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-16 18:05 - 2021-06-20 20:25 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3269600821-496837758-4138566819-1001
2021-09-16 18:05 - 2021-06-20 19:35 - 000003512 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-09-16 18:05 - 2021-06-20 19:35 - 000003288 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-09-16 12:26 - 2021-06-20 20:23 - 000002374 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-16 01:15 - 2021-06-20 20:44 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-16 01:15 - 2021-06-20 20:44 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-16 00:13 - 2021-06-20 20:44 - 000000000 ____D C:\Users\X230\AppData\Roaming\vlc
2021-09-15 21:46 - 2021-06-20 20:37 - 000000000 ____D C:\Windows\system32\MRT
2021-09-15 21:44 - 2021-06-20 20:37 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-15 11:47 - 2021-07-08 11:12 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-09-15 11:47 - 2021-06-20 21:16 - 000000000 ____D C:\Program Files\Lenovo
2021-09-15 11:47 - 2021-06-20 21:04 - 000000000 ____D C:\Windows\SysWOW64\Lenovo
2021-09-15 11:47 - 2021-06-20 21:04 - 000000000 ____D C:\Windows\system32\Lenovo
2021-09-15 00:30 - 2021-06-20 21:01 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-15 00:30 - 2021-06-20 21:01 - 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2021-09-15 00:30 - 2021-06-20 21:00 - 000000000 ____D C:\Users\X230\AppData\Local\Adobe
2021-09-15 00:29 - 2021-06-20 21:01 - 000000000 ____D C:\ProgramData\Adobe
2021-09-14 14:04 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-09-14 14:04 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-09-14 14:04 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\SysWOW64\winrm
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\SysWOW64\WCN
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\system32\winrm
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\system32\WCN
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\system32\slmgr
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\F12
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\IME
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-09-14 14:04 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-09-14 14:01 - 2019-12-07 16:45 - 000000000 ____D C:\Windows\OCR
2021-09-14 14:00 - 2021-06-20 20:23 - 000000000 ____D C:\Users\X230\AppData\Local\Packages
2021-09-14 11:09 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-09-13 11:27 - 2021-06-20 20:23 - 000000000 ____D C:\ProgramData\Packages
2021-09-13 11:21 - 2021-06-20 19:35 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-11 11:48 - 2021-06-20 20:34 - 000000000 ____D C:\Windows\Panther
2021-09-11 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2021-09-10 10:34 - 2021-06-20 19:35 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-10 10:17 - 2021-06-20 20:39 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-10 10:09 - 2021-06-20 21:14 - 000000000 ____D C:\Users\X230\AppData\Local\LenovoServiceBridge
2021-09-10 10:08 - 2021-06-20 20:38 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by X230 (17-09-2021 00:35:31)
Running from C:\Users\X230\Downloads
Windows 10 Pro Version 21H1 19043.1237 (X64) (2021-06-20 17:37:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3269600821-496837758-4138566819-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3269600821-496837758-4138566819-503 - Limited - Disabled)
Guest (S-1-5-21-3269600821-496837758-4138566819-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3269600821-496837758-4138566819-504 - Limited - Disabled)
X230 (S-1-5-21-3269600821-496837758-4138566819-1001 - Administrator - Enabled) => C:\Users\X230
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\uTorrent) (Version: 3.5.5.46096 - BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20091 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.7.2481 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.84 - Piriform)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo)
Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.35.4 - LENOVO (UNITED STATES) INC.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.0.0 - Electronic Arts)
Mobile Broadband Drivers (HKLM\...\{053BB205-59BA-44E5-AD33-F5402494BAB7}) (Version: 8.2.5 - Lenovo) Hidden
Mobile Broadband Drivers v8.2.5 (HKLM-x32\...\{47786bea-6a7b-4d85-9b51-d1db1d022f0a}) (Version: 8.2.5 - Lenovo)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 92.0 (x64 cs)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 92.0 - Mozilla)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
Sonarr version 3.0 (HKLM-x32\...\{56C1065D-3523-4025-B76D-6F73F67F7F71}_is1) (Version: 3.0 - Team Sonarr)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Spotify) (Version: 1.1.67.586.gbb5ef64e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.142 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.14 - VideoLAN)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-09-13] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3269600821-496837758-4138566819-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-09-15 21:49 - 2021-06-17 05:26 - 000665719 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Sonarr\bin\sqlite3.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\X230\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{14BA4E3A-7D6D-411E-A854-E68DB6657B20}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{3CB7F4CE-A0CD-44DB-8724-DDC8C42B0F4E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{04B74FA1-22C6-41EF-9881-D43329E81F52}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C631656-2423-4109-A640-0E7C95C33477}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B88BA6D-5CC3-441E-9A3C-E20F81B1AD73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D31E1C0-07E5-48C7-AE2D-3463894D010D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B838B66-40B2-45B6-90CC-1B617C8164A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{055D82F8-0018-4DC7-8068-54237050EAF9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{86371322-1E4A-4C16-99A1-0FC911BE819B}] => (Allow) C:\Users\X230\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F7798305-FF48-4408-A78A-7411A2D571B0}] => (Allow) C:\Users\X230\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BBEE2B1D-511A-4990-8763-D17FF41EB1D7}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{85B0F42C-D9E3-4FAD-A977-1F255D581971}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{6E7EE9A2-1C52-464C-9B2F-72239A42F538}C:\users\x230\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x230\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7D9D31D0-F22E-4B0B-A347-B0F23FCCD84D}C:\users\x230\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x230\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9960DD6A-0272-47F5-9FE8-15C95A9FE24F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5AD66DF6-0CD7-41C9-8546-4B5C8B7C68A6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{442F60C6-D042-4C93-A55F-4E30F43F9CBF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3869FF3E-F983-4C09-A5D1-B3D43308AF98}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B114774A-7B39-45EF-8735-E8035C005986}] => (Allow) C:\Program Files (x86)\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{29D2F8E4-D192-4D3D-81FF-93042E797EBE}] => (Allow) C:\Program Files (x86)\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{8FB5FE21-2E69-48A6-A1F4-BB6F1FD10895}] => (Allow) LPort=8989
FirewallRules: [{CAFDD0A6-4E7C-4453-A54C-98C71C26E76F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
10-09-2021 10:16:07 Instalační služba modulů systému Windows
14-09-2021 14:01:38 Windows Update
14-09-2021 23:08:01 Nainstalováno: Microsoft Visual C++ 2005 Redistributable
14-09-2021 23:10:23 Nainstalováno: Microsoft Visual C++ 2005 Redistributable (x64)
15-09-2021 11:46:53 AdwCleaner_BeforeCleaning_15/09/2021_11:46:53
15-09-2021 12:56:49 Installed ProductName from default.wxl
16-09-2021 19:11:06 Instalační služba modulů systému Windows
16-09-2021 19:12:41 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/17/2021 12:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x10f0
Čas spuštění chybující aplikace: 0x01d7ab2245b5e367
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: d0865b0f-9bf4-4180-aeff-68b86be735ae
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/16/2021 07:43:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, identifikátor PID: 4036, identifikátor PID ProfSvc: 2392.
Error: (09/16/2021 07:43:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, identifikátor PID: 4036, identifikátor PID ProfSvc: 2392.
Error: (09/15/2021 04:42:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x139c
Čas spuštění chybující aplikace: 0x01d7aa1990f6430d
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: efada8bf-d13a-433a-a4cc-1ebe4157c6c4
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/15/2021 12:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Název chybujícího modulu: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Kód výjimky: 0xc0000005
Posun chyby: 0x00fa85c7
ID chybujícího procesu: 0x2870
Čas spuštění chybující aplikace: 0x01d7aa1a0b799c9d
Cesta k chybující aplikaci: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
Cesta k chybujícímu modulu: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
ID zprávy: c55643f6-7f9c-460d-b8d1-2abc00ac36b7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/15/2021 12:11:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Název chybujícího modulu: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Kód výjimky: 0xc0000005
Posun chyby: 0x006bfc7a
ID chybujícího procesu: 0x2870
Čas spuštění chybující aplikace: 0x01d7aa1a0b799c9d
Cesta k chybující aplikaci: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
Cesta k chybujícímu modulu: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
ID zprávy: 05fc1ec2-3ae8-436e-b7a6-315cb5741fbe
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/15/2021 12:10:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Název chybujícího modulu: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Kód výjimky: 0xc0000005
Posun chyby: 0x00fa85c7
ID chybujícího procesu: 0x1558
Čas spuštění chybující aplikace: 0x01d7aa19f5610c5e
Cesta k chybující aplikaci: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
Cesta k chybujícímu modulu: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
ID zprávy: 3692974a-412a-4f79-8648-26939dfb46c5
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/15/2021 12:10:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Název chybujícího modulu: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Kód výjimky: 0xc0000005
Posun chyby: 0x006bfc7a
ID chybujícího procesu: 0x1558
Čas spuštění chybující aplikace: 0x01d7aa19f5610c5e
Cesta k chybující aplikaci: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
Cesta k chybujícímu modulu: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
ID zprávy: 94a3f5b3-cb17-4876-8885-bb7e4c30ae23
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (09/17/2021 12:17:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Biometrická služba systému Windows byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (09/15/2021 09:43:27 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.
Error: (09/15/2021 07:28:02 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.
Error: (09/15/2021 04:42:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Biometrická služba systému Windows byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (09/15/2021 04:42:32 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.
Error: (09/15/2021 01:42:33 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.
Error: (09/15/2021 11:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba System Update byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (09/15/2021 11:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Lenovo Hotkey Client Loader byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
================
Date: 2021-09-11 13:12:49
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/uTorrent
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\X230\Downloads\uTorrent.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-KNL8DH0\X230
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.349.536.0, AS: 1.349.536.0, NIS: 1.349.536.0
Verze modulu: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-09-11 13:11:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: App:Utorrent_BundleInstaller
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\X230\Downloads\utweb_installer.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-KNL8DH0\X230
Název procesu: C:\Program Files\Mozilla Firefox\firefox.exe
Verze bezpečnostních informací: AV: 1.349.536.0, AS: 1.349.536.0, NIS: 1.349.536.0
Verze modulu: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-09-11 12:05:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {1F7A08C1-4117-42DC-95B0-1374EC7499ED}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-09-11 11:54:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {756DFA09-DE59-4F6C-9B8D-10AEEE3F0686}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-09-11 11:52:10
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {8D7862E3-4F7F-49BE-A78A-17B0343D9A02}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-07-08 11:17:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:17:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:17:16
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:10:43
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:10:43
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
CodeIntegrity:
===============
Date: 2021-09-16 19:44:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2021-09-16 19:43:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO G2ETB7WW (2.77 ) 09/24/2019
Motherboard: LENOVO 2325VJV
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 64%
Total physical RAM: 8009.91 MB
Available physical RAM: 2858.17 MB
Total Virtual: 9289.91 MB
Available Virtual: 3682.24 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.96 GB) (Free:141.08 GB) NTFS
\\?\Volume{1770d6a2-6fd8-48b2-a01d-abe3e3e39064}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{1e5900d8-02cf-46a0-8634-ac17005e7dbc}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
FRST.txt :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by X230 (administrator) on DESKTOP-KNL8DH0 (LENOVO 2325VJV) (17-09-2021 00:33:52)
Running from C:\Users\X230\Downloads
Loaded Profiles: X230
Platform: Windows 10 Pro Version 21H1 19043.1237 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\X230\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_6df953d54d3099b9\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN32EE~1.INF\driver\tposd.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\X230\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(sonarr.tv) [File not signed] C:\ProgramData\Sonarr\bin\Sonarr.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [124184 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35145856 2021-08-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [Spotify] => C:\Users\X230\AppData\Roaming\Spotify\Spotify.exe [24857736 2021-09-11] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282600 2021-09-10] (Valve -> Valve Corporation)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\MountPoints2: {887ba6e6-1213-11ec-b4c4-2cd05a7fe6a2} - "D:\Lenovo_Suite.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-16] (Google LLC -> Google LLC)
Startup: C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sonarr.lnk [2021-09-15]
ShortcutTarget: Sonarr.lnk -> C:\ProgramData\Sonarr\bin\Sonarr.exe (sonarr.tv) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FBFACBC-98F7-4129-8E24-BF2E605DBC6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {1B5D9D24-638A-4CA0-BCD7-3983D608214E} - System32\Tasks\CCleanerSkipUAC - X230 => C:\Program Files\CCleaner\CCleaner.exe [29212288 2021-08-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2C846061-65C6-4667-A1EA-B3D56B2340BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-20] (Google LLC -> Google LLC)
Task: {45F4698D-D292-4E36-8BE8-EF1C4DF0E6A2} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [62136 2021-07-11] (Lenovo -> )
Task: {5C25C2A1-8B52-4A8C-A3F5-CC91069B8FB9} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {652601B9-3875-46FB-A770-96F48A4B84D4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-08-27] (Piriform Software Ltd -> Piriform)
Task: {714623CE-A3A8-4F3A-80C6-5324846B6D80} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4917528 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
Task: {7244790E-DD85-4F0D-9912-91FF836522EA} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris Trojan Remover\ltr.exe
Task: {76E7445D-D02F-4AA2-9239-3694C5B2D8FD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {926C4A5E-A7C8-4C34-AA40-DCB36BEE19AA} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
Task: {940647A7-876B-4EEA-9A58-D4A5823F979F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {C02C6542-F1E8-4454-AC45-98827C1C3360} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {C3BBF21D-C392-4935-826D-905F84FD7666} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3269600821-496837758-4138566819-1001 => C:\Users\X230\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-08-18] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {E28B1C7D-860A-4EE3-917C-C359E47F94B7} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {E7BAA6EC-057F-4742-BF34-8709F489D312} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-09-11] (Avast Software s.r.o. -> Avast Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{98c74573-7e83-4ad0-be21-bcc636c59d39}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a7530307-1f26-43a0-aa24-ffdedaf46210}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Profile: C:\Users\X230\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-16]
FireFox:
========
FF DefaultProfile: ptdnnier.default
FF ProfilePath: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\ptdnnier.default [2021-09-14]
FF Homepage: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF ProfilePath: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release [2021-09-17]
FF NewTab: Mozilla\Firefox\Profiles\xft4p477.default-release -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF Extension: (Facebook Container) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\@contain-facebook.xpi [2021-09-11]
FF Extension: (AdBlocker Ultimate) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-09-11]
FF Extension: (English (GB) Language Pack) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2021-09-14]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\marcoagpinto@mail.telepac.pt.xpi [2021-09-14]
FF Extension: (Dictionary Anywhere) - C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\Extensions\{e90f5de4-8510-4515-9f67-3b6654e1e8c2}.xpi [2021-09-14]
FF SearchPlugin: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\searchplugins\Poshukach Engin Search.xml [2021-09-11]
FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default [2021-09-14]
CHR Extension: (Prezentace) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-20]
CHR Extension: (Dokumenty) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-06-20]
CHR Extension: (Disk Google) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-06-20]
CHR Extension: (Adobe Acrobat) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-06-20]
CHR Extension: (Tabulky) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-20]
CHR Extension: (Gmail) - C:\Users\X230\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-06-20]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8303184 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_6df953d54d3099b9\driver\TPHKLOAD.exe [465192 2021-03-30] (Lenovo -> Lenovo Group Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35712 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [221584 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [367632 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [250384 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [99344 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [17344 2021-09-11] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41344 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [184120 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\Windows\System32\drivers\aswNetHub.sys [538464 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [107840 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [82904 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [851704 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [553496 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [215384 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [328568 2021-09-11] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 GemCCID; C:\Windows\System32\drivers\GemCCID.sys [137712 2016-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Gemalto)
S3 ldiagio; C:\Program Files\Lenovo\Lenovo Diagnostics Tool\ldiagio.sys [31568 2020-09-01] (WDKTestCert andre.luis,132164092889939783 -> Lenovo Group Limited (R))
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo(Japan)Ltd. -> Lenovo)
R3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [81392 2015-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Ericsson AB)
R3 MkBusFilter; C:\Windows\system32\DRIVERS\MbmDeviceFilter.sys [42208 2015-06-30] (Ericsson AB -> )
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 risdxc; C:\Windows\System32\drivers\risdxc64.sys [106496 2013-09-08] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [433384 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-10] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-17 00:33 - 2021-09-17 00:33 - 000000000 ___HD C:\$AV_ASW
2021-09-17 00:33 - 2021-09-17 00:33 - 000000000 ____D C:\Users\X230\Downloads\FRST-OlderVersion
2021-09-16 19:16 - 2021-09-16 19:16 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-16 19:16 - 2021-09-16 19:16 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-09-16 19:16 - 2021-09-16 19:16 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-09-16 19:16 - 2021-09-16 19:16 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2021-09-16 19:16 - 2021-09-16 19:16 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2021-09-16 19:16 - 2021-09-16 19:16 - 000011355 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-09-16 19:11 - 2021-09-16 19:11 - 000000000 ___HD C:\$WinREAgent
2021-09-16 13:46 - 2021-09-16 13:47 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2021-09-16 13:46 - 2021-09-16 13:46 - 003086696 _____ C:\Users\X230\Downloads\instspeedfan452.exe
2021-09-16 13:46 - 2021-09-16 13:46 - 000001076 _____ C:\Users\X230\Desktop\SpeedFan.lnk
2021-09-16 13:46 - 2021-09-16 13:46 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2021-09-16 13:46 - 2021-09-16 13:46 - 000000000 ____D C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2021-09-15 21:49 - 2021-09-15 21:49 - 000000877 _____ C:\Users\Public\Desktop\Sonarr.lnk
2021-09-15 21:49 - 2021-09-15 21:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarr
2021-09-15 21:48 - 2021-09-17 00:32 - 000000000 ____D C:\ProgramData\Sonarr
2021-09-15 21:48 - 2021-09-15 21:48 - 013013277 _____ (Team Sonarr ) C:\Users\X230\Downloads\Sonarr.main.3.0.6.1265.windows.exe
2021-09-15 12:59 - 2021-09-15 12:59 - 000002258 _____ C:\Users\Public\Desktop\Mirror's Edge™.lnk
2021-09-15 12:58 - 2021-09-15 12:58 - 000000000 ____D C:\Program Files (x86)\EA Games
2021-09-15 12:56 - 2021-09-15 12:56 - 000000000 ____D C:\Windows\SysWOW64\AGEIA
2021-09-15 12:56 - 2021-09-15 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-09-15 12:56 - 2021-09-15 12:56 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2021-09-15 12:54 - 2021-09-15 12:56 - 000000000 ____D C:\martinovo
2021-09-15 12:52 - 2009-01-14 00:03 - 2239692800 _____ C:\Users\X230\Downloads\rld-mirk.iso
2021-09-15 12:51 - 2021-09-15 12:51 - 003338648 _____ (Alexander Roshal) C:\Users\X230\Downloads\winrar-x64-602.exe
2021-09-15 12:51 - 2021-09-15 12:51 - 000000000 ____D C:\Users\X230\AppData\Roaming\WinRAR
2021-09-15 12:51 - 2021-09-15 12:51 - 000000000 ____D C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-15 12:51 - 2021-09-15 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-15 12:51 - 2021-09-15 12:51 - 000000000 ____D C:\Program Files\WinRAR
2021-09-15 12:15 - 2021-09-15 12:36 - 000000000 ____D C:\Users\X230\Downloads\Mirrors.Edge-RELOADED
2021-09-15 12:11 - 2021-09-15 12:11 - 000000000 ____D C:\Users\X230\AppData\Local\ElevatedDiagnostics
2021-09-15 12:09 - 2021-09-15 12:09 - 000000000 ____D C:\Users\X230\Documents\EA Games
2021-09-15 12:05 - 2021-09-15 12:07 - 000000000 ____D C:\Windows\SysWOW64\directx
2021-09-15 12:05 - 2021-09-15 12:06 - 000000000 ___HD C:\Windows\msdownld.tmp
2021-09-15 11:46 - 2021-09-15 11:47 - 000000000 ____D C:\AdwCleaner
2021-09-15 11:43 - 2021-09-15 11:43 - 008553680 _____ (Malwarebytes) C:\Users\X230\Desktop\AdwCleaner.exe
2021-09-15 00:27 - 2021-09-15 01:59 - 004765703 _____ C:\Users\X230\Downloads\pan-prstenu-3-navrat-krale.pdf
2021-09-14 23:18 - 2021-09-14 23:18 - 000026918 _____ C:\Users\X230\Desktop\The Office (US) - S01E01 - Pilot.en.srt
2021-09-14 23:17 - 2021-09-14 23:17 - 000028479 _____ C:\Users\X230\Desktop\The.Office.S01E01.Pilot.srt
2021-09-14 21:00 - 2021-09-14 22:05 - 1866794693 _____ C:\Users\X230\Downloads\MirrorsEdge.zip
2021-09-14 13:58 - 2021-09-16 12:31 - 000000000 ____D C:\SHBLAS
2021-09-14 13:52 - 2021-09-14 13:52 - 000000000 ____D C:\Users\X230\AppData\Local\Steam
2021-09-14 13:51 - 2021-09-14 13:59 - 000000000 ____D C:\Program Files (x86)\Steam
2021-09-14 13:51 - 2021-09-14 13:51 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2021-09-14 13:51 - 2021-09-14 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-09-14 13:50 - 2021-09-14 13:50 - 001770744 _____ C:\Users\X230\Downloads\SteamSetup.exe
2021-09-14 13:43 - 2021-09-14 13:44 - 000027357 _____ C:\Users\X230\Downloads\Addition.txt
2021-09-14 13:41 - 2021-09-17 00:34 - 000018408 _____ C:\Users\X230\Downloads\FRST.txt
2021-09-14 13:41 - 2021-09-17 00:34 - 000000000 ____D C:\FRST
2021-09-14 13:41 - 2021-09-17 00:33 - 002304000 _____ (Farbar) C:\Users\X230\Downloads\FRST64.exe
2021-09-14 12:50 - 2021-09-16 18:05 - 000002394 _____ C:\Windows\system32\Tasks\Trojan Remover
2021-09-14 11:09 - 2021-09-15 11:28 - 000000000 ____D C:\Program Files\Loaris Trojan Remover
2021-09-14 11:09 - 2021-09-14 11:09 - 000000000 ____D C:\ProgramData\Loaris
2021-09-14 11:07 - 2021-09-14 11:07 - 001171376 _____ (Loaris LLC) C:\Users\X230\Downloads\loaris-mypc.exe
2021-09-14 11:03 - 2021-09-15 12:11 - 000000000 ____D C:\Users\X230\AppData\Local\CrashDumps
2021-09-14 11:02 - 2021-09-14 11:02 - 000000000 ____D C:\Users\X230\AppData\Local\mbam
2021-09-14 11:00 - 2021-09-14 11:01 - 002101944 _____ (Malwarebytes) C:\Users\X230\Downloads\MBSetup-119967.119967-consumer.exe
2021-09-11 14:49 - 2021-09-16 18:05 - 000000000 ____D C:\Users\X230\AppData\Local\Spotify
2021-09-11 14:49 - 2021-09-16 17:21 - 000000000 ____D C:\Users\X230\AppData\Roaming\Spotify
2021-09-11 14:49 - 2021-09-11 14:49 - 000770280 _____ (Spotify Ltd) C:\Users\X230\Downloads\SpotifySetup.exe
2021-09-11 14:49 - 2021-09-11 14:49 - 000001845 _____ C:\Users\X230\Desktop\Spotify.lnk
2021-09-11 14:49 - 2021-09-11 14:49 - 000001831 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2021-09-11 14:26 - 2021-09-15 11:55 - 000000000 ____D C:\Users\X230\AppData\Local\Avast Software
2021-09-11 14:26 - 2021-09-11 14:26 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-09-11 14:26 - 2021-09-11 14:26 - 000002148 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2021-09-11 14:26 - 2021-09-11 14:26 - 000000000 ____D C:\Users\X230\AppData\Roaming\Avast Software
2021-09-11 14:26 - 2021-09-11 14:26 - 000000000 ____D C:\Users\X230\AppData\Local\CEF
2021-09-11 14:25 - 2021-09-16 13:55 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-09-11 14:25 - 2021-09-15 21:44 - 000004264 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2021-09-11 14:25 - 2021-09-11 14:25 - 000851704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000553496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000538464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetHub.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000367632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000340248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-09-11 14:25 - 2021-09-11 14:25 - 000328568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000250384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000221584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000215384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000184120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000107840 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000099344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000082904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000041344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000035712 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000017344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswElam.sys
2021-09-11 14:25 - 2021-09-11 14:25 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-09-11 14:24 - 2021-09-11 14:24 - 000000000 ____D C:\Program Files\Avast Software
2021-09-11 13:41 - 2021-09-14 14:33 - 000000000 ____D C:\Users\X230\AppData\Local\PlaceholderTileLogoFolder
2021-09-11 13:17 - 2021-09-15 12:41 - 000000000 ____D C:\Users\X230\AppData\Local\BitTorrentHelper
2021-09-11 13:16 - 2021-09-16 19:42 - 000000000 ____D C:\ProgramData\Avast Software
2021-09-11 13:16 - 2021-09-11 13:16 - 000224552 _____ (AVAST Software) C:\Users\X230\Downloads\avast_free_antivirus_setup_online.exe
2021-09-11 13:15 - 2021-09-11 13:15 - 000000000 ____D C:\Users\X230\AppData\Local\D3DSCache
2021-09-11 13:14 - 2021-09-15 12:57 - 000000000 ____D C:\Users\X230\AppData\Roaming\uTorrent
2021-09-11 13:14 - 2021-09-11 13:14 - 000000895 _____ C:\Users\X230\Desktop\µTorrent.lnk
2021-09-11 13:14 - 2021-09-11 13:14 - 000000875 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-09-11 13:13 - 2021-09-11 13:13 - 000000000 ____D C:\Users\X230\AppData\Local\UT008
2021-09-11 13:12 - 2021-09-11 13:12 - 005140776 _____ (BitTorrent Inc.) C:\Users\X230\Downloads\uTorrent.exe
2021-09-11 13:09 - 2021-09-11 13:10 - 021118840 _____ (BitTorrent, Inc.) C:\Users\X230\Downloads\utweb_installer.exe
2021-09-11 12:07 - 2021-09-11 12:07 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-09-11 11:47 - 2021-09-16 23:47 - 000000000 ____D C:\Program Files\CCleaner
2021-09-11 11:47 - 2021-09-16 18:05 - 000002988 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-09-11 11:47 - 2021-09-16 18:05 - 000002250 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - X230
2021-09-11 11:47 - 2021-09-11 11:47 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-09-11 11:47 - 2021-09-11 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-09-11 11:45 - 2021-09-11 11:45 - 036097408 _____ (Piriform Software Ltd) C:\Users\X230\Downloads\ccsetup584_pro_trial.exe
2021-09-11 11:43 - 2021-09-17 00:17 - 000000000 ____D C:\Users\X230\AppData\LocalLow\Mozilla
2021-09-11 11:43 - 2021-09-11 12:20 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000333064 _____ (Mozilla) C:\Users\X230\Downloads\Firefox Installer.exe
2021-09-11 11:43 - 2021-09-11 11:43 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-11 11:43 - 2021-09-11 11:43 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Users\X230\AppData\Roaming\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Users\X230\AppData\Local\Mozilla
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-11 11:43 - 2021-09-11 11:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-09-10 10:24 - 2021-09-10 10:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-09-10 10:24 - 2021-09-10 10:24 - 000170496 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll
2021-09-10 10:24 - 2021-09-10 10:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-09-10 10:24 - 2021-09-10 10:24 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-09-10 10:23 - 2021-09-10 10:23 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-09-10 10:23 - 2021-09-10 10:23 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-10 10:23 - 2021-09-10 10:23 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-09-10 10:23 - 2021-09-10 10:23 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-09-10 10:23 - 2021-09-10 10:23 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-10 10:23 - 2021-09-10 10:23 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-09-17 00:14 - 2021-06-20 20:44 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-17 00:11 - 2021-06-20 19:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-09-16 20:13 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-16 19:50 - 2021-06-20 19:41 - 001693712 _____ C:\Windows\system32\PerfStringBackup.INI
2021-09-16 19:50 - 2019-12-07 16:43 - 000718160 _____ C:\Windows\system32\perfh005.dat
2021-09-16 19:50 - 2019-12-07 16:43 - 000145302 _____ C:\Windows\system32\perfc005.dat
2021-09-16 19:50 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-09-16 19:43 - 2021-06-20 21:08 - 000000000 __SHD C:\Users\X230\IntelGraphicsProfiles
2021-09-16 19:42 - 2021-06-20 19:35 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-09-16 19:42 - 2021-06-20 19:34 - 000258096 _____ C:\Windows\system32\FNTCACHE.DAT
2021-09-16 19:42 - 2021-06-20 19:34 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-16 19:42 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-09-16 19:42 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-09-16 19:42 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-09-16 19:42 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-09-16 19:17 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-09-16 18:19 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-16 18:19 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-09-16 18:05 - 2021-06-20 21:03 - 000002274 _____ C:\Windows\system32\Tasks\DolbySelectorTask
2021-09-16 18:05 - 2021-06-20 21:02 - 000003482 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-09-16 18:05 - 2021-06-20 20:44 - 000003402 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-09-16 18:05 - 2021-06-20 20:44 - 000003178 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-16 18:05 - 2021-06-20 20:25 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3269600821-496837758-4138566819-1001
2021-09-16 18:05 - 2021-06-20 19:35 - 000003512 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-09-16 18:05 - 2021-06-20 19:35 - 000003288 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-09-16 12:26 - 2021-06-20 20:23 - 000002374 _____ C:\Users\X230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-16 01:15 - 2021-06-20 20:44 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-16 01:15 - 2021-06-20 20:44 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-16 00:13 - 2021-06-20 20:44 - 000000000 ____D C:\Users\X230\AppData\Roaming\vlc
2021-09-15 21:46 - 2021-06-20 20:37 - 000000000 ____D C:\Windows\system32\MRT
2021-09-15 21:44 - 2021-06-20 20:37 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-09-15 11:47 - 2021-07-08 11:12 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-09-15 11:47 - 2021-06-20 21:16 - 000000000 ____D C:\Program Files\Lenovo
2021-09-15 11:47 - 2021-06-20 21:04 - 000000000 ____D C:\Windows\SysWOW64\Lenovo
2021-09-15 11:47 - 2021-06-20 21:04 - 000000000 ____D C:\Windows\system32\Lenovo
2021-09-15 00:30 - 2021-06-20 21:01 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-15 00:30 - 2021-06-20 21:01 - 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2021-09-15 00:30 - 2021-06-20 21:00 - 000000000 ____D C:\Users\X230\AppData\Local\Adobe
2021-09-15 00:29 - 2021-06-20 21:01 - 000000000 ____D C:\ProgramData\Adobe
2021-09-14 14:04 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-09-14 14:04 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-09-14 14:04 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\SysWOW64\winrm
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\SysWOW64\WCN
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\SysWOW64\slmgr
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\system32\winrm
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\system32\WCN
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\system32\slmgr
2021-09-14 14:04 - 2019-12-07 16:43 - 000000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\F12
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\IME
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-09-14 14:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-09-14 14:04 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-09-14 14:01 - 2019-12-07 16:45 - 000000000 ____D C:\Windows\OCR
2021-09-14 14:00 - 2021-06-20 20:23 - 000000000 ____D C:\Users\X230\AppData\Local\Packages
2021-09-14 11:09 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-09-13 11:27 - 2021-06-20 20:23 - 000000000 ____D C:\ProgramData\Packages
2021-09-13 11:21 - 2021-06-20 19:35 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-11 11:48 - 2021-06-20 20:34 - 000000000 ____D C:\Windows\Panther
2021-09-11 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2021-09-10 10:34 - 2021-06-20 19:35 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-10 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-10 10:17 - 2021-06-20 20:39 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-10 10:09 - 2021-06-20 21:14 - 000000000 ____D C:\Users\X230\AppData\Local\LenovoServiceBridge
2021-09-10 10:08 - 2021-06-20 20:38 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition.txt :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by X230 (17-09-2021 00:35:31)
Running from C:\Users\X230\Downloads
Windows 10 Pro Version 21H1 19043.1237 (X64) (2021-06-20 17:37:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3269600821-496837758-4138566819-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3269600821-496837758-4138566819-503 - Limited - Disabled)
Guest (S-1-5-21-3269600821-496837758-4138566819-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3269600821-496837758-4138566819-504 - Limited - Disabled)
X230 (S-1-5-21-3269600821-496837758-4138566819-1001 - Administrator - Enabled) => C:\Users\X230
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\uTorrent) (Version: 3.5.5.46096 - BitTorrent Inc.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20091 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.7.2481 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.84 - Piriform)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.5 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo)
Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}_is1) (Version: 4.35.4 - LENOVO (UNITED STATES) INC.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.0.0 - Electronic Arts)
Mobile Broadband Drivers (HKLM\...\{053BB205-59BA-44E5-AD33-F5402494BAB7}) (Version: 8.2.5 - Lenovo) Hidden
Mobile Broadband Drivers v8.2.5 (HKLM-x32\...\{47786bea-6a7b-4d85-9b51-d1db1d022f0a}) (Version: 8.2.5 - Lenovo)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 92.0 (x64 cs)) (Version: 92.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 92.0 - Mozilla)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7614 - Realtek Semiconductor Corp.)
Sonarr version 3.0 (HKLM-x32\...\{56C1065D-3523-4025-B76D-6F73F67F7F71}_is1) (Version: 3.0 - Team Sonarr)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\Spotify) (Version: 1.1.67.586.gbb5ef64e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.142 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.14 - VideoLAN)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-09-13] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3269600821-496837758-4138566819-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-11] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-09-15 21:49 - 2021-06-17 05:26 - 000665719 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Sonarr\bin\sqlite3.DLL
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\X230\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3269600821-496837758-4138566819-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{14BA4E3A-7D6D-411E-A854-E68DB6657B20}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{3CB7F4CE-A0CD-44DB-8724-DDC8C42B0F4E}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe => No File
FirewallRules: [{04B74FA1-22C6-41EF-9881-D43329E81F52}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7C631656-2423-4109-A640-0E7C95C33477}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1B88BA6D-5CC3-441E-9A3C-E20F81B1AD73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1D31E1C0-07E5-48C7-AE2D-3463894D010D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B838B66-40B2-45B6-90CC-1B617C8164A0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{055D82F8-0018-4DC7-8068-54237050EAF9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{86371322-1E4A-4C16-99A1-0FC911BE819B}] => (Allow) C:\Users\X230\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F7798305-FF48-4408-A78A-7411A2D571B0}] => (Allow) C:\Users\X230\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BBEE2B1D-511A-4990-8763-D17FF41EB1D7}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{85B0F42C-D9E3-4FAD-A977-1F255D581971}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{6E7EE9A2-1C52-464C-9B2F-72239A42F538}C:\users\x230\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x230\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7D9D31D0-F22E-4B0B-A347-B0F23FCCD84D}C:\users\x230\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\x230\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9960DD6A-0272-47F5-9FE8-15C95A9FE24F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5AD66DF6-0CD7-41C9-8546-4B5C8B7C68A6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{442F60C6-D042-4C93-A55F-4E30F43F9CBF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3869FF3E-F983-4C09-A5D1-B3D43308AF98}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B114774A-7B39-45EF-8735-E8035C005986}] => (Allow) C:\Program Files (x86)\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{29D2F8E4-D192-4D3D-81FF-93042E797EBE}] => (Allow) C:\Program Files (x86)\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{8FB5FE21-2E69-48A6-A1F4-BB6F1FD10895}] => (Allow) LPort=8989
FirewallRules: [{CAFDD0A6-4E7C-4453-A54C-98C71C26E76F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
10-09-2021 10:16:07 Instalační služba modulů systému Windows
14-09-2021 14:01:38 Windows Update
14-09-2021 23:08:01 Nainstalováno: Microsoft Visual C++ 2005 Redistributable
14-09-2021 23:10:23 Nainstalováno: Microsoft Visual C++ 2005 Redistributable (x64)
15-09-2021 11:46:53 AdwCleaner_BeforeCleaning_15/09/2021_11:46:53
15-09-2021 12:56:49 Installed ProductName from default.wxl
16-09-2021 19:11:06 Instalační služba modulů systému Windows
16-09-2021 19:12:41 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (09/17/2021 12:17:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x10f0
Čas spuštění chybující aplikace: 0x01d7ab2245b5e367
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: d0865b0f-9bf4-4180-aeff-68b86be735ae
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/16/2021 07:43:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, identifikátor PID: 4036, identifikátor PID ProfSvc: 2392.
Error: (09/16/2021 07:43:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\Avast Software\Avast\aswToolsSvc.exe, identifikátor PID: 4036, identifikátor PID ProfSvc: 2392.
Error: (09/15/2021 04:42:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WbioSrvc, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: UPKBU.DLL, verze: 1.6.1.341, časové razítko: 0x502239a7
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000cccd7
ID chybujícího procesu: 0x139c
Čas spuštění chybující aplikace: 0x01d7aa1990f6430d
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\UPKBU.DLL
ID zprávy: efada8bf-d13a-433a-a4cc-1ebe4157c6c4
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/15/2021 12:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Název chybujícího modulu: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Kód výjimky: 0xc0000005
Posun chyby: 0x00fa85c7
ID chybujícího procesu: 0x2870
Čas spuštění chybující aplikace: 0x01d7aa1a0b799c9d
Cesta k chybující aplikaci: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
Cesta k chybujícímu modulu: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
ID zprávy: c55643f6-7f9c-460d-b8d1-2abc00ac36b7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/15/2021 12:11:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Název chybujícího modulu: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Kód výjimky: 0xc0000005
Posun chyby: 0x006bfc7a
ID chybujícího procesu: 0x2870
Čas spuštění chybující aplikace: 0x01d7aa1a0b799c9d
Cesta k chybující aplikaci: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
Cesta k chybujícímu modulu: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
ID zprávy: 05fc1ec2-3ae8-436e-b7a6-315cb5741fbe
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/15/2021 12:10:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Název chybujícího modulu: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Kód výjimky: 0xc0000005
Posun chyby: 0x00fa85c7
ID chybujícího procesu: 0x1558
Čas spuštění chybující aplikace: 0x01d7aa19f5610c5e
Cesta k chybující aplikaci: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
Cesta k chybujícímu modulu: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
ID zprávy: 3692974a-412a-4f79-8648-26939dfb46c5
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (09/15/2021 12:10:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Název chybujícího modulu: MirrorsEdge.exe, verze: 1.0.1.0, časové razítko: 0x4965fff1
Kód výjimky: 0xc0000005
Posun chyby: 0x006bfc7a
ID chybujícího procesu: 0x1558
Čas spuštění chybující aplikace: 0x01d7aa19f5610c5e
Cesta k chybující aplikaci: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
Cesta k chybujícímu modulu: C:\SHBLAS\Mirror's Edge\Mirror's Edge\Binaries\MirrorsEdge.exe
ID zprávy: 94a3f5b3-cb17-4876-8885-bb7e4c30ae23
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (09/17/2021 12:17:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Biometrická služba systému Windows byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (09/15/2021 09:43:27 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.
Error: (09/15/2021 07:28:02 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR3.
Error: (09/15/2021 04:42:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Biometrická služba systému Windows byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (09/15/2021 04:42:32 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.
Error: (09/15/2021 01:42:33 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.
Error: (09/15/2021 11:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba System Update byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (09/15/2021 11:47:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Lenovo Hotkey Client Loader byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
================
Date: 2021-09-11 13:12:49
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/uTorrent
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\X230\Downloads\uTorrent.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-KNL8DH0\X230
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.349.536.0, AS: 1.349.536.0, NIS: 1.349.536.0
Verze modulu: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-09-11 13:11:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: App:Utorrent_BundleInstaller
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\X230\Downloads\utweb_installer.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-KNL8DH0\X230
Název procesu: C:\Program Files\Mozilla Firefox\firefox.exe
Verze bezpečnostních informací: AV: 1.349.536.0, AS: 1.349.536.0, NIS: 1.349.536.0
Verze modulu: AM: 1.1.18500.10, NIS: 1.1.18500.10
Date: 2021-09-11 12:05:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {1F7A08C1-4117-42DC-95B0-1374EC7499ED}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-09-11 11:54:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {756DFA09-DE59-4F6C-9B8D-10AEEE3F0686}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-09-11 11:52:10
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {8D7862E3-4F7F-49BE-A78A-17B0343D9A02}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-07-08 11:17:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:17:16
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:17:16
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:10:43
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
Date: 2021-07-08 11:10:43
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.615.0
Předchozí verze bezpečnostních informací: 1.341.1110.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.
CodeIntegrity:
===============
Date: 2021-09-16 19:44:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2021-09-16 19:43:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO G2ETB7WW (2.77 ) 09/24/2019
Motherboard: LENOVO 2325VJV
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz
Percentage of memory in use: 64%
Total physical RAM: 8009.91 MB
Available physical RAM: 2858.17 MB
Total Virtual: 9289.91 MB
Available Virtual: 3682.24 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.96 GB) (Free:141.08 GB) NTFS
\\?\Volume{1770d6a2-6fd8-48b2-a01d-abe3e3e39064}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{1e5900d8-02cf-46a0-8634-ac17005e7dbc}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Re: poshukach - obyčejná řešení nefungují
Pardon za zdrzanie.
Otvor poznamkovy blok (Win+R -> notepad -> enter)
Otvor poznamkovy blok (Win+R -> notepad -> enter)
- Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum FF Homepage: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1 FF NewTab: Mozilla\Firefox\Profiles\ptdnnier.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1 FF NewTab: Mozilla\Firefox\Profiles\xft4p477.default-release -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1 FF SearchPlugin: C:\Users\X230\AppData\Roaming\Mozilla\Firefox\Profiles\xft4p477.default-release\searchplugins\Poshukach Engin Search.xml [2021-09-11] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] S3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [X] 2021-09-17 00:33 - 2021-09-17 00:33 - 000000000 ____D C:\Users\X230\Downloads\FRST-OlderVersion ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Hosts: EmptyTemp: End
- Uloz na plochu s nazvom fixlist.txt
- Spusti znovu FRST a klikni na Fix
- Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
- Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!
E-mail: conder (zavinac) forum.viry.cz
Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).
Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.
V pripade spokojnosti je mozne podporit forum. Dakujeme!