log Hijack Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: log Hijack

Příspěvekod jaro3 » 14 pro 2020 17:32

Odinstaluj:
SpyHunter5

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\MountPoints2: {0c5adc7c-ec66-11e9-b65a-d050994a9cdb} - "E:\LaunchU3.exe" -a
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {46A3A71E-9CD1-44EE-BD05-28F5DF72D6D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-29] (Google LLC -> Google LLC)
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\DropboxUpdateTaskMachineCore" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\DropboxUpdateTaskMachineUA" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1001" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1002" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1003" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {D66758A6-2CA1-4C00-88E5-BB62C46B7432} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-29] (Google LLC -> Google LLC)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B22974E50B0B99A9&affID=44444&tsp=4920","hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5ECZ&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5ECZ&apn_dbr=cr_34.0.1847.131&apn_uid=EF1A8E44-606D-43E1-BB14-A5923F94D8DA&itbv=12.10.6.53&doi=2014-05-01&psv=","hxxps://www.google.com/"
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
U1 aswbdisk; no ImagePath
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Users\Vojta\AppData\Roaming\Avast Software
C:\Users\Lukáš\AppData\Roaming\Avast Software
C:\WINDOWS\system32\Tasks\Avast Software
C:\ProgramData\Avast Software
C:\Users\Pavel\Desktop\avast_free_antivirus_setup_online.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Virustotal: C:\Program Files\COMODO\COMODO Internet Security\cis.exe <2>
Virustotal: C:\WINDOWS\system32\agentactivationruntimestarter.exe
Virustotal: C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
Virustotal: C:\ProgramData\updateSuccess.txt

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

COMODO Antivirus (HKLM\...\{E6B0FD8D-8799-441B-8734-B8A266C0C303}) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.) Hidden
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
https://cs.nex-software.com/co-je-cisexe

Proces Cis.exe ve Správci úloh systému Windows
Proces známý jako COMODO Internet Security patří k softwaru COMODO Firewall nebo COMODO Internet Security Premium nebo COMODO Internet Security nebo COMODO Antivirus nebo COMODO Internet Security Complete (verze 2013) od společnosti COMODO (www.comodo.com).

Stáhni si Security Check by screen317 z některého odkazu
http://www.bleepingcomputer.com/download/securitycheck/
https://www.bleepingcomputer.com/downlo ... ritycheck/

http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.


Drive c: () (Fixed) (Total:446.56 GB) (Free:69.31 GB) NTFS
Totální nedostatek volného místa na disku!! Něco odinstaluj , smaž. Máš mít nejméně 15-20% volného místa na syst. disku , pro zajištění bezproblémového chodu windows!!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 14 pro 2020 18:21

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Pavel (14-12-2020 18:08:33) Run:1
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel & Lukáš
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\MountPoints2: {0c5adc7c-ec66-11e9-b65a-d050994a9cdb} - "E:\LaunchU3.exe" -a
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {46A3A71E-9CD1-44EE-BD05-28F5DF72D6D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-29] (Google LLC -> Google LLC)
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\DropboxUpdateTaskMachineCore" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\DropboxUpdateTaskMachineUA" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1001" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1002" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1003" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" /ENABLE
Task: {B99F923C-3A86-45A7-88E6-14871FCE2179} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {D66758A6-2CA1-4C00-88E5-BB62C46B7432} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-29] (Google LLC -> Google LLC)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B22974E50B0B99A9&affID=44444&tsp=4920","hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5ECZ&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5ECZ&apn_dbr=cr_34.0.1847.131&apn_uid=EF1A8E44-606D-43E1-BB14-A5923F94D8DA&itbv=12.10.6.53&doi=2014-05-01&psv=","hxxps://www.google.com/"
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
U1 aswbdisk; no ImagePath
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
C:\Users\Vojta\AppData\Roaming\Avast Software
C:\Users\Lukáš\AppData\Roaming\Avast Software
C:\WINDOWS\system32\Tasks\Avast Software
C:\ProgramData\Avast Software
C:\Users\Pavel\Desktop\avast_free_antivirus_setup_online.exe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Virustotal: C:\Program Files\COMODO\COMODO Internet Security\cis.exe <2>
Virustotal: C:\WINDOWS\system32\agentactivationruntimestarter.exe
Virustotal: C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
Virustotal: C:\ProgramData\updateSuccess.txt

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5adc7c-ec66-11e9-b65a-d050994a9cdb} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{46A3A71E-9CD1-44EE-BD05-28F5DF72D6D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46A3A71E-9CD1-44EE-BD05-28F5DF72D6D7}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B99F923C-3A86-45A7-88E6-14871FCE2179}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D66758A6-2CA1-4C00-88E5-BB62C46B7432}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D66758A6-2CA1-4C00-88E5-BB62C46B7432}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
"Chrome StartupUrls" => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
"C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job" => not found
"C:\Users\Vojta\AppData\Roaming\Avast Software" => not found
"C:\Users\Lukáš\AppData\Roaming\Avast Software" => not found
C:\WINDOWS\system32\Tasks\Avast Software => moved successfully
"C:\ProgramData\Avast Software" => not found
"C:\Users\Pavel\Desktop\avast_free_antivirus_setup_online.exe" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
"VirusTotal: C:\Program Files\COMODO\COMODO Internet Security\cis.exe <2>" => not found
VirusTotal: C:\WINDOWS\system32\agentactivationruntimestarter.exe => https://www.virustotal.com/gui/file/682 ... 1607867857
VirusTotal: C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt => https://www.virustotal.com/gui/file/a32 ... 1607548609
VirusTotal: C:\ProgramData\updateSuccess.txt => https://www.virustotal.com/gui/file/148 ... 1607965736

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 338566634 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7681955 B
Edge => 4446750 B
Chrome => 954126983 B
Firefox => 84675681 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 223036 B
NetworkService => 259958 B
Pavel => 25160207 B
Lukáš => 173850013 B
Vojta => 446405650 B

RecycleBin => 55841509 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:10:02 ====

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 14 pro 2020 18:26

Spy Hunter je odinstalovaný pomocí Revo Uninstaler (ještě než jsi mi naposled psal, tak již byl pryč)....
Přikládám Checkup.txt



Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
COMODO Antivirus
Windows Defender
COMODO Antivirus
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Zemana AntiMalware verze 3.2.27
Java version 32-bit out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Comodo Firewall cmdagent.exe
Malwarebytes Anti-Malware mbamtray.exe
Zemana AntiMalware AntiMalware.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: log Hijack

Příspěvekod jaro3 » 14 pro 2020 19:34

OK.
Já tam vidím nejen v FRST ale i v security check dva antiviry Comodo..

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}
AV: COMODO Antivirus (Enabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
tentokrát oba zapnuté ( předtím jen jeden)
a zapnutý i Malwarebytes!

``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
COMODO Antivirus
Windows Defender
COMODO Antivirus
Malwarebytes
Antivirus up to date!

Uvolnil sis to volné místo na disku?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 14 pro 2020 21:10

Na C: jsem udělal místo.
Co s tím COMODem? Mám si tedy napřed stáhnout instalák a pak se odpojit od netu a stávající COMODO odinstalovat pomocí Revo Uninstaler? Následně znovu FRST, zda tam info o COMODU bude či nikoliv (pro moje info zda se odinstaloval kompletně). A následně znovu COMODO nainstalovat? Ten Malwerbyte, Window Firewall, Window Defender mohu samozřejmě opět vypnout. "Antivirus up to date" nevím co je a jak jej vypnout.
Díky, Pavel

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 14 pro 2020 21:30

Kouknul jsem znovu na RevoUninstaler a v něm jsou vidět skutečně mimo jiné dva programy: COMODO antivirus a (od společnosti Comodo Security Solutions Inc.) a Internet Security Essentials (od společnosti Comodo). Mám tedy třeba ten Internet Security Essentials odinstalovat? Může to vlastně v tom problému s Chromem pomoci?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: log Hijack

Příspěvekod jaro3 » 14 pro 2020 22:00

Antivirus up to date--Antivirus aktuální

jo odinstaluj Comodo.
dva antiviry jsou na závadu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 15 pro 2020 17:18

Vkládám FRST po odinst. Internet Security Essentials

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Pavel (15-12-2020 17:14:20)
Running from C:\Users\Pavel\Desktop
Windows 10 Pro Version 2004 19041.685 (X64) (2020-07-26 16:11:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1980947671-2380292906-1612769214-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1980947671-2380292906-1612769214-503 - Limited - Disabled)
Guest (S-1-5-21-1980947671-2380292906-1612769214-501 - Limited - Disabled)
Lukáš (S-1-5-21-1980947671-2380292906-1612769214-1002 - Limited - Enabled) => C:\Users\Lukáš
Pavel (S-1-5-21-1980947671-2380292906-1612769214-1001 - Administrator - Enabled) => C:\Users\Pavel
Vojta (S-1-5-21-1980947671-2380292906-1612769214-1003 - Limited - Enabled) => C:\Users\Vojta
WDAGUtilityAccount (S-1-5-21-1980947671-2380292906-1612769214-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
COMODO Antivirus (HKLM\...\{E6B0FD8D-8799-441B-8734-B8A266C0C303}) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.) Hidden
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 111.4.472 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.377.1 - Dropbox, Inc.) Hidden
ElsaWin (HKLM-x32\...\ElsaWin) (Version: 4.00 - )
Excel (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.28 - PandoraTV)
LEGO® Piráti z Karibiku Počítačová hra UKÁZKA (HKLM-x32\...\{A85568D7-A01E-4E05-AFEE-4A1852D70281}) (Version: 1.0.0.0 - Disney Interactive Studios)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.13426.20308 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13426.20308 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 cs) (HKLM\...\Mozilla Firefox 83.0 (x64 cs)) (Version: 83.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20308 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13426.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20294 - Microsoft Corporation) Hidden
Outlook (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Ovládací panel NVIDIA 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 432.00 - NVIDIA Corporation) Hidden
PowerPoint (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
RogueKiller version 14.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.0.0 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.12.4 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Trust WB-1400T Webcam (HKLM-x32\...\{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera) Hidden
Trust WB-1400T Webcam (HKLM-x32\...\InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera)
UCheck version 3.10.0.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 3.10.0.0 - Adlice Software)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.170 - McAfee, LLC)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Word (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zemana AntiMalware verze 3.2.27 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.27 - Zemana)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.0.83.0_x86__kgqvnymyfvs32 [2020-12-01] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.49.2.0_x86__kgqvnymyfvs32 [2020-12-14] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-30] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Pavel\Dropbox [2019-07-04 16:40]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Pavel\Desktop\Pavel - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Pavel\Desktop\Petra - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2011-12-06 16:03 - 2011-12-06 16:03 - 000364032 _____ (Volkswagen AG) [File not signed] C:\ElsaWin\bin\vfc10u.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll [2011-12-06] (TODO: <Company name>) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "IseUI"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8445CC25-C478-4F7E-BD49-0E6490F3594B}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{91BF195C-18B1-4BD9-AA91-11B9EA3950B0}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E8684A44-FFE5-4218-8F80-97086090DAF7}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{F527B8D1-FB39-4808-9335-274E3C8EF240}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe

==================== Restore Points =========================

14-12-2020 19:06:45 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/15/2020 05:08:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 10.0.19041.662, časové razítko: 0x996782f8
Název chybujícího modulu: Explorer.EXE, verze: 10.0.19041.662, časové razítko: 0x996782f8
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000001a830b
ID chybujícího procesu: 0x1aa8
Čas spuštění chybující aplikace: 0x01d6d2fc8a333904
Cesta k chybující aplikaci: C:\WINDOWS\Explorer.EXE
Cesta k chybujícímu modulu: C:\WINDOWS\Explorer.EXE
ID zprávy: 32908ac4-8663-4544-8d89-c08f0fb57396
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/15/2020 05:05:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (12/15/2020 05:04:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {fdf690fe-bbdd-4fcf-969d-43793dea1d6c}

Error: (12/15/2020 04:49:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 10.0.19041.662, časové razítko: 0x996782f8
Název chybujícího modulu: Explorer.EXE, verze: 10.0.19041.662, časové razítko: 0x996782f8
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000001a830b
ID chybujícího procesu: 0x305c
Čas spuštění chybující aplikace: 0x01d6d2f9dceb3f57
Cesta k chybující aplikaci: C:\WINDOWS\Explorer.EXE
Cesta k chybujícímu modulu: C:\WINDOWS\Explorer.EXE
ID zprávy: 2387ee54-a5c7-4796-a7a2-9addddda05d7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/15/2020 01:34:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GameBar.exe, verze: 5.420.11102.0, časové razítko: 0x5faaa7cb
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.546, časové razítko: 0x43cbc11d
Kód výjimky: 0xc0000409
Posun chyby: 0x0000000000071218
ID chybujícího procesu: 0xa10
Čas spuštění chybující aplikace: 0x01d6d2dea503a831
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: 89360cf8-86fc-4ad9-b6c5-ea9ae3fd92d7
Úplný název chybujícího balíčku: Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App

Error: (12/14/2020 06:08:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x8007001f, Zařízení připojené k systému nefunguje.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (12/14/2020 06:08:33 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {e715a211-4568-424e-b784-6bee6badd19c}

Error: (12/14/2020 10:51:36 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu na SECURITY_PRODUCT_STATE_ON došlo k chybě.


System errors:
=============
Error: (12/15/2020 05:08:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby:
Soubor nebo adresář je porušen a není čitelný.

Error: (12/15/2020 05:07:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/15/2020 05:07:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/15/2020 05:07:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/15/2020 05:07:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/15/2020 05:07:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/15/2020 05:07:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/15/2020 05:07:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2020-12-13 17:48:58.1500000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Vigorf.A
ID: 2147714384
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Pavel\Downloads\EW400.rar
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-54V8III\Pavel
Název procesu: C:\Users\Pavel\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.329.332.0, AS: 1.329.332.0, NIS: 1.329.332.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

CodeIntegrity:
===================================

Date: 2020-12-15 17:10:34.3180000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-15 17:10:33.7830000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-12-15 17:10:31.4080000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-15 17:10:28.3050000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-15 17:09:45.9890000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-15 17:08:44.4160000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-15 17:08:44.3570000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-15 17:08:43.2350000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P2.40 08/29/2014
Motherboard: ASRock B85M
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 49%
Total physical RAM: 8111.44 MB
Available physical RAM: 4064.32 MB
Total Virtual: 18863.44 MB
Available Virtual: 13731.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.56 GB) (Free:215.58 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1863.01 GB) (Free:1235.48 GB) NTFS

\\?\Volume{7d762e9c-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 7D762E9C)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: DA29E555)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 15 pro 2020 17:19

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Pavel (administrator) on DESKTOP-54V8III (15-12-2020 17:12:25)
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe <2>
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe <2>
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\111.4.472\QtWebEngineProcess.exe <4>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Pavel\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2010.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrAdm.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrAuf.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrDba.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrHis.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrPas.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrSaz.exe
(Zemana D.O.O. Sarajevo -> Zemana Ltd.) C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Pavel\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A42326-5535-4EE8-A40F-B5A5DA8317E5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {02C8DDB1-C49F-42EC-96C1-0D42B1875995} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13189920 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {0D48BA2F-D57C-4FF6-B8B8-FF22234CEB5A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {0EBD759C-FAC8-48E0-9A21-65C21FFCA1F3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13189920 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {41752928-BE09-4617-8FB0-F4B1C1EEBD4C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {567F5FE2-8A4C-47E4-AEB8-8B55C386D670} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {6FDE22AF-3411-4CDC-AF82-62E9700937D6} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {7941822E-D19B-4FFB-9239-AC32A009299B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {98AB208C-D9AC-41B6-A0F2-7F326490378A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A10C748A-3CCF-40F2-8AF2-59D25DABC8BB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B0092A80-6BFF-4860-A5D1-4143545A4D55} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BF4D3000-7102-41A8-9FF0-B43CA8245119} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {C068BB52-57D6-46BB-89FC-3EACCC2A5B1F} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {D241C240-B5E7-4DE8-B6F6-2E2197A25D79} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143712 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE60C0B9-6848-47AE-B351-8CF506E30E0A} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13189920 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {E50541CB-3095-44B8-AD9D-7358647C6889} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {F1E04075-652C-439E-BD2E-822181507E7D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143712 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F473C18A-8EDA-49A2-A125-061110D978A4} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F696D250-5598-48DF-B510-AEECC1F6C5C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7eb22d12-97e0-44b4-97ad-92edad7b2398}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-15]
Edge Extension: (Outlook) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Word) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-19]
Edge Extension: (Excel) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]

FireFox:
========
FF DefaultProfile: 9n2nyuzz.default
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\9n2nyuzz.default [2020-12-14]
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release [2020-12-14]
FF Session Restore: Mozilla\Firefox\Profiles\15meqnet.default-release -> is enabled.
FF Extension: (No Name) - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release\Extensions\wrc@avast.com.xpi [2020-11-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-11-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default [2020-12-15]
CHR Notifications: Default -> hxxps://www.svetandroida.cz; hxxps://www.vw-club.cz
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B22974E50B0B99A9&affID=44444&tsp=4920","hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5ECZ&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5ECZ&apn_dbr=cr_34.0.1847.131&apn_uid=EF1A8E44-606D-43E1-BB14-A5923F94D8DA&itbv=12.10.6.53&doi=2014-05-01&psv=","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-29]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-29]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-29]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-29]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-29]
CHR Extension: (Tlačítko „Uložit“ pro Pinterest) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-12-09]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-12-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-29]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-29]
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-12-15]
CHR DefaultSearchURL: Profile 2 -> hxxps://search.yahoo.com/search?fr=mcaf ... 91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> mcafee
CHR Session Restore: Profile 2 -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-01]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-01]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-01]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-01]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-01]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-01]
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-11-23] (Microsoft Corporation -> Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334176 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
R2 CmdAgentProt; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334176 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2675504 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 LcSvrAdm; C:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-12-06] (Volkswagen AG) [File not signed]
R3 LcSvrAuf; C:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrDba; C:\ElsaWin\bin\LcSvrDba.exe [392704 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrHis; C:\ElsaWin\bin\LcSvrHis.exe [335360 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrPAS; C:\ElsaWin\bin\LcSvrPas.exe [477696 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrSaz; C:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-12-06] (Volkswagen AG) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-12] (Malwarebytes Inc -> Malwarebytes)
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [955656 2020-11-21] () [File not signed]
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13666872 2020-11-17] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12720144 2020-11-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2020-12-13] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17576 2019-10-23] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [39056 2019-11-13] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [844176 2019-11-13] (Comodo Security Solutions, Inc. -> COMODO)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-12] (Malwarebytes Inc -> Malwarebytes)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-15 13:35 - 2020-12-15 13:35 - 000000000 ____D C:\Users\Vojta\AppData\Local\CrashDumps
2020-12-14 18:19 - 2020-12-14 18:19 - 000852798 _____ C:\Users\Pavel\Desktop\SecurityCheck.exe
2020-12-14 18:08 - 2020-12-14 18:10 - 000012620 _____ C:\Users\Pavel\Desktop\Fixlog.txt
2020-12-14 18:08 - 2020-12-14 18:08 - 000000000 ____D C:\Users\Pavel\Desktop\FRST-OlderVersion
2020-12-14 10:36 - 2020-12-14 10:36 - 000001039 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-14 10:36 - 2020-12-14 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-14 10:36 - 2020-12-14 10:36 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-14 10:35 - 2020-12-14 10:35 - 007458656 _____ (VS Revo Group ) C:\Users\Pavel\Downloads\revosetup.exe
2020-12-13 17:49 - 2020-12-14 11:16 - 000031727 _____ C:\Users\Pavel\Desktop\Addition.txt
2020-12-13 17:46 - 2020-12-15 17:13 - 000022272 _____ C:\Users\Pavel\Desktop\FRST.txt
2020-12-13 17:46 - 2020-12-15 17:13 - 000000000 ____D C:\FRST
2020-12-13 17:44 - 2020-12-14 18:08 - 002286592 _____ (Farbar) C:\Users\Pavel\Desktop\FRST64.exe
2020-12-13 17:38 - 2020-11-11 22:29 - 000000000 ____D C:\Users\Pavel\Desktop\zoek1
2020-12-13 16:04 - 2020-12-13 16:04 - 000000000 ____D C:\Users\Pavel\Downloads\backups
2020-12-13 15:37 - 2020-12-13 15:37 - 001800862 _____ C:\Users\Pavel\Downloads\zoek.rar
2020-12-13 14:26 - 2020-12-13 14:26 - 000000000 ____D C:\Users\Pavel\Desktop\ZemanaAntimalware
2020-12-13 14:24 - 2020-12-15 17:13 - 000163110 _____ C:\WINDOWS\ZAM.krnl.trace
2020-12-13 14:24 - 2020-12-13 14:24 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2020-12-13 14:24 - 2020-12-13 14:24 - 000003558 _____ C:\WINDOWS\system32\Tasks\AMHelper
2020-12-13 14:24 - 2020-12-13 14:24 - 000002680 _____ C:\WINDOWS\system32\Tasks\AMSkipUAC
2020-12-13 14:24 - 2020-12-13 14:24 - 000001333 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\Users\Pavel\AppData\Local\Zemana
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\Program Files (x86)\Zemana
2020-12-13 14:23 - 2020-12-15 17:08 - 000000000 ____D C:\Users\Pavel\AppData\Local\AMSDK
2020-12-13 14:21 - 2020-12-13 14:21 - 012795472 _____ (Zemana Ltd. ) C:\Users\Pavel\Desktop\AntiMalware_Setup.exe
2020-12-13 14:00 - 2020-12-13 14:00 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\IGDump
2020-12-12 23:14 - 2020-12-12 23:14 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Sun
2020-12-12 23:11 - 2020-12-12 23:11 - 000000797 _____ C:\Users\Public\Desktop\UCheck.lnk
2020-12-12 23:11 - 2020-12-12 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2020-12-12 23:10 - 2020-12-12 23:11 - 000000000 ____D C:\ProgramData\UCheck
2020-12-12 23:10 - 2020-12-12 23:11 - 000000000 ____D C:\Program Files\UCheck
2020-12-12 23:09 - 2020-12-12 23:09 - 026045184 _____ (Adlice Software ) C:\Users\Pavel\Desktop\ucheck.exe
2020-12-12 19:19 - 2020-12-12 19:19 - 000000859 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-12-12 19:19 - 2020-12-12 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-12-12 19:19 - 2020-12-12 19:19 - 000000000 ____D C:\Program Files\RogueKiller
2020-12-12 19:18 - 2020-12-12 19:24 - 000000000 ____D C:\ProgramData\RogueKiller
2020-12-12 19:17 - 2020-12-12 19:17 - 040473968 _____ (Adlice Software ) C:\Users\Pavel\Desktop\setup.exe
2020-12-12 16:23 - 2020-12-12 16:23 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\ProgramData\Sophos
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-12-12 16:21 - 2020-12-12 16:21 - 181496840 _____ (Sophos Limited) C:\Users\Pavel\Desktop\Sophos Virus Removal Tool.exe
2020-12-12 15:48 - 2020-12-12 15:48 - 000001153 _____ C:\Users\Pavel\Desktop\JRT.txt
2020-12-12 15:43 - 2020-12-12 15:43 - 000002420 _____ C:\Users\Pavel\Desktop\AdwCleaner[C07].txt
2020-12-12 15:31 - 2020-12-12 15:31 - 001790024 _____ (Malwarebytes) C:\Users\Pavel\Desktop\JRT.exe
2020-12-12 13:12 - 2020-12-12 15:56 - 000005357 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes-12_12_2020.txt
2020-12-12 13:09 - 2020-12-12 13:09 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-12 13:09 - 2020-12-12 13:09 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-11 23:42 - 2020-12-11 23:42 - 008447152 _____ (Malwarebytes) C:\Users\Pavel\Downloads\AdwCleaner(1).exe
2020-12-11 22:37 - 2020-12-11 22:37 - 000448512 _____ (OldTimer Tools) C:\Users\Pavel\Downloads\TFC(1).exe
2020-12-11 22:34 - 2020-12-11 22:34 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pavel\Downloads\HijackThis.exe
2020-12-11 20:01 - 2020-12-11 20:01 - 000000000 ____D C:\Users\Lukáš\AppData\Local\D3DSCache
2020-12-11 17:08 - 2020-12-11 17:08 - 000007893 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes-11_12_2020.txt
2020-12-10 20:34 - 2020-12-10 20:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-10 20:34 - 2020-12-10 20:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-10 20:34 - 2020-12-10 20:34 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-10 20:34 - 2020-12-10 20:34 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-10 20:34 - 2020-12-10 20:34 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-10 20:33 - 2020-12-10 20:33 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-10 20:33 - 2020-12-10 20:33 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-10 20:33 - 2020-12-10 20:33 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-09 17:20 - 2020-12-09 19:58 - 000111274 _____ C:\WINDOWS\ntbtlog.txt
2020-12-07 17:02 - 2020-12-07 17:03 - 000000000 ____D C:\Users\Pavel\Desktop\Vojta
2020-12-07 17:01 - 2020-12-07 17:01 - 006056089 _____ C:\Users\Pavel\Downloads\iCloud Photos(1).zip
2020-12-07 13:41 - 2020-12-07 13:41 - 000000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2020-12-07 09:55 - 2020-12-07 09:55 - 000005065 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes-7_12_2020.txt
2020-12-05 18:28 - 2020-12-05 18:28 - 002719648 _____ C:\Users\Pavel\Downloads\iCloud Photos.zip
2020-12-05 18:25 - 2020-12-06 17:00 - 000000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2020-12-05 18:25 - 2020-12-05 18:25 - 000000000 ____D C:\Users\Lukáš\AppData\Roaming\Mozilla
2020-12-05 18:25 - 2020-12-05 18:25 - 000000000 ____D C:\Users\Lukáš\AppData\Local\Mozilla
2020-12-04 18:00 - 2020-12-04 18:00 - 000008093 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes.txt
2020-12-03 08:12 - 2020-12-03 08:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-12-02 17:45 - 2020-12-02 17:45 - 000448512 _____ (OldTimer Tools) C:\Users\Pavel\Downloads\TFC.exe
2020-12-02 17:42 - 2020-12-02 17:42 - 000050688 _____ (Atribune.org) C:\Users\Pavel\Downloads\atf-cleaner.exe
2020-12-02 17:41 - 2020-12-06 17:26 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\Mozilla
2020-12-02 17:41 - 2020-12-02 17:41 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\Mozilla
2020-12-02 17:41 - 2020-12-02 17:41 - 000000000 ____D C:\Users\Vojta\AppData\Local\Mozilla
2020-12-02 14:01 - 2020-12-02 14:01 - 000000000 ____D C:\Users\Vojta\AppData\Local\CEF
2020-12-01 23:10 - 2020-12-01 23:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-12-01 23:10 - 2020-12-01 23:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-12-01 23:10 - 2020-12-01 23:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-12-01 23:10 - 2020-12-01 23:10 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-12-01 19:05 - 2020-12-01 21:15 - 000002438 _____ C:\Users\Pavel\Desktop\Petra - Chrome.lnk
2020-12-01 18:57 - 2020-12-01 20:06 - 000002394 _____ C:\Users\Pavel\Desktop\Pavel - Chrome.lnk
2020-11-30 12:44 - 2020-11-30 12:44 - 000481422 _____ C:\Users\Pavel\Downloads\informace-k-prijimacimu-rizeni-v-roce-2020-2021-2011152339.pdf
2020-11-30 09:51 - 2020-11-30 09:51 - 000000000 ____D C:\Users\Pavel\AppData\Local\OneDrive
2020-11-29 20:48 - 2020-12-03 16:55 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-29 20:48 - 2020-12-03 16:55 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-29 20:48 - 2020-11-29 20:48 - 000000000 ____D C:\Program Files\Google
2020-11-29 20:40 - 2020-11-29 20:40 - 001317080 _____ (Google LLC) C:\Users\Pavel\Downloads\ChromeSetup.exe
2020-11-29 19:50 - 2020-11-29 19:50 - 000000000 ____D C:\Users\Lukáš\AppData\Local\CEF
2020-11-29 16:18 - 2020-11-29 16:18 - 006542392 _____ (EnigmaSoft Limited) C:\Users\Pavel\Downloads\SpyHunter-Installer.exe
2020-11-29 15:49 - 2020-12-12 13:10 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-29 15:49 - 2020-12-12 13:10 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-29 15:49 - 2020-12-12 13:09 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-11-29 15:49 - 2020-11-29 15:49 - 000000000 ____D C:\Users\Pavel\AppData\Local\mbam
2020-11-29 15:48 - 2020-11-29 15:48 - 002076624 _____ (Malwarebytes) C:\Users\Pavel\Downloads\MBSetup.exe
2020-11-29 15:48 - 2020-11-29 15:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-11-29 15:48 - 2020-11-29 15:48 - 000000000 ____D C:\Program Files\Malwarebytes
2020-11-29 15:39 - 2020-11-29 15:40 - 000000000 ____D C:\AdwCleaner
2020-11-29 15:39 - 2020-11-29 15:39 - 008447152 _____ (Malwarebytes) C:\Users\Pavel\Desktop\AdwCleaner.exe
2020-11-29 15:26 - 2020-12-14 18:19 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Mozilla
2020-11-29 15:26 - 2020-12-14 18:19 - 000000000 ____D C:\ProgramData\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-29 15:26 - 2020-11-29 15:26 - 000000895 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Users\Pavel\AppData\Local\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-29 14:52 - 2020-11-29 14:52 - 000000000 ____D C:\Users\Pavel\AppData\Local\CEF
2020-11-27 15:28 - 2020-12-11 23:40 - 000002428 _____ C:\WINDOWS\system32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2020-11-27 15:28 - 2020-11-27 15:28 - 000000009 _____ C:\ProgramData\updateSuccess.txt
2020-11-24 23:22 - 2020-11-24 23:22 - 000191489 _____ C:\Users\Pavel\Desktop\Informace o správci příloh v systému Microsoft Windows.pdf
2020-11-18 11:01 - 2020-11-20 20:10 - 000000000 ____D C:\Users\Vojta\Desktop\Vojta
2020-11-15 11:01 - 2020-11-15 11:01 - 000000000 ____D C:\Users\Pavel\Downloads\IOXWebcamX-1.1 (2)
2020-11-15 10:59 - 2005-05-05 20:53 - 011330560 _____ C:\Users\Pavel\Downloads\IOXWebcamX-1.1

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-15 17:12 - 2019-07-05 19:35 - 000109042 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2020-12-15 17:08 - 2020-07-26 17:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-15 17:08 - 2020-07-26 17:03 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-15 17:08 - 2020-03-26 20:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-15 17:08 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-15 17:08 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-12-15 17:08 - 2019-07-14 07:19 - 000000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2020-12-15 17:08 - 2019-06-05 18:47 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2020-12-15 17:08 - 2019-06-05 18:47 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-15 17:08 - 2019-06-05 18:46 - 000000000 ___RD C:\Users\Pavel\OneDrive
2020-12-15 17:07 - 2019-06-05 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2020-12-15 17:07 - 2019-06-05 18:46 - 000000000 ____D C:\ProgramData\Comodo
2020-12-15 17:02 - 2019-07-04 16:40 - 000000000 ___RD C:\Users\Pavel\Dropbox
2020-12-15 16:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-15 14:52 - 2019-12-16 13:24 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\.tlauncher
2020-12-15 14:52 - 2019-12-16 13:23 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\.minecraft
2020-12-15 14:52 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-15 13:35 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1003
2020-12-15 13:35 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-15 13:35 - 2019-07-03 16:29 - 000000000 ___RD C:\Users\Vojta\OneDrive
2020-12-14 22:43 - 2020-07-26 17:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-14 20:54 - 2019-07-05 22:24 - 000000000 ____D C:\KMPlayer
2020-12-14 19:20 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1002
2020-12-14 19:20 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-14 19:20 - 2019-06-27 21:16 - 000000000 ___RD C:\Users\Lukáš\OneDrive
2020-12-14 18:17 - 2020-07-26 17:09 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-14 18:17 - 2019-12-07 15:43 - 000682184 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-14 18:17 - 2019-12-07 15:43 - 000137000 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-14 18:17 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-13 15:40 - 2019-06-05 18:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-12 23:15 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1001
2020-12-12 23:15 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-12 23:15 - 2019-12-16 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-12-12 23:15 - 2019-12-16 13:24 - 000000000 ____D C:\Program Files\Java
2020-12-12 23:13 - 2019-12-16 13:24 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2020-12-12 19:43 - 2020-06-05 15:58 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-12 19:43 - 2020-06-05 15:58 - 000002257 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-12 13:09 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-12 10:00 - 2020-10-29 19:19 - 000001425 _____ C:\Users\Lukáš\Desktop\Roblox Player.lnk
2020-12-12 10:00 - 2020-10-29 19:18 - 000001248 _____ C:\Users\Lukáš\Desktop\Roblox Studio.lnk
2020-12-12 10:00 - 2020-10-29 19:18 - 000000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-12-11 23:46 - 2019-06-27 21:25 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2020-12-11 23:46 - 2019-06-27 21:25 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2020-12-11 23:40 - 2020-07-26 17:11 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-11 23:40 - 2020-07-26 17:11 - 000003452 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2020-12-11 23:40 - 2020-07-26 17:11 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-11 23:40 - 2020-07-26 17:11 - 000003228 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2020-12-11 22:40 - 2019-06-05 18:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\VirtualStore
2020-12-11 19:32 - 2020-10-29 18:31 - 000001425 _____ C:\Users\Vojta\Desktop\Roblox Player.lnk
2020-12-11 19:32 - 2020-10-29 18:31 - 000001248 _____ C:\Users\Vojta\Desktop\Roblox Studio.lnk
2020-12-11 19:32 - 2020-10-29 18:31 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-12-10 23:04 - 2020-07-26 17:03 - 000437992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-10 23:03 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-10 20:37 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-08 13:37 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Lukáš
2020-12-07 22:19 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Vojta
2020-12-07 22:19 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Pavel
2020-12-06 13:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-05 19:46 - 2019-07-05 19:30 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-05 19:03 - 2019-06-05 18:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\Packages
2020-12-03 22:06 - 2019-06-05 18:45 - 000000000 ____D C:\Users\Pavel\AppData\Local\PlaceholderTileLogoFolder
2020-12-03 08:12 - 2019-06-27 21:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-12-01 08:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps.tmp
2020-11-30 16:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2020-11-29 20:48 - 2019-06-05 18:47 - 000000000 ____D C:\Users\Pavel\AppData\Local\Google
2020-11-29 20:48 - 2019-06-05 18:47 - 000000000 ____D C:\Program Files (x86)\Google
2020-11-29 15:43 - 2019-06-05 18:47 - 000002138 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk
2020-11-28 20:40 - 2019-07-05 19:24 - 000000000 ____D C:\Users\Pavel\AppData\Local\D3DSCache
2020-11-25 07:40 - 2020-03-26 20:13 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\TeamViewer
2020-11-19 16:49 - 2019-07-01 07:48 - 000000000 ____D C:\Users\Pavel\Desktop\Beruška nová
2020-11-18 03:19 - 2019-06-05 18:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-18 03:16 - 2019-06-05 18:50 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-17 11:08 - 2020-04-17 18:50 - 000002368 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-11-17 11:08 - 2020-04-17 18:50 - 000002360 _____ C:\Users\Pavel\Desktop\Microsoft Teams.lnk

==================== Files in the root of some directories ========

2020-03-24 13:49 - 2020-03-24 13:49 - 000000017 _____ () C:\Users\Pavel\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: log Hijack

Příspěvekod jaro3 » 15 pro 2020 18:26

AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
COMODO Antivirus (HKLM\...\{E6B0FD8D-8799-441B-8734-B8A266C0C303}) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.) Hidden
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 111.4.472 - Dropbox, Inc.)

je to tam pořád..jeden zapnutý a druhý vypnutý.

Zkus to zde:
https://help.comodo.com/topic-72-1-766-12440-.html
https://help.comodo.com/topic-72-1-766-12685-.html
https://www.wikihow.com/Uninstall-Comod ... ty-Premium
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 15 pro 2020 19:10

Utilita nabídla k odinstalaci pouze jeden antivirus, což je COMODO Antivirus a to je to stejné, co mohu odinstalovat přes "Přidat /odebrat programy" ve Woknech.
Mohu jej tedy zkusit odstranit, a z netu pak znovu nainstalovat? Před instalací bych znovu udělal FRST, zda to tam stále bude viset, nebo to zmizí. Jen mám strach, aby při nové instalaci Comodo z webu třeba nedošlo k zavirování PC. V každém případě je nějaká ochrana přimo ve woknech, že, takže snad nic nehrozí?
Tak jak pls?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: log Hijack

Příspěvekod jaro3 » 15 pro 2020 19:57

Pokud si předtím stáhneš instalačku a pak nikam na net nepůjdeš , tak se Ti stát nic nemůže. Leda bys otevíral neznámý mail.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 14 hostů