log Hijack Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 16 pro 2020 17:41

Tak jsem odinstaloval COmodo, provedl restart, udělal FRST a znovu Comodo nainstaloval.
FRST přikládám
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Pavel (administrator) on DESKTOP-54V8III (16-12-2020 16:52:52)
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.680_none_e72768c3263f99bc\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrAdm.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrAuf.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrDba.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrHis.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrPas.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrSaz.exe
(Zemana D.O.O. Sarajevo -> Zemana Ltd.) C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Pavel\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EBD759C-FAC8-48E0-9A21-65C21FFCA1F3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {1FFD808E-869C-4A3F-9F37-12595CD14857} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {44D9969D-E0AB-4F15-8B7F-73A0838B1246} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {567F5FE2-8A4C-47E4-AEB8-8B55C386D670} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {7941822E-D19B-4FFB-9239-AC32A009299B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {968E058E-04AF-4392-A2A7-12F2755135D9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B5F408C-6896-4E1C-BD45-3DC64076E44C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A10C748A-3CCF-40F2-8AF2-59D25DABC8BB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B0092A80-6BFF-4860-A5D1-4143545A4D55} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B8A393C2-9CB2-4B51-B44B-CE8290FC2DA9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E41DBA03-45B4-4023-B0E3-6F54BB13F839} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {E50541CB-3095-44B8-AD9D-7358647C6889} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7eb22d12-97e0-44b4-97ad-92edad7b2398}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-16]
Edge Extension: (Outlook) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Word) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-19]
Edge Extension: (Excel) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]

FireFox:
========
FF DefaultProfile: 9n2nyuzz.default
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\9n2nyuzz.default [2020-12-14]
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release [2020-12-16]
FF Session Restore: Mozilla\Firefox\Profiles\15meqnet.default-release -> is enabled.
FF Extension: (No Name) - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release\Extensions\wrc@avast.com.xpi [2020-11-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-11-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default [2020-12-16]
CHR Notifications: Default -> hxxps://www.svetandroida.cz; hxxps://www.vw-club.cz
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B22974E50B0B99A9&affID=44444&tsp=4920","hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5ECZ&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5ECZ&apn_dbr=cr_34.0.1847.131&apn_uid=EF1A8E44-606D-43E1-BB14-A5923F94D8DA&itbv=12.10.6.53&doi=2014-05-01&psv=","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-29]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-29]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-29]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-29]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-29]
CHR Extension: (Tlačítko „Uložit“ pro Pinterest) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-12-09]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-12-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-29]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-29]
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-12-15]
CHR DefaultSearchURL: Profile 2 -> hxxps://search.yahoo.com/search?fr=mcaf ... 91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> mcafee
CHR Session Restore: Profile 2 -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-01]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-01]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-01]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-01]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-01]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-01]
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 LcSvrAdm; C:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-12-06] (Volkswagen AG) [File not signed]
R3 LcSvrAuf; C:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrDba; C:\ElsaWin\bin\LcSvrDba.exe [392704 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrHis; C:\ElsaWin\bin\LcSvrHis.exe [335360 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrPAS; C:\ElsaWin\bin\LcSvrPas.exe [477696 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrSaz; C:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-12-06] (Volkswagen AG) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-12] (Malwarebytes Inc -> Malwarebytes)
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [955656 2020-11-21] () [File not signed]
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13666872 2020-11-17] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12720144 2020-11-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2020-12-13] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-16] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-12] (Malwarebytes Inc -> Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2020-12-16] (Adlice -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-16 16:52 - 2020-12-16 16:52 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-16 16:52 - 2020-12-16 16:52 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2020-12-16 16:51 - 2020-12-16 16:51 - 000000000 _____ C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2020-12-16 16:44 - 2020-12-16 16:44 - 005613920 _____ (COMODO) C:\Users\Pavel\Desktop\cav_installer.exe
2020-12-15 18:50 - 2020-12-15 18:50 - 002191096 _____ (COMODO) C:\Users\Pavel\Downloads\ciscleanuptool_x64.exe
2020-12-15 13:35 - 2020-12-15 13:35 - 000000000 ____D C:\Users\Vojta\AppData\Local\CrashDumps
2020-12-14 18:19 - 2020-12-14 18:19 - 000852798 _____ C:\Users\Pavel\Desktop\SecurityCheck.exe
2020-12-14 18:08 - 2020-12-14 18:10 - 000012620 _____ C:\Users\Pavel\Desktop\Fixlog.txt
2020-12-14 18:08 - 2020-12-14 18:08 - 000000000 ____D C:\Users\Pavel\Desktop\FRST-OlderVersion
2020-12-14 10:36 - 2020-12-14 10:36 - 000001039 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-14 10:36 - 2020-12-14 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-14 10:36 - 2020-12-14 10:36 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-14 10:35 - 2020-12-14 10:35 - 007458656 _____ (VS Revo Group ) C:\Users\Pavel\Downloads\revosetup.exe
2020-12-13 17:49 - 2020-12-15 17:15 - 000035387 _____ C:\Users\Pavel\Desktop\Addition.txt
2020-12-13 17:46 - 2020-12-16 16:54 - 000018684 _____ C:\Users\Pavel\Desktop\FRST.txt
2020-12-13 17:46 - 2020-12-16 16:53 - 000000000 ____D C:\FRST
2020-12-13 17:44 - 2020-12-14 18:08 - 002286592 _____ (Farbar) C:\Users\Pavel\Desktop\FRST64.exe
2020-12-13 17:38 - 2020-11-11 22:29 - 000000000 ____D C:\Users\Pavel\Desktop\zoek1
2020-12-13 16:04 - 2020-12-13 16:04 - 000000000 ____D C:\Users\Pavel\Downloads\backups
2020-12-13 15:37 - 2020-12-13 15:37 - 001800862 _____ C:\Users\Pavel\Downloads\zoek.rar
2020-12-13 14:26 - 2020-12-13 14:26 - 000000000 ____D C:\Users\Pavel\Desktop\ZemanaAntimalware
2020-12-13 14:24 - 2020-12-16 16:54 - 000099325 _____ C:\WINDOWS\ZAM.krnl.trace
2020-12-13 14:24 - 2020-12-13 14:24 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2020-12-13 14:24 - 2020-12-13 14:24 - 000003558 _____ C:\WINDOWS\system32\Tasks\AMHelper
2020-12-13 14:24 - 2020-12-13 14:24 - 000002680 _____ C:\WINDOWS\system32\Tasks\AMSkipUAC
2020-12-13 14:24 - 2020-12-13 14:24 - 000001333 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\Users\Pavel\AppData\Local\Zemana
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\Program Files (x86)\Zemana
2020-12-13 14:23 - 2020-12-16 16:52 - 000000000 ____D C:\Users\Pavel\AppData\Local\AMSDK
2020-12-13 14:21 - 2020-12-13 14:21 - 012795472 _____ (Zemana Ltd. ) C:\Users\Pavel\Desktop\AntiMalware_Setup.exe
2020-12-13 14:00 - 2020-12-13 14:00 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\IGDump
2020-12-12 23:14 - 2020-12-12 23:14 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Sun
2020-12-12 23:11 - 2020-12-12 23:11 - 000000797 _____ C:\Users\Public\Desktop\UCheck.lnk
2020-12-12 23:11 - 2020-12-12 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2020-12-12 23:10 - 2020-12-12 23:11 - 000000000 ____D C:\ProgramData\UCheck
2020-12-12 23:10 - 2020-12-12 23:11 - 000000000 ____D C:\Program Files\UCheck
2020-12-12 23:09 - 2020-12-12 23:09 - 026045184 _____ (Adlice Software ) C:\Users\Pavel\Desktop\ucheck.exe
2020-12-12 19:19 - 2020-12-12 19:19 - 000000859 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-12-12 19:19 - 2020-12-12 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-12-12 19:19 - 2020-12-12 19:19 - 000000000 ____D C:\Program Files\RogueKiller
2020-12-12 19:18 - 2020-12-12 19:24 - 000000000 ____D C:\ProgramData\RogueKiller
2020-12-12 19:17 - 2020-12-12 19:17 - 040473968 _____ (Adlice Software ) C:\Users\Pavel\Desktop\setup.exe
2020-12-12 16:23 - 2020-12-12 16:23 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\ProgramData\Sophos
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-12-12 16:21 - 2020-12-12 16:21 - 181496840 _____ (Sophos Limited) C:\Users\Pavel\Desktop\Sophos Virus Removal Tool.exe
2020-12-12 15:48 - 2020-12-12 15:48 - 000001153 _____ C:\Users\Pavel\Desktop\JRT.txt
2020-12-12 15:43 - 2020-12-12 15:43 - 000002420 _____ C:\Users\Pavel\Desktop\AdwCleaner[C07].txt
2020-12-12 15:31 - 2020-12-12 15:31 - 001790024 _____ (Malwarebytes) C:\Users\Pavel\Desktop\JRT.exe
2020-12-12 13:12 - 2020-12-12 15:56 - 000005357 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes-12_12_2020.txt
2020-12-12 13:09 - 2020-12-12 13:09 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-12 13:09 - 2020-12-12 13:09 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-11 23:42 - 2020-12-11 23:42 - 008447152 _____ (Malwarebytes) C:\Users\Pavel\Downloads\AdwCleaner(1).exe
2020-12-11 22:37 - 2020-12-11 22:37 - 000448512 _____ (OldTimer Tools) C:\Users\Pavel\Downloads\TFC(1).exe
2020-12-11 22:34 - 2020-12-11 22:34 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pavel\Downloads\HijackThis.exe
2020-12-11 20:01 - 2020-12-11 20:01 - 000000000 ____D C:\Users\Lukáš\AppData\Local\D3DSCache
2020-12-11 17:08 - 2020-12-11 17:08 - 000007893 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes-11_12_2020.txt
2020-12-10 20:34 - 2020-12-10 20:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-10 20:34 - 2020-12-10 20:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-10 20:34 - 2020-12-10 20:34 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-10 20:34 - 2020-12-10 20:34 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-10 20:34 - 2020-12-10 20:34 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-10 20:33 - 2020-12-10 20:33 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-10 20:33 - 2020-12-10 20:33 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-10 20:33 - 2020-12-10 20:33 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-09 17:20 - 2020-12-09 19:58 - 000111274 _____ C:\WINDOWS\ntbtlog.txt
2020-12-07 17:02 - 2020-12-07 17:03 - 000000000 ____D C:\Users\Pavel\Desktop\Vojta
2020-12-07 17:01 - 2020-12-07 17:01 - 006056089 _____ C:\Users\Pavel\Downloads\iCloud Photos(1).zip
2020-12-07 13:41 - 2020-12-16 15:06 - 000000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2020-12-07 09:55 - 2020-12-07 09:55 - 000005065 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes-7_12_2020.txt
2020-12-05 18:28 - 2020-12-05 18:28 - 002719648 _____ C:\Users\Pavel\Downloads\iCloud Photos.zip
2020-12-05 18:25 - 2020-12-06 17:00 - 000000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2020-12-05 18:25 - 2020-12-05 18:25 - 000000000 ____D C:\Users\Lukáš\AppData\Roaming\Mozilla
2020-12-05 18:25 - 2020-12-05 18:25 - 000000000 ____D C:\Users\Lukáš\AppData\Local\Mozilla
2020-12-04 18:00 - 2020-12-04 18:00 - 000008093 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes.txt
2020-12-03 08:12 - 2020-12-03 08:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-12-02 17:45 - 2020-12-02 17:45 - 000448512 _____ (OldTimer Tools) C:\Users\Pavel\Downloads\TFC.exe
2020-12-02 17:42 - 2020-12-02 17:42 - 000050688 _____ (Atribune.org) C:\Users\Pavel\Downloads\atf-cleaner.exe
2020-12-02 17:41 - 2020-12-06 17:26 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\Mozilla
2020-12-02 17:41 - 2020-12-02 17:41 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\Mozilla
2020-12-02 17:41 - 2020-12-02 17:41 - 000000000 ____D C:\Users\Vojta\AppData\Local\Mozilla
2020-12-02 14:01 - 2020-12-02 14:01 - 000000000 ____D C:\Users\Vojta\AppData\Local\CEF
2020-12-01 23:10 - 2020-12-01 23:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-12-01 23:10 - 2020-12-01 23:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-12-01 23:10 - 2020-12-01 23:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-12-01 23:10 - 2020-12-01 23:10 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-12-01 19:05 - 2020-12-01 21:15 - 000002438 _____ C:\Users\Pavel\Desktop\Petra - Chrome.lnk
2020-12-01 18:57 - 2020-12-01 20:06 - 000002394 _____ C:\Users\Pavel\Desktop\Pavel - Chrome.lnk
2020-11-30 12:44 - 2020-11-30 12:44 - 000481422 _____ C:\Users\Pavel\Downloads\informace-k-prijimacimu-rizeni-v-roce-2020-2021-2011152339.pdf
2020-11-30 09:51 - 2020-11-30 09:51 - 000000000 ____D C:\Users\Pavel\AppData\Local\OneDrive
2020-11-29 20:48 - 2020-12-03 16:55 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-29 20:48 - 2020-12-03 16:55 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-29 20:48 - 2020-11-29 20:48 - 000000000 ____D C:\Program Files\Google
2020-11-29 20:40 - 2020-11-29 20:40 - 001317080 _____ (Google LLC) C:\Users\Pavel\Downloads\ChromeSetup.exe
2020-11-29 19:50 - 2020-11-29 19:50 - 000000000 ____D C:\Users\Lukáš\AppData\Local\CEF
2020-11-29 16:18 - 2020-11-29 16:18 - 006542392 _____ (EnigmaSoft Limited) C:\Users\Pavel\Downloads\SpyHunter-Installer.exe
2020-11-29 15:49 - 2020-12-12 13:10 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-29 15:49 - 2020-12-12 13:10 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-29 15:49 - 2020-12-12 13:09 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-11-29 15:49 - 2020-11-29 15:49 - 000000000 ____D C:\Users\Pavel\AppData\Local\mbam
2020-11-29 15:48 - 2020-11-29 15:48 - 002076624 _____ (Malwarebytes) C:\Users\Pavel\Downloads\MBSetup.exe
2020-11-29 15:48 - 2020-11-29 15:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-11-29 15:48 - 2020-11-29 15:48 - 000000000 ____D C:\Program Files\Malwarebytes
2020-11-29 15:39 - 2020-11-29 15:40 - 000000000 ____D C:\AdwCleaner
2020-11-29 15:39 - 2020-11-29 15:39 - 008447152 _____ (Malwarebytes) C:\Users\Pavel\Desktop\AdwCleaner.exe
2020-11-29 15:26 - 2020-12-16 16:51 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Mozilla
2020-11-29 15:26 - 2020-12-16 16:51 - 000000000 ____D C:\ProgramData\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-29 15:26 - 2020-11-29 15:26 - 000000895 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Users\Pavel\AppData\Local\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-29 14:52 - 2020-11-29 14:52 - 000000000 ____D C:\Users\Pavel\AppData\Local\CEF
2020-11-27 15:28 - 2020-12-11 23:40 - 000002428 _____ C:\WINDOWS\system32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2020-11-27 15:28 - 2020-11-27 15:28 - 000000009 _____ C:\ProgramData\updateSuccess.txt
2020-11-24 23:22 - 2020-11-24 23:22 - 000191489 _____ C:\Users\Pavel\Desktop\Informace o správci příloh v systému Microsoft Windows.pdf
2020-11-18 11:01 - 2020-11-20 20:10 - 000000000 ____D C:\Users\Vojta\Desktop\Vojta

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-16 16:53 - 2020-03-26 20:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-16 16:52 - 2020-07-26 17:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-16 16:52 - 2020-07-26 17:03 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-16 16:52 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-16 16:52 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-12-16 16:52 - 2019-06-05 18:47 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-16 16:51 - 2020-04-17 18:50 - 000002479 _____ C:\Users\Pavel\Desktop\Microsoft Teams.lnk
2020-12-16 16:51 - 2019-12-16 13:23 - 000002084 _____ C:\Users\Pavel\Desktop\TLauncher.lnk
2020-12-16 16:26 - 2020-07-26 17:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-16 14:36 - 2019-12-16 13:23 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\.minecraft
2020-12-16 14:35 - 2019-12-16 13:24 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\.tlauncher
2020-12-16 13:48 - 2019-07-05 19:30 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-16 13:44 - 2019-06-05 18:46 - 000000000 ___RD C:\Users\Pavel\OneDrive
2020-12-15 17:15 - 2020-07-26 17:09 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-15 17:15 - 2019-12-07 15:43 - 000682184 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-15 17:15 - 2019-12-07 15:43 - 000137000 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-15 17:15 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-15 17:08 - 2019-07-14 07:19 - 000000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2020-12-15 17:02 - 2019-07-04 16:40 - 000000000 ___RD C:\Users\Pavel\Dropbox
2020-12-15 16:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-15 14:52 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-15 13:35 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1003
2020-12-15 13:35 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-15 13:35 - 2019-07-03 16:29 - 000000000 ___RD C:\Users\Vojta\OneDrive
2020-12-14 20:54 - 2019-07-05 22:24 - 000000000 ____D C:\KMPlayer
2020-12-14 19:20 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1002
2020-12-14 19:20 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-14 19:20 - 2019-06-27 21:16 - 000000000 ___RD C:\Users\Lukáš\OneDrive
2020-12-13 15:40 - 2019-06-05 18:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-12 23:15 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1001
2020-12-12 23:15 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-12 23:15 - 2019-12-16 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-12-12 23:15 - 2019-12-16 13:24 - 000000000 ____D C:\Program Files\Java
2020-12-12 23:13 - 2019-12-16 13:24 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2020-12-12 19:43 - 2020-06-05 15:58 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-12 19:43 - 2020-06-05 15:58 - 000002257 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-12 13:09 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-12 10:00 - 2020-10-29 19:19 - 000001425 _____ C:\Users\Lukáš\Desktop\Roblox Player.lnk
2020-12-12 10:00 - 2020-10-29 19:18 - 000001248 _____ C:\Users\Lukáš\Desktop\Roblox Studio.lnk
2020-12-12 10:00 - 2020-10-29 19:18 - 000000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-12-11 23:46 - 2019-06-27 21:25 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2020-12-11 23:46 - 2019-06-27 21:25 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2020-12-11 23:40 - 2020-07-26 17:11 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-11 23:40 - 2020-07-26 17:11 - 000003452 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2020-12-11 23:40 - 2020-07-26 17:11 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-11 23:40 - 2020-07-26 17:11 - 000003228 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2020-12-11 22:40 - 2019-06-05 18:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\VirtualStore
2020-12-11 19:32 - 2020-10-29 18:31 - 000001425 _____ C:\Users\Vojta\Desktop\Roblox Player.lnk
2020-12-11 19:32 - 2020-10-29 18:31 - 000001248 _____ C:\Users\Vojta\Desktop\Roblox Studio.lnk
2020-12-11 19:32 - 2020-10-29 18:31 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-12-10 23:04 - 2020-07-26 17:03 - 000437992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-10 23:03 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-10 20:37 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-08 13:37 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Lukáš
2020-12-07 22:19 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Vojta
2020-12-07 22:19 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Pavel
2020-12-06 13:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-05 19:03 - 2019-06-05 18:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\Packages
2020-12-03 22:06 - 2019-06-05 18:45 - 000000000 ____D C:\Users\Pavel\AppData\Local\PlaceholderTileLogoFolder
2020-12-03 08:12 - 2019-06-27 21:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-12-01 08:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps.tmp
2020-11-30 16:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2020-11-29 20:48 - 2019-06-05 18:47 - 000000000 ____D C:\Users\Pavel\AppData\Local\Google
2020-11-29 20:48 - 2019-06-05 18:47 - 000000000 ____D C:\Program Files (x86)\Google
2020-11-28 20:40 - 2019-07-05 19:24 - 000000000 ____D C:\Users\Pavel\AppData\Local\D3DSCache
2020-11-25 07:40 - 2020-03-26 20:13 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\TeamViewer
2020-11-19 16:49 - 2019-07-01 07:48 - 000000000 ____D C:\Users\Pavel\Desktop\Beruška nová
2020-11-18 03:19 - 2019-06-05 18:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-18 03:16 - 2019-06-05 18:50 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-17 11:08 - 2020-04-17 18:50 - 000002368 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk

==================== Files in the root of some directories ========

2020-03-24 13:49 - 2020-03-24 13:49 - 000000017 _____ () C:\Users\Pavel\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Reklama
Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 16 pro 2020 17:42

...a Addition...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Pavel (16-12-2020 16:54:53)
Running from C:\Users\Pavel\Desktop
Windows 10 Pro Version 2004 19041.685 (X64) (2020-07-26 16:11:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1980947671-2380292906-1612769214-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1980947671-2380292906-1612769214-503 - Limited - Disabled)
Guest (S-1-5-21-1980947671-2380292906-1612769214-501 - Limited - Disabled)
Lukáš (S-1-5-21-1980947671-2380292906-1612769214-1002 - Limited - Enabled) => C:\Users\Lukáš
Pavel (S-1-5-21-1980947671-2380292906-1612769214-1001 - Administrator - Enabled) => C:\Users\Pavel
Vojta (S-1-5-21-1980947671-2380292906-1612769214-1003 - Limited - Enabled) => C:\Users\Vojta
WDAGUtilityAccount (S-1-5-21-1980947671-2380292906-1612769214-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 111.4.472 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.377.1 - Dropbox, Inc.) Hidden
ElsaWin (HKLM-x32\...\ElsaWin) (Version: 4.00 - )
Excel (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.28 - PandoraTV)
LEGO® Piráti z Karibiku Počítačová hra UKÁZKA (HKLM-x32\...\{A85568D7-A01E-4E05-AFEE-4A1852D70281}) (Version: 1.0.0.0 - Disney Interactive Studios)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 cs) (HKLM\...\Mozilla Firefox 83.0 (x64 cs)) (Version: 83.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Outlook (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Ovládací panel NVIDIA 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 432.00 - NVIDIA Corporation) Hidden
PowerPoint (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
RogueKiller version 14.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.0.0 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.12.4 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Trust WB-1400T Webcam (HKLM-x32\...\{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera) Hidden
Trust WB-1400T Webcam (HKLM-x32\...\InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera)
UCheck version 3.10.0.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 3.10.0.0 - Adlice Software)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.170 - McAfee, LLC)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Word (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zemana AntiMalware verze 3.2.27 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.27 - Zemana)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.0.83.0_x86__kgqvnymyfvs32 [2020-12-01] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.49.2.0_x86__kgqvnymyfvs32 [2020-12-14] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-30] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Pavel\Dropbox [2019-07-04 16:40]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Pavel\Desktop\Pavel - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Pavel\Desktop\Petra - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2011-12-06 16:03 - 2011-12-06 16:03 - 000364032 _____ (Volkswagen AG) [File not signed] C:\ElsaWin\bin\vfc10u.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll [2011-12-06] (TODO: <Company name>) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "IseUI"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8445CC25-C478-4F7E-BD49-0E6490F3594B}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{91BF195C-18B1-4BD9-AA91-11B9EA3950B0}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E8684A44-FFE5-4218-8F80-97086090DAF7}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{F527B8D1-FB39-4808-9335-274E3C8EF240}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{C72D7C5B-BAD1-4CDC-A342-21C2FBF208AE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{39464B3E-46E3-499B-A2EE-65CCBF4EDB52}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BEC9B19-CBBB-434C-AB35-7D540C123036}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21ADDDEF-2708-4362-9FF7-FCD8F8DFCB63}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5E844A62-EC56-4294-9C01-A6F8E4291CAA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

14-12-2020 19:06:45 Naplánovaný kontrolní bod
16-12-2020 16:50:55 Removing COMODO Client - Security

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (12/16/2020 04:52:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby:
Soubor nebo adresář je porušen a není čitelný.

Error: (12/16/2020 04:51:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/16/2020 04:51:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/16/2020 04:51:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/16/2020 04:51:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/16/2020 04:51:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/16/2020 04:51:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/16/2020 04:51:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2020-12-13 17:48:58.1500000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Vigorf.A
ID: 2147714384
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Pavel\Downloads\EW400.rar
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-54V8III\Pavel
Název procesu: C:\Users\Pavel\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.329.332.0, AS: 1.329.332.0, NIS: 1.329.332.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

CodeIntegrity:
===================================

Date: 2020-12-16 16:48:07.5430000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 16:47:42.4330000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 16:40:07.7430000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 16:39:52.7240000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 16:39:51.8680000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 16:39:51.2590000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 16:39:48.3910000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 16:39:48.3380000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P2.40 08/29/2014
Motherboard: ASRock B85M
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 48%
Total physical RAM: 8111.44 MB
Available physical RAM: 4138.29 MB
Total Virtual: 18351.44 MB
Available Virtual: 13680.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.56 GB) (Free:230.97 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1863.01 GB) (Free:1237.98 GB) NTFS

\\?\Volume{7d762e9c-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 7D762E9C)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: DA29E555)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: log Hijack

Příspěvekod jaro3 » 16 pro 2020 19:59

Je to stejný , chtělo to odinstalovat vše od Comodo a pak sem vložit log z FRST , případně bych udělal script k vymazání zbytků a až poté by se instaloval znovu Comodo.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 16 pro 2020 21:53

Ok, odinstaluji znovu COMODO a dám sem FRST pro zhotovení skriptu.

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 16 pro 2020 22:15

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Pavel (administrator) on DESKTOP-54V8III (16-12-2020 22:06:25)
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\111.4.472\QtWebEngineProcess.exe <4>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Pavel\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2010.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SrTasks.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrAdm.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrAuf.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrDba.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrHis.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrPas.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrSaz.exe
(Zemana D.O.O. Sarajevo -> Zemana Ltd.) C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PAC207_Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Pavel\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EF9B3A-B83D-476B-8D87-D0A875B1DA3A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {0EBD759C-FAC8-48E0-9A21-65C21FFCA1F3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {1FFD808E-869C-4A3F-9F37-12595CD14857} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {344ECDFC-9F82-47A9-8A6B-77D21F1A08D9} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {44D9969D-E0AB-4F15-8B7F-73A0838B1246} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {567F5FE2-8A4C-47E4-AEB8-8B55C386D670} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {61699C01-34EC-4EE5-9EA7-D61EA16A8686} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {6F220DE1-4517-4364-B6C2-41051AB7CAB7} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {7941822E-D19B-4FFB-9239-AC32A009299B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {968E058E-04AF-4392-A2A7-12F2755135D9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B5F408C-6896-4E1C-BD45-3DC64076E44C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A10C748A-3CCF-40F2-8AF2-59D25DABC8BB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B0092A80-6BFF-4860-A5D1-4143545A4D55} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B8A393C2-9CB2-4B51-B44B-CE8290FC2DA9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {B95BADEA-4EC6-46AD-B077-9AEFDFB01D96} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C7995F2F-9937-4107-9DDD-5CE5970254CB} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C9DB2295-88FB-47A7-A472-463B310C7E32} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {E41DBA03-45B4-4023-B0E3-6F54BB13F839} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {E50541CB-3095-44B8-AD9D-7358647C6889} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7eb22d12-97e0-44b4-97ad-92edad7b2398}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-16]
Edge Extension: (Outlook) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Word) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-19]
Edge Extension: (Excel) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]

FireFox:
========
FF DefaultProfile: 9n2nyuzz.default
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\9n2nyuzz.default [2020-12-14]
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release [2020-12-16]
FF Session Restore: Mozilla\Firefox\Profiles\15meqnet.default-release -> is enabled.
FF Extension: (No Name) - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release\Extensions\wrc@avast.com.xpi [2020-11-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-11-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default [2020-12-16]
CHR Notifications: Default -> hxxps://www.svetandroida.cz; hxxps://www.vw-club.cz
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B22974E50B0B99A9&affID=44444&tsp=4920","hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5ECZ&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5ECZ&apn_dbr=cr_34.0.1847.131&apn_uid=EF1A8E44-606D-43E1-BB14-A5923F94D8DA&itbv=12.10.6.53&doi=2014-05-01&psv=","hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-29]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-29]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-29]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-29]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-29]
CHR Extension: (Tlačítko „Uložit“ pro Pinterest) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2020-12-09]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-12-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-29]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-29]
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-12-16]
CHR DefaultSearchURL: Profile 2 -> hxxps://search.yahoo.com/search?fr=mcaf ... 91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> mcafee
CHR Session Restore: Profile 2 -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-01]
CHR Extension: (Dokumenty) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-01]
CHR Extension: (Disk Google) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-01]
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-01]
CHR Extension: (Tabulky) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-01]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-01]
CHR Extension: (Chrome Media Router) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-01]
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\System Profile [2020-12-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 LcSvrAdm; C:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-12-06] (Volkswagen AG) [File not signed]
R3 LcSvrAuf; C:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrDba; C:\ElsaWin\bin\LcSvrDba.exe [392704 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrHis; C:\ElsaWin\bin\LcSvrHis.exe [335360 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrPAS; C:\ElsaWin\bin\LcSvrPas.exe [477696 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrSaz; C:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-12-06] (Volkswagen AG) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-12] (Malwarebytes Inc -> Malwarebytes)
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [955656 2020-11-21] () [File not signed]
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13666872 2020-11-17] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12720144 2020-11-18] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2020-12-13] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-16] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-12] (Malwarebytes Inc -> Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2020-12-16] (Adlice -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
U4 CmdAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-16 18:14 - 2020-12-16 21:58 - 000004408 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2020-12-16 17:12 - 2020-12-16 21:59 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-16 17:00 - 2020-12-16 21:58 - 001065296 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2020-12-16 17:00 - 2020-12-16 17:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
2020-12-16 17:00 - 2019-03-18 16:22 - 000017872 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdboot.sys
2020-12-16 16:59 - 2020-12-16 21:56 - 000000000 ____D C:\Users\Pavel\AppData\Local\Comodo
2020-12-16 16:58 - 2020-12-16 22:04 - 000000000 ____D C:\ProgramData\Comodo
2020-12-16 16:58 - 2020-12-16 16:58 - 000000000 ____D C:\ProgramData\Shared Space
2020-12-16 16:52 - 2020-12-16 21:59 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2020-12-16 16:51 - 2020-12-16 16:51 - 000000000 _____ C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2020-12-15 18:50 - 2020-12-15 18:50 - 002191096 _____ (COMODO) C:\Users\Pavel\Downloads\ciscleanuptool_x64.exe
2020-12-15 13:35 - 2020-12-15 13:35 - 000000000 ____D C:\Users\Vojta\AppData\Local\CrashDumps
2020-12-14 18:19 - 2020-12-14 18:19 - 000852798 _____ C:\Users\Pavel\Desktop\SecurityCheck.exe
2020-12-14 18:08 - 2020-12-14 18:10 - 000012620 _____ C:\Users\Pavel\Desktop\Fixlog.txt
2020-12-14 18:08 - 2020-12-14 18:08 - 000000000 ____D C:\Users\Pavel\Desktop\FRST-OlderVersion
2020-12-14 10:36 - 2020-12-14 10:36 - 000001039 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-14 10:36 - 2020-12-14 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-14 10:36 - 2020-12-14 10:36 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-14 10:35 - 2020-12-14 10:35 - 007458656 _____ (VS Revo Group ) C:\Users\Pavel\Downloads\revosetup.exe
2020-12-13 17:49 - 2020-12-16 16:55 - 000031262 _____ C:\Users\Pavel\Desktop\Addition.txt
2020-12-13 17:46 - 2020-12-16 22:07 - 000021149 _____ C:\Users\Pavel\Desktop\FRST.txt
2020-12-13 17:46 - 2020-12-16 22:07 - 000000000 ____D C:\FRST
2020-12-13 17:44 - 2020-12-14 18:08 - 002286592 _____ (Farbar) C:\Users\Pavel\Desktop\FRST64.exe
2020-12-13 17:38 - 2020-11-11 22:29 - 000000000 ____D C:\Users\Pavel\Desktop\zoek1
2020-12-13 16:04 - 2020-12-13 16:04 - 000000000 ____D C:\Users\Pavel\Downloads\backups
2020-12-13 15:37 - 2020-12-13 15:37 - 001800862 _____ C:\Users\Pavel\Downloads\zoek.rar
2020-12-13 14:26 - 2020-12-13 14:26 - 000000000 ____D C:\Users\Pavel\Desktop\ZemanaAntimalware
2020-12-13 14:24 - 2020-12-16 22:07 - 000157177 _____ C:\WINDOWS\ZAM.krnl.trace
2020-12-13 14:24 - 2020-12-13 14:24 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2020-12-13 14:24 - 2020-12-13 14:24 - 000003558 _____ C:\WINDOWS\system32\Tasks\AMHelper
2020-12-13 14:24 - 2020-12-13 14:24 - 000002680 _____ C:\WINDOWS\system32\Tasks\AMSkipUAC
2020-12-13 14:24 - 2020-12-13 14:24 - 000001333 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\Users\Pavel\AppData\Local\Zemana
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\Program Files (x86)\Zemana
2020-12-13 14:23 - 2020-12-16 21:59 - 000000000 ____D C:\Users\Pavel\AppData\Local\AMSDK
2020-12-13 14:21 - 2020-12-13 14:21 - 012795472 _____ (Zemana Ltd. ) C:\Users\Pavel\Desktop\AntiMalware_Setup.exe
2020-12-13 14:00 - 2020-12-13 14:00 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\IGDump
2020-12-12 23:14 - 2020-12-12 23:14 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Sun
2020-12-12 23:11 - 2020-12-12 23:11 - 000000797 _____ C:\Users\Public\Desktop\UCheck.lnk
2020-12-12 23:11 - 2020-12-12 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
2020-12-12 23:10 - 2020-12-12 23:11 - 000000000 ____D C:\ProgramData\UCheck
2020-12-12 23:10 - 2020-12-12 23:11 - 000000000 ____D C:\Program Files\UCheck
2020-12-12 23:09 - 2020-12-12 23:09 - 026045184 _____ (Adlice Software ) C:\Users\Pavel\Desktop\ucheck.exe
2020-12-12 19:19 - 2020-12-12 19:19 - 000000859 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-12-12 19:19 - 2020-12-12 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-12-12 19:19 - 2020-12-12 19:19 - 000000000 ____D C:\Program Files\RogueKiller
2020-12-12 19:18 - 2020-12-12 19:24 - 000000000 ____D C:\ProgramData\RogueKiller
2020-12-12 19:17 - 2020-12-12 19:17 - 040473968 _____ (Adlice Software ) C:\Users\Pavel\Desktop\setup.exe
2020-12-12 16:23 - 2020-12-12 16:23 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\ProgramData\Sophos
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-12-12 16:21 - 2020-12-12 16:21 - 181496840 _____ (Sophos Limited) C:\Users\Pavel\Desktop\Sophos Virus Removal Tool.exe
2020-12-12 15:48 - 2020-12-12 15:48 - 000001153 _____ C:\Users\Pavel\Desktop\JRT.txt
2020-12-12 15:43 - 2020-12-12 15:43 - 000002420 _____ C:\Users\Pavel\Desktop\AdwCleaner[C07].txt
2020-12-12 15:31 - 2020-12-12 15:31 - 001790024 _____ (Malwarebytes) C:\Users\Pavel\Desktop\JRT.exe
2020-12-12 13:12 - 2020-12-12 15:56 - 000005357 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes-12_12_2020.txt
2020-12-12 13:09 - 2020-12-12 13:09 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-12 13:09 - 2020-12-12 13:09 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-11 23:42 - 2020-12-11 23:42 - 008447152 _____ (Malwarebytes) C:\Users\Pavel\Downloads\AdwCleaner(1).exe
2020-12-11 22:37 - 2020-12-11 22:37 - 000448512 _____ (OldTimer Tools) C:\Users\Pavel\Downloads\TFC(1).exe
2020-12-11 22:34 - 2020-12-11 22:34 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pavel\Downloads\HijackThis.exe
2020-12-11 20:01 - 2020-12-11 20:01 - 000000000 ____D C:\Users\Lukáš\AppData\Local\D3DSCache
2020-12-11 17:08 - 2020-12-11 17:08 - 000007893 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes-11_12_2020.txt
2020-12-10 20:34 - 2020-12-10 20:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-10 20:34 - 2020-12-10 20:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-10 20:34 - 2020-12-10 20:34 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-10 20:34 - 2020-12-10 20:34 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-10 20:34 - 2020-12-10 20:34 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-10 20:33 - 2020-12-10 20:33 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-10 20:33 - 2020-12-10 20:33 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-10 20:33 - 2020-12-10 20:33 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-09 17:20 - 2020-12-09 19:58 - 000111274 _____ C:\WINDOWS\ntbtlog.txt
2020-12-07 17:02 - 2020-12-07 17:03 - 000000000 ____D C:\Users\Pavel\Desktop\Vojta
2020-12-07 17:01 - 2020-12-07 17:01 - 006056089 _____ C:\Users\Pavel\Downloads\iCloud Photos(1).zip
2020-12-07 13:41 - 2020-12-16 15:06 - 000000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2020-12-07 09:55 - 2020-12-07 09:55 - 000005065 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes-7_12_2020.txt
2020-12-05 18:28 - 2020-12-05 18:28 - 002719648 _____ C:\Users\Pavel\Downloads\iCloud Photos.zip
2020-12-05 18:25 - 2020-12-06 17:00 - 000000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2020-12-05 18:25 - 2020-12-05 18:25 - 000000000 ____D C:\Users\Lukáš\AppData\Roaming\Mozilla
2020-12-05 18:25 - 2020-12-05 18:25 - 000000000 ____D C:\Users\Lukáš\AppData\Local\Mozilla
2020-12-04 18:00 - 2020-12-04 18:00 - 000008093 _____ C:\Users\Pavel\Desktop\Vypis z Malwarebytes.txt
2020-12-03 08:12 - 2020-12-03 08:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-12-02 17:45 - 2020-12-02 17:45 - 000448512 _____ (OldTimer Tools) C:\Users\Pavel\Downloads\TFC.exe
2020-12-02 17:42 - 2020-12-02 17:42 - 000050688 _____ (Atribune.org) C:\Users\Pavel\Downloads\atf-cleaner.exe
2020-12-02 17:41 - 2020-12-06 17:26 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\Mozilla
2020-12-02 17:41 - 2020-12-02 17:41 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\Mozilla
2020-12-02 17:41 - 2020-12-02 17:41 - 000000000 ____D C:\Users\Vojta\AppData\Local\Mozilla
2020-12-02 14:01 - 2020-12-02 14:01 - 000000000 ____D C:\Users\Vojta\AppData\Local\CEF
2020-12-01 23:10 - 2020-12-01 23:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-12-01 23:10 - 2020-12-01 23:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-12-01 23:10 - 2020-12-01 23:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-12-01 23:10 - 2020-12-01 23:10 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-12-01 19:05 - 2020-12-01 21:15 - 000002438 _____ C:\Users\Pavel\Desktop\Petra - Chrome.lnk
2020-12-01 18:57 - 2020-12-01 20:06 - 000002394 _____ C:\Users\Pavel\Desktop\Pavel - Chrome.lnk
2020-11-30 12:44 - 2020-11-30 12:44 - 000481422 _____ C:\Users\Pavel\Downloads\informace-k-prijimacimu-rizeni-v-roce-2020-2021-2011152339.pdf
2020-11-30 09:51 - 2020-11-30 09:51 - 000000000 ____D C:\Users\Pavel\AppData\Local\OneDrive
2020-11-29 20:48 - 2020-12-03 16:55 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-29 20:48 - 2020-12-03 16:55 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-29 20:48 - 2020-11-29 20:48 - 000000000 ____D C:\Program Files\Google
2020-11-29 20:40 - 2020-11-29 20:40 - 001317080 _____ (Google LLC) C:\Users\Pavel\Downloads\ChromeSetup.exe
2020-11-29 19:50 - 2020-11-29 19:50 - 000000000 ____D C:\Users\Lukáš\AppData\Local\CEF
2020-11-29 16:18 - 2020-11-29 16:18 - 006542392 _____ (EnigmaSoft Limited) C:\Users\Pavel\Downloads\SpyHunter-Installer.exe
2020-11-29 15:49 - 2020-12-12 13:10 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-29 15:49 - 2020-12-12 13:10 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-29 15:49 - 2020-12-12 13:09 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-11-29 15:49 - 2020-11-29 15:49 - 000000000 ____D C:\Users\Pavel\AppData\Local\mbam
2020-11-29 15:48 - 2020-11-29 15:48 - 002076624 _____ (Malwarebytes) C:\Users\Pavel\Downloads\MBSetup.exe
2020-11-29 15:48 - 2020-11-29 15:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-11-29 15:48 - 2020-11-29 15:48 - 000000000 ____D C:\Program Files\Malwarebytes
2020-11-29 15:39 - 2020-11-29 15:40 - 000000000 ____D C:\AdwCleaner
2020-11-29 15:39 - 2020-11-29 15:39 - 008447152 _____ (Malwarebytes) C:\Users\Pavel\Desktop\AdwCleaner.exe
2020-11-29 15:26 - 2020-12-16 17:01 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Mozilla
2020-11-29 15:26 - 2020-12-16 17:01 - 000000000 ____D C:\ProgramData\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-29 15:26 - 2020-11-29 15:26 - 000000895 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Users\Pavel\AppData\Local\Mozilla
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-29 14:52 - 2020-11-29 14:52 - 000000000 ____D C:\Users\Pavel\AppData\Local\CEF
2020-11-27 15:28 - 2020-12-16 18:14 - 000003216 _____ C:\WINDOWS\system32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2020-11-24 23:22 - 2020-11-24 23:22 - 000191489 _____ C:\Users\Pavel\Desktop\Informace o správci příloh v systému Microsoft Windows.pdf
2020-11-18 11:01 - 2020-11-20 20:10 - 000000000 ____D C:\Users\Vojta\Desktop\Vojta

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-16 22:03 - 2020-07-26 17:09 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-16 22:03 - 2020-03-26 20:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-16 22:03 - 2019-12-07 15:43 - 000682184 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-16 22:03 - 2019-12-07 15:43 - 000137000 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-16 22:03 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-16 21:59 - 2020-07-26 17:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-16 21:59 - 2020-07-26 17:03 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-16 21:59 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-16 21:59 - 2019-06-05 18:47 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-16 21:58 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-12-16 21:28 - 2020-07-26 17:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-16 20:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-16 18:51 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-16 18:49 - 2019-12-16 13:24 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\.tlauncher
2020-12-16 18:49 - 2019-12-16 13:23 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\.minecraft
2020-12-16 17:20 - 2019-06-05 18:46 - 000000000 ___RD C:\Users\Pavel\OneDrive
2020-12-16 17:17 - 2019-07-14 07:19 - 000000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2020-12-16 17:00 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-16 16:51 - 2020-04-17 18:50 - 000002479 _____ C:\Users\Pavel\Desktop\Microsoft Teams.lnk
2020-12-16 16:51 - 2019-12-16 13:23 - 000002084 _____ C:\Users\Pavel\Desktop\TLauncher.lnk
2020-12-16 13:48 - 2019-07-05 19:30 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-15 17:02 - 2019-07-04 16:40 - 000000000 ___RD C:\Users\Pavel\Dropbox
2020-12-15 13:35 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1003
2020-12-15 13:35 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-15 13:35 - 2019-07-03 16:29 - 000000000 ___RD C:\Users\Vojta\OneDrive
2020-12-14 20:54 - 2019-07-05 22:24 - 000000000 ____D C:\KMPlayer
2020-12-14 19:20 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1002
2020-12-14 19:20 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-14 19:20 - 2019-06-27 21:16 - 000000000 ___RD C:\Users\Lukáš\OneDrive
2020-12-13 15:40 - 2019-06-05 18:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-12 23:15 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1001
2020-12-12 23:15 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-12 23:15 - 2019-12-16 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-12-12 23:15 - 2019-12-16 13:24 - 000000000 ____D C:\Program Files\Java
2020-12-12 23:13 - 2019-12-16 13:24 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2020-12-12 19:43 - 2020-06-05 15:58 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-12 19:43 - 2020-06-05 15:58 - 000002257 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-12 10:00 - 2020-10-29 19:19 - 000001425 _____ C:\Users\Lukáš\Desktop\Roblox Player.lnk
2020-12-12 10:00 - 2020-10-29 19:18 - 000001248 _____ C:\Users\Lukáš\Desktop\Roblox Studio.lnk
2020-12-12 10:00 - 2020-10-29 19:18 - 000000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-12-11 23:46 - 2019-06-27 21:25 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2020-12-11 23:46 - 2019-06-27 21:25 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2020-12-11 23:40 - 2020-07-26 17:11 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-11 23:40 - 2020-07-26 17:11 - 000003452 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2020-12-11 23:40 - 2020-07-26 17:11 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-11 23:40 - 2020-07-26 17:11 - 000003228 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2020-12-11 22:40 - 2019-06-05 18:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\VirtualStore
2020-12-11 19:32 - 2020-10-29 18:31 - 000001425 _____ C:\Users\Vojta\Desktop\Roblox Player.lnk
2020-12-11 19:32 - 2020-10-29 18:31 - 000001248 _____ C:\Users\Vojta\Desktop\Roblox Studio.lnk
2020-12-11 19:32 - 2020-10-29 18:31 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-12-10 23:04 - 2020-07-26 17:03 - 000437992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-10 23:03 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-10 20:37 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-08 13:37 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Lukáš
2020-12-07 22:19 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Vojta
2020-12-07 22:19 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Pavel
2020-12-06 13:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-05 19:03 - 2019-06-05 18:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\Packages
2020-12-03 22:06 - 2019-06-05 18:45 - 000000000 ____D C:\Users\Pavel\AppData\Local\PlaceholderTileLogoFolder
2020-12-03 08:12 - 2019-06-27 21:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-12-01 08:59 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps.tmp
2020-11-30 16:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2020-11-29 20:48 - 2019-06-05 18:47 - 000000000 ____D C:\Users\Pavel\AppData\Local\Google
2020-11-29 20:48 - 2019-06-05 18:47 - 000000000 ____D C:\Program Files (x86)\Google
2020-11-28 20:40 - 2019-07-05 19:24 - 000000000 ____D C:\Users\Pavel\AppData\Local\D3DSCache
2020-11-25 07:40 - 2020-03-26 20:13 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\TeamViewer
2020-11-19 16:49 - 2019-07-01 07:48 - 000000000 ____D C:\Users\Pavel\Desktop\Beruška nová
2020-11-18 03:19 - 2019-06-05 18:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-18 03:16 - 2019-06-05 18:50 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-17 11:08 - 2020-04-17 18:50 - 000002368 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk

==================== Files in the root of some directories ========

2020-03-24 13:49 - 2020-03-24 13:49 - 000000017 _____ () C:\Users\Pavel\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 16 pro 2020 22:16

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Pavel (16-12-2020 22:08:15)
Running from C:\Users\Pavel\Desktop
Windows 10 Pro Version 2004 19041.685 (X64) (2020-07-26 16:11:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1980947671-2380292906-1612769214-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1980947671-2380292906-1612769214-503 - Limited - Disabled)
Guest (S-1-5-21-1980947671-2380292906-1612769214-501 - Limited - Disabled)
Lukáš (S-1-5-21-1980947671-2380292906-1612769214-1002 - Limited - Enabled) => C:\Users\Lukáš
Pavel (S-1-5-21-1980947671-2380292906-1612769214-1001 - Administrator - Enabled) => C:\Users\Pavel
Vojta (S-1-5-21-1980947671-2380292906-1612769214-1003 - Limited - Enabled) => C:\Users\Vojta
WDAGUtilityAccount (S-1-5-21-1980947671-2380292906-1612769214-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: COMODO Antivirus (Disabled - Up to date) {05AFA9EE-1ABD-A226-D250-B41671D7635C}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 111.4.472 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.377.1 - Dropbox, Inc.) Hidden
ElsaWin (HKLM-x32\...\ElsaWin) (Version: 4.00 - )
Excel (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.28 - PandoraTV)
LEGO® Piráti z Karibiku Počítačová hra UKÁZKA (HKLM-x32\...\{A85568D7-A01E-4E05-AFEE-4A1852D70281}) (Version: 1.0.0.0 - Disney Interactive Studios)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 cs) (HKLM\...\Mozilla Firefox 83.0 (x64 cs)) (Version: 83.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Outlook (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Ovládací panel NVIDIA 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 432.00 - NVIDIA Corporation) Hidden
PowerPoint (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
RogueKiller version 14.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.0.0 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.8.0 - Sophos Limited)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.12.4 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Trust WB-1400T Webcam (HKLM-x32\...\{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera) Hidden
Trust WB-1400T Webcam (HKLM-x32\...\InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera)
UCheck version 3.10.0.0 (HKLM\...\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1) (Version: 3.10.0.0 - Adlice Software)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.170 - McAfee, LLC)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Word (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zemana AntiMalware verze 3.2.27 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.27 - Zemana)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2020-12-16] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.49.2.0_x86__kgqvnymyfvs32 [2020-12-14] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-30] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Pavel\Dropbox [2019-07-04 16:40]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Pavel\Desktop\Pavel - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Pavel\Desktop\Petra - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2011-12-06 16:03 - 2011-12-06 16:03 - 000364032 _____ (Volkswagen AG) [File not signed] C:\ElsaWin\bin\vfc10u.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll [2011-12-06] (TODO: <Company name>) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "IseUI"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8445CC25-C478-4F7E-BD49-0E6490F3594B}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{91BF195C-18B1-4BD9-AA91-11B9EA3950B0}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{E8684A44-FFE5-4218-8F80-97086090DAF7}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{F527B8D1-FB39-4808-9335-274E3C8EF240}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{C72D7C5B-BAD1-4CDC-A342-21C2FBF208AE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{39464B3E-46E3-499B-A2EE-65CCBF4EDB52}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BEC9B19-CBBB-434C-AB35-7D540C123036}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21ADDDEF-2708-4362-9FF7-FCD8F8DFCB63}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5E844A62-EC56-4294-9C01-A6F8E4291CAA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{090C3589-6924-4D0F-8964-659B9A17DA2D}C:\program files (x86)\dropbox\client\dropbox.exe] => (Allow) C:\program files (x86)\dropbox\client\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [UDP Query User{A6CB220A-A769-4DAC-B12A-EA704097447F}C:\program files (x86)\dropbox\client\dropbox.exe] => (Allow) C:\program files (x86)\dropbox\client\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

14-12-2020 19:06:45 Naplánovaný kontrolní bod
16-12-2020 16:50:55 Removing COMODO Client - Security
16-12-2020 17:00:07 Installing COMODO Antivirus
16-12-2020 18:14:17 COMODO Antivirus Binary update
16-12-2020 21:57:30 Removing COMODO Client - Security

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/16/2020 10:05:48 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (12/16/2020 10:05:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Internet Security Essentials.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (12/16/2020 10:03:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (12/16/2020 10:00:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (12/16/2020 09:59:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {489cf5eb-07e8-4c42-89ea-58e78d620dfe}

Error: (12/16/2020 09:58:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -1032.

Error: (12/16/2020 09:58:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Služba Šifrování neinicializovala databázi katalogu. Chyba součásti ESENT: -1032.

Error: (12/16/2020 09:58:46 PM) (Source: ESENT) (EventID: 413) (User: )
Description: Catalog Database (3180,R,98) Catalog Database: Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032


System errors:
=============
Error: (12/16/2020 10:04:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba isesrv byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/16/2020 09:59:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby:
Soubor nebo adresář je porušen a není čitelný.

Error: (12/16/2020 09:59:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MBAMChameleon neuspěla při spuštění v důsledku následující chyby:
Zařízení připojené k systému nefunguje.

Error: (12/16/2020 09:58:50 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Malwarebytes Service se po přijetí pokynu pro vypnutí neukončila správně.

Error: (12/16/2020 09:58:38 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby wuauserv s argumenty Není k dispozici za účelem spuštění serveru:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/16/2020 09:58:38 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby wuauserv s argumenty Není k dispozici za účelem spuštění serveru:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/16/2020 09:58:19 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: Služba protokolování událostí zjistila při inicializaci přihlašovacích prostředků v kanálu Microsoft-Windows-TWinUI/Operational chybu (res=5).

Error: (12/16/2020 09:58:19 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: Služba protokolování událostí zjistila při inicializaci přihlašovacích prostředků v kanálu Setup chybu (res=5).


Windows Defender:
===================================
Date: 2020-12-13 17:48:58.1500000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Vigorf.A
ID: 2147714384
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Pavel\Downloads\EW400.rar
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-54V8III\Pavel
Název procesu: C:\Users\Pavel\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.329.332.0, AS: 1.329.332.0, NIS: 1.329.332.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

CodeIntegrity:
===================================

Date: 2020-12-16 21:55:51.6230000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 21:53:37.1130000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-16 21:53:37.1080000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 21:53:36.8840000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-16 21:53:36.8790000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 21:53:36.5290000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-12-16 21:53:36.5220000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-16 21:48:14.8270000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P2.40 08/29/2014
Motherboard: ASRock B85M
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 48%
Total physical RAM: 8111.44 MB
Available physical RAM: 4180.22 MB
Total Virtual: 18351.44 MB
Available Virtual: 13705.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.56 GB) (Free:227.92 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1863.01 GB) (Free:1237.8 GB) NTFS

\\?\Volume{7d762e9c-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 7D762E9C)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: DA29E555)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 16 pro 2020 22:30

Ještě bych zmínil, že při práci programu FRST vždy vyskočila celkem asi 5x hláška "C:Program Files/McAfee/WebAdvisor/x64/DownoladScan.dll není navržena na spuštění v systemu Windows nebo obsahuje chybu. Pokuste se program znovu nainstalovat pomocí původního inst.media nebo se obratte na správce systemu.....Stav chyby: 0xc000012f

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: log Hijack

Příspěvekod jaro3 » 16 pro 2020 23:07

C:Program Files/McAfee a přeinstaloval/odinstaloval si ho? Já myslím , že když budeš mít Comodo , tak bych ho odinstaloval.

Odinstaloval si Comodo?
Je tam pořád.
Takže jediná možnost je scriptem vše z Comodo vymazat?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 17 pro 2020 07:26

Ano, Comodo asi tedy jinak nezmizí. Nyní je odinstalovaný standardní cestou.
McAfee mi také v programech nikde nefiguruje, takže to jsou asi také nějaké zbytky...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: log Hijack

Příspěvekod jaro3 » 17 pro 2020 17:16

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
Task: {00EF9B3A-B83D-476B-8D87-D0A875B1DA3A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {0EBD759C-FAC8-48E0-9A21-65C21FFCA1F3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {344ECDFC-9F82-47A9-8A6B-77D21F1A08D9} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {61699C01-34EC-4EE5-9EA7-D61EA16A8686} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {6F220DE1-4517-4364-B6C2-41051AB7CAB7} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {B95BADEA-4EC6-46AD-B077-9AEFDFB01D96} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C7995F2F-9937-4107-9DDD-5CE5970254CB} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C9DB2295-88FB-47A7-A472-463B310C7E32} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
FF Extension: (No Name) - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release\Extensions\wrc@avast.com.xpi [2020-11-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-11-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B22974E50B0B99A9&affID=44444&tsp=4920","hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5ECZ&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5ECZ&apn_dbr=cr_34.0.1847.131&apn_uid=EF1A8E44-606D-43E1-BB14-A5923F94D8DA&itbv=12.10.6.53&doi=2014-05-01&psv=","hxxps://www.google.com/"
CHR DefaultSearchURL: Profile 2 -> hxxps://search.yahoo.com/search?fr=mcaf ... 91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> mcafee
U4 CmdAgent; no ImagePath
C:\WINDOWS\system32\Tasks\COMODO
2020-12-16 17:00 - 2019-03-18 16:22 - 000017872 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdboot.sys
2020-12-16 16:59 - 2020-12-16 21:56 - 000000000 ____D C:\Users\Pavel\AppData\Local\Comodo
2020-12-16 16:58 - 2020-12-16 22:04 - 000000000 ____D C:\ProgramData\Comodo
C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2020-12-15 18:50 - 2020-12-15 18:50 - 002191096 _____ (COMODO) C:\Users\Pavel\Downloads\ciscleanuptool_x64.exe
AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: COMODO Antivirus (Disabled - Up to date) {05AFA9EE-1ABD-A226-D250-B41671D7635C}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Paull
Level 1
Level 1
Příspěvky: 82
Registrován: říjen 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: log Hijack

Příspěvekod Paull » 17 pro 2020 18:45

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Pavel (17-12-2020 18:37:51) Run:2
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Task: {00EF9B3A-B83D-476B-8D87-D0A875B1DA3A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {0EBD759C-FAC8-48E0-9A21-65C21FFCA1F3} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {344ECDFC-9F82-47A9-8A6B-77D21F1A08D9} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {61699C01-34EC-4EE5-9EA7-D61EA16A8686} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {6F220DE1-4517-4364-B6C2-41051AB7CAB7} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {B95BADEA-4EC6-46AD-B077-9AEFDFB01D96} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C7995F2F-9937-4107-9DDD-5CE5970254CB} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C9DB2295-88FB-47A7-A472-463B310C7E32} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
FF Extension: (No Name) - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release\Extensions\wrc@avast.com.xpi [2020-11-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-11-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
CHR StartupUrls: Default -> "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B22974E50B0B99A9&affID=44444&tsp=4920","hxxp://www.google.com/","hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5ECZ&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5ECZ&apn_dbr=cr_34.0.1847.131&apn_uid=EF1A8E44-606D-43E1-BB14-A5923F94D8DA&itbv=12.10.6.53&doi=2014-05-01&psv=","hxxps://www.google.com/"
CHR DefaultSearchURL: Profile 2 -> hxxps://search.yahoo.com/search?fr=mcaf ... 91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> mcafee
U4 CmdAgent; no ImagePath
C:\WINDOWS\system32\Tasks\COMODO
2020-12-16 17:00 - 2019-03-18 16:22 - 000017872 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdboot.sys
2020-12-16 16:59 - 2020-12-16 21:56 - 000000000 ____D C:\Users\Pavel\AppData\Local\Comodo
2020-12-16 16:58 - 2020-12-16 22:04 - 000000000 ____D C:\ProgramData\Comodo
C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2020-12-15 18:50 - 2020-12-15 18:50 - 002191096 _____ (COMODO) C:\Users\Pavel\Downloads\ciscleanuptool_x64.exe
AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: COMODO Antivirus (Disabled - Up to date) {05AFA9EE-1ABD-A226-D250-B41671D7635C}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-11-20] (McAfee, LLC -> McAfee, LLC)

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{00EF9B3A-B83D-476B-8D87-D0A875B1DA3A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00EF9B3A-B83D-476B-8D87-D0A875B1DA3A}" => removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0EBD759C-FAC8-48E0-9A21-65C21FFCA1F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EBD759C-FAC8-48E0-9A21-65C21FFCA1F3}" => removed successfully
C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{344ECDFC-9F82-47A9-8A6B-77D21F1A08D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344ECDFC-9F82-47A9-8A6B-77D21F1A08D9}" => removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61699C01-34EC-4EE5-9EA7-D61EA16A8686}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61699C01-34EC-4EE5-9EA7-D61EA16A8686}" => removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F220DE1-4517-4364-B6C2-41051AB7CAB7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F220DE1-4517-4364-B6C2-41051AB7CAB7}" => removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B95BADEA-4EC6-46AD-B077-9AEFDFB01D96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B95BADEA-4EC6-46AD-B077-9AEFDFB01D96}" => removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7995F2F-9937-4107-9DDD-5CE5970254CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7995F2F-9937-4107-9DDD-5CE5970254CB}" => removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C9DB2295-88FB-47A7-A472-463B310C7E32}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9DB2295-88FB-47A7-A472-463B310C7E32}" => removed successfully
C:\WINDOWS\System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}" => removed successfully
C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release\Extensions\wrc@avast.com.xpi => moved successfully
"HKLM\Software\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => moved successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
HKLM\System\CurrentControlSet\Services\CmdAgent => removed successfully
CmdAgent => service removed successfully
C:\WINDOWS\system32\Tasks\COMODO => moved successfully
C:\WINDOWS\system32\Drivers\cmdboot.sys => moved successfully
C:\Users\Pavel\AppData\Local\Comodo => moved successfully
C:\ProgramData\Comodo => moved successfully
C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => moved successfully
C:\Users\Pavel\Downloads\ciscleanuptool_x64.exe => moved successfully
"AV: COMODO Antivirus (Enabled - Up to date) {9E3E06E3-F8E0-3C44-2336-BBD8AF8F84B8}" => removed successfully
"AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}" => removed successfully
"AV: COMODO Antivirus (Disabled - Up to date) {05AFA9EE-1ABD-A226-D250-B41671D7635C}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30737034 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4797974 B
Edge => 0 B
Chrome => 424496486 B
Firefox => 77700992 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 48042 B
NetworkService => 65338 B
Pavel => 116172309 B
Lukáš => 155144477 B
Vojta => 237788942 B

RecycleBin => 126533447 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:38:37 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: log Hijack

Příspěvekod jaro3 » 17 pro 2020 20:58

Můžeš si nainstalovat antivir , pak napiš , zda jsou ještě problémy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 10 hostů