Prosím o kontrolu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41333
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 08 led 2021 21:40

Já bych přeci jen použil ještě jeden nástroj , ohledně těch fixů , protože to bylo jen kvůli spouštění.
na pC/NB můžeš pak dál pracovat. Nevím kdy vypracuji script .

Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.


Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
Sandra97
nováček
Příspěvky: 27
Registrován: leden 21
Pohlaví: Žena

Re: Prosím o kontrolu

Příspěvekod Sandra97 » 09 led 2021 15:00

A jak poznám, který systém mám na pc, nebo kde tu informaci najdu?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41333
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 09 led 2021 16:29

OS: Windows 10 Pro
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Sandra97
nováček
Příspěvky: 27
Registrován: leden 21
Pohlaví: Žena

Re: Prosím o kontrolu

Příspěvekod Sandra97 » 09 led 2021 19:18

Tak jsem to nemyslela. Jen nevím, který z těch tří odkazů nahoře mám použít.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41333
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 09 led 2021 19:42

Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Sandra97
nováček
Příspěvky: 27
Registrován: leden 21
Pohlaví: Žena

Re: Prosím o kontrolu

Příspěvekod Sandra97 » 09 led 2021 23:06

Tady jsou výsledky. Viry se včera smazaly, ale dnes je antivir ohlásil znovu jako nalezené.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021
Ran by Sandra (administrator) on DESKTOP-CUERP9V (LENOVO 2537AT1) (09-01-2021 22:15:08)
Running from C:\Users\Sandra\Downloads
Loaded Profiles: Sandra
Platform: Windows 10 Pro Version 1909 18363.1256 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Greatis Software LLC -> Greatis Software, LLC) C:\Windows\F1VPIJD6\SU10Guard.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportHelper.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM -> IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe <2>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\...\Policies\Explorer: [NoSecurityTab] 1
HKLM\...\Windows x64\Print Processors\Canon MG5500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBU.DLL [30208 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5500 series: C:\Windows\system32\CNMLMBU.DLL [391168 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-08] (Google LLC -> Google LLC)
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {029DE726-A2DA-462F-8740-EC736179A4D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2D557161-B9BC-4395-991F-FA149D74CB5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-11] (Google Inc -> Google Inc.)
Task: {309F10DE-6B8A-4C64-A2FE-CA08B41D2B71} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {6C4A01F0-DF63-409E-8519-7C5C29AF4EE5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {77245D14-3887-42C5-8EA2-F23C500AD041} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8CDD18F3-8DC1-4A04-8F58-D9AB2967899E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [91728 2015-08-20] (Hewlett-Packard -> HP Development Company, L.P.)
Task: {B0186A25-2B5C-4599-B613-54917CB52C0C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B1ACFB80-5A02-4E0E-8C53-2DBB57FA20F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B5DFEFE5-ABA4-4668-AF9E-389E88F69D02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BFDA9011-F921-4D90-92AD-16183D7A732C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-11] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8963da7a-ccf7-4aa8-ae57-37375fa7bece}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge Profile: C:\Users\Sandra\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-08]
Edge Extension: (IBM Security Rapport) - C:\Users\Sandra\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kajikgogckeajjplomldcempamhidmcc [2021-01-06]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [kajikgogckeajjplomldcempamhidmcc]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default [2021-01-09]
CHR Notifications: Default -> hxxps://globalvideo.online; hxxps://meet.google.com; hxxps://outlook.office365.com; hxxps://teams.microsoft.com; hxxps://www.facebook.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Extension: (IBM Security Rapport) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2020-12-03]
CHR Extension: (Wolf) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccehekadeelebinmfibpahmllbjnnip [2020-08-24]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-12-15]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-11]
CHR Extension: (Chrome Media Router) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-10]
CHR HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-08] (Malwarebytes Inc -> Malwarebytes)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [3008896 2020-08-18] (IBM -> IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264152 2020-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SU10Guard; C:\Windows\F1VPIJD6\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2021-01-08] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-02-11] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2021-01-08] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl8d3b8d89; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D74168EA-ED89-485C-8E6C-55CDEE45BD11}\MpKslDrv.sys [91376 2021-01-09] (Microsoft Windows -> Microsoft Corporation)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [450240 2020-08-18] (IBM -> IBM Corp.)
R1 RapportCerberus_2004080; c:\programdata\trusteer\rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_2004080.sys [1460480 2020-12-03] (IBM -> IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [546056 2020-08-18] (IBM -> IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [398984 2020-08-18] (IBM -> IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [448904 2020-08-18] (IBM -> IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [564928 2020-08-18] (IBM -> IBM Corp.)
R2 rimspci; C:\Windows\system32\DRIVERS\rimspe64.sys [61952 2009-10-26] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-03-19] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-03-19] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-03-19] (Microsoft Windows -> Conexant Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-09 22:15 - 2021-01-09 22:17 - 000014532 _____ C:\Users\Sandra\Downloads\FRST.txt
2021-01-09 22:13 - 2021-01-09 22:15 - 000000000 ____D C:\FRST
2021-01-09 22:07 - 2021-01-09 22:10 - 002281472 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64.exe
2021-01-08 21:05 - 2021-01-08 21:09 - 000000000 ____D C:\Users\Sandra\Downloads\backups
2021-01-08 13:38 - 2021-01-08 13:38 - 000000000 ____D C:\Users\Sandra\Desktop\Nová složka
2021-01-08 13:33 - 2021-01-09 22:18 - 002100024 _____ C:\Windows\ZAM.krnl.trace
2021-01-08 13:33 - 2021-01-08 19:49 - 000000000 ____D C:\Users\Sandra\AppData\Local\AMSDK
2021-01-08 13:33 - 2021-01-08 13:33 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2021-01-08 13:33 - 2021-01-08 13:33 - 000003560 _____ C:\Windows\system32\Tasks\AMHelper
2021-01-08 13:33 - 2021-01-08 13:33 - 000001333 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2021-01-08 13:33 - 2021-01-08 13:33 - 000000000 ____D C:\Users\Sandra\AppData\Local\Zemana
2021-01-08 13:33 - 2021-01-08 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2021-01-08 13:33 - 2021-01-08 13:33 - 000000000 ____D C:\Program Files (x86)\Zemana
2021-01-08 08:29 - 2021-01-08 08:29 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-08 08:29 - 2021-01-08 08:29 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-08 08:29 - 2021-01-08 08:29 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-08 08:29 - 2021-01-08 08:28 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-08 08:29 - 2021-01-08 08:28 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-01-08 08:28 - 2021-01-08 08:28 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-08 08:07 - 2021-01-08 08:07 - 000000000 ____D C:\zoek_backup
2021-01-07 21:03 - 2021-01-07 21:03 - 012795472 _____ (Zemana Ltd. ) C:\Users\Sandra\Downloads\AntiMalware_Setup.exe
2021-01-07 00:15 - 2021-01-07 00:15 - 000000000 ____D C:\ProgramData\Sophos
2021-01-07 00:12 - 2021-01-07 00:12 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2021-01-07 00:12 - 2021-01-07 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-01-07 00:12 - 2021-01-07 00:12 - 000000000 ____D C:\Program Files (x86)\Sophos
2021-01-07 00:01 - 2021-01-07 00:02 - 040484848 _____ (Adlice Software ) C:\Users\Sandra\Downloads\setup.exe
2021-01-06 23:59 - 2021-01-07 00:07 - 206758184 _____ (Sophos Limited) C:\Users\Sandra\Downloads\Sophos Virus Removal Tool.exe
2021-01-06 23:46 - 2021-01-06 23:46 - 000001219 _____ C:\Users\Sandra\Desktop\JRT.txt
2021-01-06 23:25 - 2021-01-06 23:25 - 001790024 _____ (Malwarebytes) C:\Users\Sandra\Downloads\JRT.exe
2021-01-06 22:31 - 2021-01-06 22:31 - 000000000 ____D C:\Users\Sandra\AppData\Local\mbam
2021-01-06 22:30 - 2021-01-06 22:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-06 22:28 - 2021-01-06 22:28 - 002086424 _____ (Malwarebytes) C:\Users\Sandra\Downloads\MBSetup.exe
2021-01-06 22:23 - 2021-01-06 22:23 - 008447152 _____ (Malwarebytes) C:\Users\Sandra\Downloads\AdwCleaner.exe
2021-01-06 22:13 - 2021-01-06 22:13 - 000448512 _____ (OldTimer Tools) C:\Users\Sandra\Downloads\TFC.exe
2021-01-06 18:11 - 2021-01-06 18:11 - 000275768 _____ C:\Users\Sandra\Downloads\Vypocet_nutricnich_hodnot.pdf
2021-01-06 17:42 - 2021-01-06 17:42 - 000388608 _____ (Trend Micro Inc.) C:\Users\Sandra\Downloads\HijackThis.exe
2021-01-05 21:28 - 2021-01-05 21:30 - 000000000 ____D C:\AdwCleaner
2021-01-05 21:28 - 2021-01-05 21:28 - 008447152 _____ (Malwarebytes) C:\Users\Sandra\Downloads\adwcleaner_8.0.8.exe
2021-01-05 21:15 - 2021-01-05 21:22 - 000000000 ____D C:\ProgramData\TEMP
2021-01-05 21:12 - 2021-01-05 21:12 - 000000000 ____D C:\ProgramData\Simply Super Software
2021-01-05 21:09 - 2021-01-05 21:09 - 010197816 _____ (Simply Super Software ) C:\Users\Sandra\Downloads\trjsetup.exe
2021-01-05 20:59 - 2021-01-08 08:24 - 000000000 ____D C:\Users\Sandra\AppData\LocalLow\uTorrent
2021-01-05 20:48 - 2021-01-06 12:29 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-05 20:22 - 2021-01-05 20:23 - 000002259 _____ C:\Windows\epplauncher.mif
2021-01-05 13:10 - 2021-01-08 08:22 - 000000000 ____D C:\Windows\F1VPIJD6
2021-01-05 12:59 - 2021-01-05 12:59 - 000000000 ____D C:\Users\Sandra\AppData\Roaming\SantolinaFutureSolution
2021-01-05 12:59 - 2021-01-05 12:59 - 000000000 ____D C:\Users\Sandra\AppData\Local\SansevieriaFutureoxfSolution
2021-01-05 12:36 - 2021-01-08 13:45 - 000000000 ____D C:\Users\Sandra\AppData\Local\CrashDumps
2021-01-05 12:27 - 2021-01-08 21:08 - 000000000 ____D C:\Users\Sandra\AppData\Roaming\uTorrent
2021-01-05 12:27 - 2021-01-05 12:27 - 000000897 _____ C:\Users\Sandra\Desktop\µTorrent.lnk
2021-01-05 12:27 - 2021-01-05 12:27 - 000000877 _____ C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-01-05 12:23 - 2021-01-05 12:23 - 000000000 ____D C:\Users\Sandra\AppData\Roaming\Avast Software
2021-01-05 12:23 - 2021-01-05 12:23 - 000000000 ____D C:\Users\Sandra\AppData\Local\CEF
2021-01-05 12:18 - 2021-01-05 12:17 - 000522480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb52443622695cba0.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000469472 _____ (AVAST Software) C:\Windows\system32\Drivers\asw299b733352a99519.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000340576 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-01-05 12:18 - 2021-01-05 12:17 - 000326064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw74550e8d538b3612.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000247888 _____ (AVAST Software) C:\Windows\system32\Drivers\asw22b7e72836d42e12.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000216984 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8222a422a5bcb7eb.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000176384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcb68733c49b8fb26.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000108928 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6b462f85b69196db.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000097360 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6f9646c676474457.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000084496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf12027053b663d2e.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000042424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbcf271c496a9b83a.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000016832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb6b2325e4c16813d.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000851256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa59f3dda871524e6.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000332880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswae53611db8945e83.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000208672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe202145d221eb9b3.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000036792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa45697add88a7f1c.tmp
2021-01-05 12:15 - 2021-01-05 12:15 - 000000000 ____D C:\Program Files\Avast Software
2021-01-05 12:14 - 2021-01-08 08:24 - 000000000 ____D C:\Users\Sandra\AppData\Local\BitTorrentHelper
2021-01-05 12:13 - 2021-01-05 12:32 - 000000000 ____D C:\ProgramData\Avast Software
2021-01-05 12:13 - 2021-01-05 12:13 - 000000000 ____D C:\Users\Sandra\AppData\Local\Opera Software
2021-01-05 12:11 - 2021-01-05 21:30 - 000000000 ____D C:\Users\Sandra\AppData\Local\Lavasoft
2021-01-05 12:11 - 2021-01-05 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-01-05 12:10 - 2021-01-05 21:30 - 000000000 ____D C:\Users\Sandra\AppData\Roaming\Lavasoft
2021-01-05 12:10 - 2021-01-05 21:30 - 000000000 ____D C:\ProgramData\Lavasoft
2021-01-05 12:10 - 2021-01-05 21:30 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-01-05 12:10 - 2021-01-05 12:10 - 000001870 _____ C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-05 12:10 - 2021-01-05 12:10 - 000000000 ____D C:\Users\Sandra\AppData\Roaming\Opera Software
2021-01-05 12:10 - 2021-01-05 12:10 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-05 12:00 - 2021-01-06 16:22 - 000000000 ____D C:\ProgramData\WinZip
2021-01-05 11:59 - 2021-01-05 11:59 - 000000000 ____D C:\ProgramData\UniqueId
2021-01-05 11:26 - 2021-01-05 11:26 - 030536752 _____ (Piriform Software Ltd) C:\Users\Sandra\Downloads\ccsetup575.exe
2021-01-02 20:14 - 2021-01-02 20:16 - 024254628 _____ C:\Users\Sandra\Downloads\Zaklínač všechny knihy v pdf.rar
2021-01-02 20:12 - 2021-01-02 20:14 - 015011614 _____ C:\Users\Sandra\Downloads\Flanagan John Hranicaruv ucen 1-12.zip
2021-01-02 20:11 - 2021-01-02 20:11 - 002499814 _____ C:\Users\Sandra\Downloads\Flanagan, John - Hranicaruv ucen 13 - Klan Rude lisky.epub
2021-01-02 20:06 - 2021-01-02 20:08 - 035145026 _____ C:\Users\Sandra\Downloads\Pisen ledu a ohne komplet.rar
2020-12-27 18:53 - 2020-12-27 18:53 - 000009764 _____ C:\Users\Sandra\Downloads\calendar-11-2021-P-a4-7calendar.pdf
2020-12-27 18:53 - 2020-12-27 18:53 - 000009697 _____ C:\Users\Sandra\Downloads\calendar-12-2021-P-a4-7calendar.pdf
2020-12-27 18:53 - 2020-12-27 18:53 - 000009488 _____ C:\Users\Sandra\Downloads\calendar-10-2021-P-a4-7calendar.pdf
2020-12-27 18:52 - 2020-12-27 18:52 - 000009493 _____ C:\Users\Sandra\Downloads\calendar-8-2021-P-a4-7calendar.pdf
2020-12-27 18:52 - 2020-12-27 18:52 - 000009491 _____ C:\Users\Sandra\Downloads\calendar-7-2021-P-a4-7calendar.pdf
2020-12-27 18:52 - 2020-12-27 18:52 - 000009471 _____ C:\Users\Sandra\Downloads\calendar-9-2021-P-a4-7calendar.pdf
2020-12-27 18:51 - 2020-12-27 18:51 - 000009465 _____ C:\Users\Sandra\Downloads\calendar-6-2021-P-a4-7calendar.pdf
2020-12-27 18:50 - 2020-12-27 18:51 - 000009408 _____ C:\Users\Sandra\Downloads\calendar-5-2021-P-a4-7calendar.pdf
2020-12-26 20:00 - 2020-12-26 20:00 - 000009500 _____ C:\Users\Sandra\Downloads\calendar-4-2021-P-a4-7calendar.pdf
2020-12-26 20:00 - 2020-12-26 20:00 - 000009454 _____ C:\Users\Sandra\Downloads\calendar-3-2021-P-a4-7calendar.pdf
2020-12-26 19:59 - 2020-12-26 19:59 - 000009366 _____ C:\Users\Sandra\Downloads\calendar-1-2021-P-a4-7calendar.pdf
2020-12-26 19:58 - 2020-12-26 19:58 - 000009399 _____ C:\Users\Sandra\Downloads\calendar-2-2021-P-a4-7calendar.pdf
2020-12-16 08:31 - 2020-12-16 08:31 - 000378410 _____ C:\Users\Sandra\Downloads\Materialy-na-prijimacky-Podnikova-ekonomika-PE301-7.pdf
2020-12-15 21:42 - 2020-12-15 21:48 - 225455945 _____ C:\Users\Sandra\Downloads\OneDrive_2020-12-15 (3).zip
2020-12-15 18:48 - 2020-12-15 18:59 - 313534109 _____ C:\Users\Sandra\Downloads\OneDrive_2020-12-15 (2).zip
2020-12-15 18:27 - 2020-12-15 18:35 - 256342456 _____ C:\Users\Sandra\Downloads\OneDrive_2020-12-15 (1).zip
2020-12-15 18:15 - 2020-12-15 18:23 - 138290032 _____ C:\Users\Sandra\Downloads\7_prednaska.zip
2020-12-15 18:14 - 2020-12-15 18:18 - 155733171 _____ C:\Users\Sandra\Downloads\5_prednaska.zip
2020-12-15 18:13 - 2020-12-15 18:13 - 004913570 _____ C:\Users\Sandra\Downloads\OneDrive_2020-12-15.zip
2020-12-14 17:57 - 2020-12-14 18:15 - 323341179 _____ C:\Users\Sandra\Downloads\Bleach 1 CZ Hardsub [HD].mp4
2020-12-11 09:23 - 2020-12-11 09:24 - 059130404 _____ C:\Users\Sandra\Downloads\OneDrive_2020-12-11.zip
2020-12-10 15:06 - 2020-12-10 15:06 - 002045952 _____ C:\Windows\system32\rdpnano.dll
2020-12-10 15:06 - 2020-12-10 15:06 - 000171008 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2020-12-10 15:02 - 2020-12-10 15:02 - 000100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncpa.cpl
2020-12-10 15:02 - 2020-12-10 15:02 - 000000357 _____ C:\Windows\system32\DrtmAuth14.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000357 _____ C:\Windows\system32\DrtmAuth13.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth18.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth17.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth16.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth15.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-12-10 15:02 - 2020-12-10 15:02 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-12-10 14:56 - 2020-12-10 14:56 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\ncpa.cpl
2020-12-10 14:50 - 2020-12-10 14:50 - 001756600 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-12-10 14:50 - 2020-12-10 14:50 - 001366144 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-12-10 14:50 - 2020-12-10 14:50 - 000059392 _____ C:\Windows\system32\runexehelper.exe
2020-12-10 14:50 - 2020-12-10 14:50 - 000001370 _____ C:\Windows\system32\ThirdPartyNoticesBySHS.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-09 22:07 - 2020-02-11 17:09 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-01-09 21:01 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-09 17:26 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2021-01-09 14:51 - 2020-10-04 23:12 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-09 14:51 - 2020-10-04 23:12 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-09 10:46 - 2020-02-11 17:27 - 000000000 ____D C:\Program Files\CCleaner
2021-01-08 19:52 - 2020-02-11 17:19 - 000000000 ____D C:\Users\Sandra\AppData\Local\VirtualStore
2021-01-08 08:30 - 2020-02-11 17:15 - 001606106 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-08 08:30 - 2019-03-19 12:57 - 000683780 _____ C:\Windows\system32\perfh005.dat
2021-01-08 08:30 - 2019-03-19 12:57 - 000137462 _____ C:\Windows\system32\perfc005.dat
2021-01-08 08:29 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-01-08 08:22 - 2020-02-11 17:09 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-08 08:22 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2021-01-08 08:06 - 2020-02-11 17:27 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-08 08:06 - 2020-02-11 17:27 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-05 20:53 - 2020-02-11 18:14 - 000000000 ____D C:\Users\Sandra\AppData\Local\ElevatedDiagnostics
2021-01-05 20:44 - 2020-02-11 17:19 - 000000000 ____D C:\Users\Sandra
2021-01-05 11:28 - 2020-02-11 17:27 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-01-05 11:28 - 2020-02-11 17:27 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-01-05 09:51 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2021-01-03 22:12 - 2020-02-11 18:01 - 000000000 ____D C:\Users\Sandra\AppData\Roaming\vlc
2020-12-31 21:19 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-26 14:46 - 2020-09-22 08:04 - 000000000 ____D C:\Users\Sandra\Desktop\přednášky
2020-12-17 16:55 - 2020-02-11 17:29 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3032404416-3862637612-1766263083-1001
2020-12-17 16:54 - 2020-02-11 17:29 - 000000000 ___RD C:\Users\Sandra\OneDrive
2020-12-17 16:54 - 2020-02-11 17:19 - 000002368 _____ C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-10 23:32 - 2020-02-11 17:19 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-10 23:32 - 2020-02-11 17:19 - 000000000 ___RD C:\Users\Sandra\3D Objects
2020-12-10 23:30 - 2020-02-11 17:09 - 000446080 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-10 23:29 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-12-10 23:28 - 2019-03-19 12:59 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-10 23:28 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-12-10 23:28 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SystemResources
2020-12-10 23:28 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\oobe
2020-12-10 23:28 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Dism
2020-12-10 23:28 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-12-10 23:28 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-12-10 23:28 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\bcastdvr
2020-12-10 23:28 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-10 23:28 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-10 16:03 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Sandra97
nováček
Příspěvky: 27
Registrován: leden 21
Pohlaví: Žena

Re: Prosím o kontrolu

Příspěvekod Sandra97 » 09 led 2021 23:06

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by Sandra (09-01-2021 22:19:48)
Running from C:\Users\Sandra\Downloads
Windows 10 Pro Version 1909 18363.1256 (X64) (2020-02-11 16:11:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3032404416-3862637612-1766263083-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3032404416-3862637612-1766263083-503 - Limited - Disabled)
Guest (S-1-5-21-3032404416-3862637612-1766263083-501 - Limited - Disabled)
Sandra (S-1-5-21-3032404416-3862637612-1766263083-1001 - Administrator - Enabled) => C:\Users\Sandra
WDAGUtilityAccount (S-1-5-21-3032404416-3862637612-1766263083-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
Adobe Reader X - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Age of Wushu (HKLM-x32\...\{A0AFB64E-79E1-45BF-BA6C-18C21E007D8E}) (Version: 0.0.1.221 - Snail Games USA)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.49.53 - Conexant)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
HP LaserJet Pro MFP M25-M27 (HKLM-x32\...\{6f61eb21-bed8-4110-99c0-df985ca05b33}) (Version: 15.0.16103.89 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{C15D823A-EDC1-409F-8C81-CA1A66146146}) (Version: 3.0.26.8 - HP) Hidden
HPLJM25M27 (HKLM-x32\...\{1612D7B8-386E-4FAD-8059-0415F6918F36}) (Version: 0.00.0005 - Hewlett-Packard) Hidden
HPLJUTCore (HKLM-x32\...\{06C9D648-CFC6-48CC-A11B-C4A21BEDDAF1}) (Version: 018.000.0001 - HP) Hidden
HPLJUTM25_27 (HKLM-x32\...\{90CEE3E5-971D-4A2D-AF76-BC6B7F4DBEE8}) (Version: 020.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM25_M27LaserJetService (HKLM-x32\...\{ED85D11B-25FE-4389-8FF6-B02EAB672D8C}) (Version: 001.034.00693 - HP Inc.) Hidden
hpStatusAlerts (HKLM-x32\...\{32DE03E8-D0B3-4D13-A885-D3EDFC959EEC}) (Version: 180.040.00267 - HP Development Company, L.P.) Hidden
hpStatusAlertsM25-M27 (HKLM-x32\...\{42C49CAE-7225-41D0-9336-9A4FB163B26A}) (Version: 080.046.00114 - Hewlett-Packard) Hidden
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Ochrana koncového bodu Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.2004.84 - Trusteer)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.2004.84 - Trusteer) Hidden
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Stronghold Crusader 1.3 - Konečná verze (HKLM-x32\...\Stronghold Crusader 1.3 - Konečná verze) (Version: 1.3 - Konečná verze - Dejvproduction)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Zemana AntiMalware verze 3.2.27 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.27 - Zemana)

Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-03-07] (Canon Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-30] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-19] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3032404416-3862637612-1766263083-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-08] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2018-07-18 15:27 - 2018-07-18 15:27 - 000747520 _____ () [File not signed] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [135]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandra\Downloads\073028439.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{848482C4-E883-48B1-B5A0-FF806F578CE6}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M25-M27\bin\EWSProxy.exe (Hewlett Packard -> HP Inc., LP)
FirewallRules: [{4725466E-44B5-4045-8916-3242D47066E2}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M25-M27\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc., LP)
FirewallRules: [TCP Query User{067DB1F1-18DB-4F94-B7E7-7DA10A6E7B95}C:\users\sandra\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\sandra\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B7C34FE2-4E89-4ACE-8E6D-0257A71AD45A}C:\users\sandra\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\sandra\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{11786EC5-53C0-4D42-9802-4412EE9AA0D6}C:\users\sandra\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\sandra\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{2044D49D-85DC-47A7-A0D6-F4FAF7600CF7}C:\users\sandra\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\sandra\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1EC48DD1-CB66-48E7-983D-0807590EF244}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6949D62F-628D-4E30-A6E2-23BED6F7528C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C209B1BB-1439-48E7-82CD-8D682050D470}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F20778AB-7203-409B-AD9F-369A9186D8B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9147E8F4-2EFC-4EE5-9F43-7C411385D3F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{740B7D5E-0C81-4285-9F10-A30DF3365CF7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9E94265D-140F-4539-9BE6-748749972BBF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F6F778E5-330A-41E2-AB73-8AB515EB59D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4576C4DB-145E-4E4A-98E2-7E732B9CC816}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D287FFFC-8297-4938-9B4E-97499F0F3F62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE8A8B26-2BA3-4B7D-8203-3AB0184F0AE4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{32ECFC46-1B8A-4C86-B383-136D1E975D92}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5A50E395-9FC3-4E11-A50B-962AEB539FB4}] => (Allow) C:\Users\Sandra\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{868BABF4-0BC1-490D-9DAF-ADE9F6F654B1}] => (Allow) C:\Users\Sandra\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AE3B88CC-64DE-450B-921D-03D694596439}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

06-01-2021 00:48:16 Naplánovaný kontrolní bod
06-01-2021 23:26:35 JRT Pre-Junkware Removal
06-01-2021 23:28:14 JRT Pre-Junkware Removal
08-01-2021 08:25:22 Removed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/08/2021 01:35:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AntiMalware.exe, verze: 3.2.27.0, časové razítko: 0x5f21537e
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.1171, časové razítko: 0xe94aeef6
Kód výjimky: 0xc0000374
Posun chyby: 0x000dfc3d
ID chybujícího procesu: 0x1f28
Čas spuštění chybující aplikace: 0x01d6e5baa78feeb6
Cesta k chybující aplikaci: C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 88bccf5a-0d47-4095-a172-1d8dd48d5316
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/08/2021 01:34:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AntiMalware.exe, verze: 3.2.27.0, časové razítko: 0x5f21537e
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.1171, časové razítko: 0xe94aeef6
Kód výjimky: 0xc0000374
Posun chyby: 0x000dfc3d
ID chybujícího procesu: 0x20c0
Čas spuštění chybující aplikace: 0x01d6e5ba854b8450
Cesta k chybující aplikaci: C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 6f7f60d5-72a4-47fd-a219-850da28346ef
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/08/2021 08:43:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SVRTgui.exe verze 2.7.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 13a8

Čas spuštění: 01d6e591bba502c0

Čas ukončení: 28

Cesta k aplikaci: C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe

ID hlášení: 92b73c57-ebcd-41c2-8481-6223264caf4e

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Cross-thread

Error: (01/08/2021 08:40:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DllHost.exe, verze: 10.0.18362.1, časové razítko: 0x4250d5de
Název chybujícího modulu: combase.dll, verze: 10.0.18362.1237, časové razítko: 0x3e460a61
Kód výjimky: 0xc0000005
Posun chyby: 0x000fdf5d
ID chybujícího procesu: 0xd44
Čas spuštění chybující aplikace: 0x01d6e590184622dd
Cesta k chybující aplikaci: C:\Windows\SysWOW64\DllHost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\combase.dll
ID zprávy: 701e5e10-3d0a-4ced-8937-4cf35f9c8440
Úplný název chybujícího balíčku: Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c
ID aplikace související s chybujícím balíčkem: App

Error: (01/07/2021 06:30:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TiWorker.exe, verze: 4.1.0.0, časové razítko: 0x593a0b3e
Název chybujícího modulu: combase.dll, verze: 10.0.18362.1237, časové razítko: 0xfd9cab5f
Kód výjimky: 0xc0000409
Posun chyby: 0x0000000000165dbf
ID chybujícího procesu: 0x1d78
Čas spuštění chybující aplikace: 0x01d6e4b6317c0c55
Cesta k chybující aplikaci: C:\Windows\SysWOW64\cs-CZ\S-1-5-79\TiWorker.exe
Cesta k chybujícímu modulu: C:\Windows\System32\combase.dll
ID zprávy: 3f53f788-4934-423e-a839-9bca71e0d868
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/06/2021 08:50:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HPLaserJetService.exe, verze: 9.33.926.0, časové razítko: 0x53aa5ec3
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.1171, časové razítko: 0xe94aeef6
Kód výjimky: 0xc0000005
Posun chyby: 0x0005b373
ID chybujícího procesu: 0xd48
Čas spuštění chybující aplikace: 0x01d6e3a1ccac0cdc
Cesta k chybující aplikaci: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 3fe8825e-9d9f-47e2-abe0-0e3839e37594
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (01/06/2021 08:40:16 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: HPLaserJetService.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: kód výjimky c0000005, adresa výjimky 773AB373

Error: (01/05/2021 08:23:49 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: DESKTOP-CUERP9V)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.


System errors:
=============
Error: (01/09/2021 10:47:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (01/08/2021 08:22:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba MBAMChameleon neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/07/2021 10:55:14 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (01/06/2021 04:36:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP LaserJet Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/06/2021 04:36:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/06/2021 04:36:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba StopUpdates10 Guard byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/06/2021 04:36:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Lenovo PM Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/06/2021 04:14:38 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-CUERP9V)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}


Windows Defender:
===================================
Date: 2021-01-06 17:36:08.012
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {A7B1406A-66F0-4804-8506-F59B975ED1E9}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-06 17:23:11.270
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {1223101C-85B2-4228-804F-3CEB90A0229D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-06 09:31:19.108
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wrokni.C
ID: 2147735106
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Sandra\AppData\Local\Temp\7882645F6AF8B82B.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.1694.0, AS: 1.329.1694.0, NIS: 0.0.0.0
Verze modulu: AM: 1.1.17700.4, NIS: 0.0.0.0

Date: 2021-01-05 19:31:03.865
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
ID: 2147741622
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: DESKTOP-CUERP9V\Sandra
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.329.1694.0, AS: 1.329.1694.0, NIS: 1.329.1694.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-05 11:19:37.596
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.D3!ml
ID: 2147757782
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Sandra\AppData\Local\Temp\23E04C4F32EF2158.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-CUERP9V\Sandra
Název procesu: C:\Users\Sandra\AppData\Local\Temp\7882645F6AF8B82B.exe
Verze bezpečnostních informací: AV: 1.329.1694.0, AS: 1.329.1694.0, NIS: 1.329.1694.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-01-09 15:06:22.087
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.1821.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Date: 2021-01-08 14:39:25.741
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.1821.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Date: 2021-01-08 08:50:43.419
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.1821.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Date: 2021-01-07 20:08:34.348
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.1694.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Date: 2021-01-06 22:28:16.732
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.1694.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80070422
Popis chyby: Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

CodeIntegrity:
===================================

Date: 2021-01-06 22:36:59.621
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2021-01-05 12:29:12.652
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-05 12:29:11.794
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-05 12:28:28.325
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-05 12:28:27.236
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-05 12:20:13.792
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-05 12:20:12.695
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-05 12:20:11.513
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 6IET83WW (1.43 ) 04/12/2012
Motherboard: LENOVO 2537AT1
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz
Percentage of memory in use: 61%
Total physical RAM: 3891.67 MB
Available physical RAM: 1515.29 MB
Total Virtual: 11571.67 MB
Available Virtual: 8706.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.91 GB) (Free:63.02 GB) NTFS
Drive d: (Data) (Fixed) (Total:297.55 GB) (Free:58.93 GB) NTFS

\\?\Volume{715951e0-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 715951E0)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 6B395939)
Partition 1: (Not Active) - (Size=297.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41333
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 10 led 2021 00:00

to je hrůza , zbytky Avast , Lavasoft..to se musí pořádně odinstalovávat!§

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\...\Policies\Explorer: [NoSecurityTab] 1
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2D557161-B9BC-4395-991F-FA149D74CB5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-11] (Google Inc -> Google Inc.)
Task: {BFDA9011-F921-4D90-92AD-16183D7A732C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-11] (Google Inc -> Google Inc.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
dge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [kajikgogckeajjplomldcempamhidmcc]
CHR HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-05 12:23 - 2021-01-05 12:23 - 000000000 ____D C:\Users\Sandra\AppData\Roaming\Avast Software
2021-01-05 12:23 - 2021-01-05 12:23 - 000000000 ____D C:\Users\Sandra\AppData\Local\CEF
2021-01-05 12:18 - 2021-01-05 12:17 - 000522480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb52443622695cba0.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000469472 _____ (AVAST Software) C:\Windows\system32\Drivers\asw299b733352a99519.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000340576 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-01-05 12:18 - 2021-01-05 12:17 - 000326064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw74550e8d538b3612.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000247888 _____ (AVAST Software) C:\Windows\system32\Drivers\asw22b7e72836d42e12.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000216984 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8222a422a5bcb7eb.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000176384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcb68733c49b8fb26.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000108928 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6b462f85b69196db.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000097360 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6f9646c676474457.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000084496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf12027053b663d2e.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000042424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbcf271c496a9b83a.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000016832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb6b2325e4c16813d.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000851256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa59f3dda871524e6.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000332880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswae53611db8945e83.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000208672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe202145d221eb9b3.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000036792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa45697add88a7f1c.tmp
2021-01-05 12:15 - 2021-01-05 12:15 - 000000000 ____D C:\Program Files\Avast Software
C:\ProgramData\Avast Software
C:\Users\Sandra\AppData\Local\Lavasoft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
C:\Users\Sandra\AppData\Roaming\Lavasoft
C:\ProgramData\Lavasoft
C:\Program Files (x86)\Lavasoft
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [135]

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

C:\Windows\F1VPIJD6 podívej se co je v té složce.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Sandra97
nováček
Příspěvky: 27
Registrován: leden 21
Pohlaví: Žena

Re: Prosím o kontrolu

Příspěvekod Sandra97 » 10 led 2021 13:08

Avast se mi stáhl společně s jiným souborem, vůbec jsem ho nechtěla a odinstalovala jsem ho přes CCleaner, protože se to začalo sekat. Co je to další nemám tušení.
Tady je ten další log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-01-2021
Ran by Sandra (10-01-2021 12:58:47) Run:1
Running from C:\Users\Sandra\Downloads
Loaded Profiles: Sandra
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\...\Policies\Explorer: [NoSecurityTab] 1
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2D557161-B9BC-4395-991F-FA149D74CB5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-11] (Google Inc -> Google Inc.)
Task: {BFDA9011-F921-4D90-92AD-16183D7A732C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2020-02-11] (Google Inc -> Google Inc.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
dge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [kajikgogckeajjplomldcempamhidmcc]
CHR HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-05 12:23 - 2021-01-05 12:23 - 000000000 ____D C:\Users\Sandra\AppData\Roaming\Avast Software
2021-01-05 12:23 - 2021-01-05 12:23 - 000000000 ____D C:\Users\Sandra\AppData\Local\CEF
2021-01-05 12:18 - 2021-01-05 12:17 - 000522480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb52443622695cba0.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000469472 _____ (AVAST Software) C:\Windows\system32\Drivers\asw299b733352a99519.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000340576 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2021-01-05 12:18 - 2021-01-05 12:17 - 000326064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw74550e8d538b3612.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000247888 _____ (AVAST Software) C:\Windows\system32\Drivers\asw22b7e72836d42e12.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000216984 _____ (AVAST Software) C:\Windows\system32\Drivers\asw8222a422a5bcb7eb.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000176384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswcb68733c49b8fb26.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000108928 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6b462f85b69196db.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000097360 _____ (AVAST Software) C:\Windows\system32\Drivers\asw6f9646c676474457.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000084496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswf12027053b663d2e.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000042424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbcf271c496a9b83a.tmp
2021-01-05 12:18 - 2021-01-05 12:17 - 000016832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswb6b2325e4c16813d.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000851256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa59f3dda871524e6.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000332880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswae53611db8945e83.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000208672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswe202145d221eb9b3.tmp
2021-01-05 12:18 - 2021-01-05 12:16 - 000036792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswa45697add88a7f1c.tmp
2021-01-05 12:15 - 2021-01-05 12:15 - 000000000 ____D C:\Program Files\Avast Software
C:\ProgramData\Avast Software
C:\Users\Sandra\AppData\Local\Lavasoft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
C:\Users\Sandra\AppData\Roaming\Lavasoft
C:\ProgramData\Lavasoft
C:\Program Files (x86)\Lavasoft
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [135]

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab" => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dismHost.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EOSNOTIFY.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\InstallAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MusNotification.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MUSNOTIFICATIONUX.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\remsh.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SIHClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UpdateAssistant.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UPFC.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UsoClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WaaSMedic.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WaasMedicAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Windows10Upgrade.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINDOWS10UPGRADERAPP.EXE => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D557161-B9BC-4395-991F-FA149D74CB5B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D557161-B9BC-4395-991F-FA149D74CB5B}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFDA9011-F921-4D90-92AD-16183D7A732C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFDA9011-F921-4D90-92AD-16183D7A732C}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
dge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\kajikgogckeajjplomldcempamhidmcc => could not remove. Access Denied.
HKU\S-1-5-21-3032404416-3862637612-1766263083-1001\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof => could not remove. Access Denied.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee => removed successfully
"C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job" => not found
C:\Users\Sandra\AppData\Roaming\Avast Software => moved successfully
C:\Users\Sandra\AppData\Local\CEF => moved successfully
C:\Windows\system32\Drivers\aswb52443622695cba0.tmp => moved successfully
C:\Windows\system32\Drivers\asw299b733352a99519.tmp => moved successfully
C:\Windows\system32\aswBoot.exe => moved successfully
C:\Windows\system32\Drivers\asw74550e8d538b3612.tmp => moved successfully
C:\Windows\system32\Drivers\asw22b7e72836d42e12.tmp => moved successfully
C:\Windows\system32\Drivers\asw8222a422a5bcb7eb.tmp => moved successfully
C:\Windows\system32\Drivers\aswcb68733c49b8fb26.tmp => moved successfully
C:\Windows\system32\Drivers\asw6b462f85b69196db.tmp => moved successfully
C:\Windows\system32\Drivers\asw6f9646c676474457.tmp => moved successfully
C:\Windows\system32\Drivers\aswf12027053b663d2e.tmp => moved successfully
C:\Windows\system32\Drivers\aswbcf271c496a9b83a.tmp => moved successfully
C:\Windows\system32\Drivers\aswb6b2325e4c16813d.tmp => moved successfully
C:\Windows\system32\Drivers\aswa59f3dda871524e6.tmp => moved successfully
C:\Windows\system32\Drivers\aswae53611db8945e83.tmp => moved successfully
C:\Windows\system32\Drivers\aswe202145d221eb9b3.tmp => moved successfully
C:\Windows\system32\Drivers\aswa45697add88a7f1c.tmp => moved successfully
C:\Program Files\Avast Software => moved successfully
C:\ProgramData\Avast Software => moved successfully
C:\Users\Sandra\AppData\Local\Lavasoft => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\Users\Sandra\AppData\Roaming\Lavasoft => moved successfully
C:\ProgramData\Lavasoft => moved successfully
C:\Program Files (x86)\Lavasoft => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18020219 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 8175841 B
Edge => 62464 B
Chrome => 383139594 B
Firefox => 0 B
Opera => 5977147 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9159729 B
NetworkService => 30287915 B
Sandra => 53184734 B

RecycleBin => 0 B
EmptyTemp: => 493.2 MB temporary data Removed.

================================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41333
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 10 led 2021 17:13

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Sandra97
nováček
Příspěvky: 27
Registrován: leden 21
Pohlaví: Žena

Re: Prosím o kontrolu

Příspěvekod Sandra97 » 10 led 2021 17:26

Kromě toho, že Windows Defender hlásí škodlivý software a vyskakují tam trojany, ale jiný program nic nenajde, tak jsem nic už nezaznamenala.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41333
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu

Příspěvekod jaro3 » 10 led 2021 18:22

Jaký škodlivý software? Můžeš pořídit fotku , a vložit ji do příspěvku jako přílohu?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 4 hosti