log Hijack Vyřešeno

[Paull]

Zatím jsem ještě Chrom a Ccleaner nyní nedělal, ale zatím jsem vyzkoušel nainstalovat Operu a v ní stahování také nefunguje. Vyhodí to hlášku "Přerušeno-antivirová analýza se nezdařila".
Mám tedy zkoušet znovu dát Chrome pryč a projet Ccleanerem?
Díky za pomoc a přeji krásné Vánoce.

[Reklama]

[jaro3]

Taky přeji!
Ano , vyzkoušej to.
Opravdu to jde tedy jen ve firefoxu?

McAfee WebAdvisor je pryč?

[Paull]

Ok, vyzkouším. Zda je McAfee pryč, nevím, domnívám se, že ano. Mám udělat FRST nebo HiJack, abysme to zjistili? Ale tuším v posledním logu HJT nefiguruje.

[Paull]

Takže Chrome odinstalovaný, projeto Ccleanerem. Ccleaner nic zásadního nenašel. Nechal jsem to tedy projet v nějakém defaultním režimu, nic jsem nikde neměnil, páč se v tom nevyznám, tak abych něco nepo...Teď píšu z Opery, kde tedy to stahování stále také nefunguje (stále stejná hláška "přerušeno-antivirová analýze se nezdařila")

[jaro3]

Jo můžeš udělat nový FRST , oba logy. Ten firefox jde?

+
Stáhni si MiniToolBox
a spusť ho.
V okně zaškrtni čtverečky:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Potom klikni na GO , po chvíli skenu se objeví log s názvem „Result“ , zkopíruj sem celý jeho obsah.

***********************************************************

podívám se zítra.

[Paull]

Firefox funguje a stahuje bez problémů.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Pavel (administrator) on DESKTOP-54V8III (23-12-2020 23:02:35)
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel & Lukáš & Vojta
Platform: Windows 10 Pro Version 2004 19041.685 (X64) Language: Čeština (Česko)
Default browser not detected!
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Comodo Security Solutions -> Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe <6>
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe <2>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <9>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\112.4.321\QtWebEngineProcess.exe <8>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Lukáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Pavel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Vojta\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <4>
(Opera Software AS -> Opera Software) C:\Users\Pavel\AppData\Local\Programs\Opera\73.0.3856.284\opera.exe <23>
(Opera Software AS -> Opera Software) C:\Users\Pavel\AppData\Local\Programs\Opera\73.0.3856.284\opera_crashreporter.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler64.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe <3>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe <3>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe <3>
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrAdm.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrAuf.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrDba.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrHis.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrPas.exe
(Volkswagen AG) [File not signed] C:\ElsaWin\bin\LcSvrSaz.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13189920 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-12-15] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Pavel\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Run: [CCleanerBrowserAutoLaunch_138B9A10E97B0A7EEDFDA35E8D37907F] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2138032 2020-11-12] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\86.1.6938.201\Installer\chrmstp.exe [2020-12-23] (Piriform Software Ltd -> Piriform Software)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FFD808E-869C-4A3F-9F37-12595CD14857} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {212ECCC7-B470-4012-8171-9CFFD6D3DB68} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {2CC45544-DD94-4DBD-BB41-76BAC1A3B0AF} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2138032 2020-11-12] (Piriform Software Ltd -> Piriform Software)
Task: {3565ED5B-C8E4-4870-8740-085D250AB61F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {44D9969D-E0AB-4F15-8B7F-73A0838B1246} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A9DE46F-D65A-4B6C-A282-26436CCE3303} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {521674FC-C0AD-4D21-8761-3EA78022673C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {5DCEC353-104C-4ED0-B1B2-6FC38FFD8E1E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13189920 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {697E259D-F39C-486C-84DA-708244679FA5} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2020-12-23] (Piriform Software Ltd -> Piriform Software)
Task: {6FEFB9C3-2F22-4173-91CD-E0038FFFD009} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {7D92677F-100B-4248-B1AE-4D6401F6D57B} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13189920 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {88EDA061-2E22-4F4E-BB12-11ED523F68A4} - System32\Tasks\Opera scheduled Autoupdate 1608715694 => C:\Users\Pavel\AppData\Local\Programs\Opera\launcher.exe [1776664 2020-12-16] (Opera Software AS -> Opera Software)
Task: {8A2D9D4B-89C8-4D98-815D-977E9C4CCC21} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
Task: {8C8A28AA-CAB2-433F-8604-52368C145EF1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-19] (Mozilla Corporation -> Mozilla Foundation)
Task: {968E058E-04AF-4392-A2A7-12F2755135D9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B5F408C-6896-4E1C-BD45-3DC64076E44C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {A10C748A-3CCF-40F2-8AF2-59D25DABC8BB} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B0092A80-6BFF-4860-A5D1-4143545A4D55} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B8A393C2-9CB2-4B51-B44B-CE8290FC2DA9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC2F9A15-C71B-4AA7-ABC8-128FF95D13E4} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2138032 2020-11-12] (Piriform Software Ltd -> Piriform Software)
Task: {DFC9D136-2695-4187-9A33-9D9E7B67D886} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2020-12-23] (Piriform Software Ltd -> Piriform Software)
Task: {E41DBA03-45B4-4023-B0E3-6F54BB13F839} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {FBC9D64B-4CED-4CB1-966C-D30BA12F031A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7eb22d12-97e0-44b4-97ad-92edad7b2398}: [DhcpNameServer] 192.168.0.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-23]
Edge Extension: (Outlook) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-19]
Edge Extension: (Word) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-19]
Edge Extension: (Excel) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-19]
Edge Extension: (PowerPoint) - C:\Users\Pavel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-19]

FireFox:
========
FF DefaultProfile: 9n2nyuzz.default
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\9n2nyuzz.default [2020-12-14]
FF ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\15meqnet.default-release [2020-12-23]
FF Session Restore: Mozilla\Firefox\Profiles\15meqnet.default-release -> is enabled.
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2020-12-23] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2020-12-23] (Piriform Software Ltd -> Piriform Software)

Opera:
=======
OPR Extension: (Rich Hints Agent) - C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-12-23]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2020-12-23] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\86.1.6938.201\elevation_service.exe [1348304 2020-11-12] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2020-12-23] (Piriform Software Ltd -> Piriform Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334176 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
R2 CmdAgentProt; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334176 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2675504 2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-06-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-12-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2973608 2020-10-21] (Comodo Security Solutions -> Comodo)
R2 LcSvrAdm; C:\ElsaWin\bin\LcSvrAdm.exe [240640 2011-12-06] (Volkswagen AG) [File not signed]
R3 LcSvrAuf; C:\ElsaWin\bin\LcSvrAuf.exe [1321472 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrDba; C:\ElsaWin\bin\LcSvrDba.exe [392704 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrHis; C:\ElsaWin\bin\LcSvrHis.exe [335360 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrPAS; C:\ElsaWin\bin\LcSvrPas.exe [477696 2011-12-06] (Volkswagen AG) [File not signed]
R2 LcSvrSaz; C:\ElsaWin\bin\LcSvrSaz.exe [373248 2011-12-06] (Volkswagen AG) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-12] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5197552 2020-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17576 2019-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [39056 2019-11-13] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [844176 2019-11-13] (Comodo Security Solutions, Inc. -> COMODO)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2020-12-22] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-12-20] (Malwarebytes Inc -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-23 23:02 - 2020-12-23 23:03 - 000020634 _____ C:\Users\Pavel\Desktop\FRST.txt
2020-12-23 23:02 - 2020-12-23 23:02 - 000000000 ____D C:\FRST
2020-12-23 22:15 - 2020-12-23 22:30 - 000000000 ____D C:\Program Files\CCleaner
2020-12-23 22:15 - 2020-12-23 22:15 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-12-23 22:15 - 2020-12-23 22:15 - 000003842 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2020-12-23 22:15 - 2020-12-23 22:15 - 000003528 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineUA
2020-12-23 22:15 - 2020-12-23 22:15 - 000003404 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineCore
2020-12-23 22:15 - 2020-12-23 22:15 - 000003258 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2020-12-23 22:15 - 2020-12-23 22:15 - 000002888 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-12-23 22:15 - 2020-12-23 22:15 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2020-12-23 22:15 - 2020-12-23 22:15 - 000002428 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2020-12-23 22:15 - 2020-12-23 22:15 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-12-23 22:15 - 2020-12-23 22:15 - 000000000 ____D C:\Users\Pavel\AppData\Local\CCleaner Browser
2020-12-23 22:15 - 2020-12-23 22:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-12-23 22:15 - 2020-12-23 22:15 - 000000000 ____D C:\ProgramData\CCleaner Browser
2020-12-23 22:15 - 2020-12-23 22:15 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2020-12-23 10:28 - 2020-12-23 10:28 - 000004210 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1608715694
2020-12-23 10:28 - 2020-12-23 10:28 - 000002405 _____ C:\Users\Pavel\Desktop\facebook.lnk
2020-12-23 10:28 - 2020-12-23 10:28 - 000001413 _____ C:\Users\Pavel\Desktop\Prohlížeč Opera.lnk
2020-12-23 10:28 - 2020-12-23 10:28 - 000001403 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2020-12-23 10:28 - 2020-12-23 10:28 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Opera Software
2020-12-23 10:28 - 2020-12-23 10:28 - 000000000 ____D C:\Users\Pavel\AppData\Local\Opera Software
2020-12-23 10:25 - 2020-12-23 10:27 - 003783800 _____ ( ) C:\Users\Pavel\Downloads\opera_3867720511.exe
2020-12-22 08:43 - 2020-12-22 08:43 - 000000000 ____D C:\Users\Vojta\AppData\Local\Comodo
2020-12-22 08:43 - 2020-12-22 08:43 - 000000000 ____D C:\Program Files (x86)\Comodo
2020-12-22 08:37 - 2020-12-22 08:37 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-21 23:47 - 2020-12-21 23:47 - 000000000 ____D C:\ProgramData\Comodo Downloader
2020-12-21 23:46 - 2020-12-23 22:59 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2020-12-21 23:46 - 2020-12-21 23:46 - 000002185 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2020-12-21 23:46 - 2020-12-21 23:46 - 000002098 _____ C:\Users\Public\Desktop\COMODO Antivirus.lnk
2020-12-21 23:46 - 2020-12-21 23:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
2020-12-21 23:46 - 2020-12-21 23:46 - 000000000 ____D C:\Users\Pavel\AppData\Local\Comodo
2020-12-21 23:46 - 2020-12-21 23:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2020-12-21 23:46 - 2020-12-21 23:46 - 000000000 ____D C:\Program Files\COMODO
2020-12-21 23:46 - 2019-10-22 19:02 - 000017576 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdboot.sys
2020-12-21 23:45 - 2020-12-21 23:45 - 000000000 ____D C:\ProgramData\Shared Space
2020-12-21 23:45 - 2020-12-21 23:45 - 000000000 ____D C:\ProgramData\Comodo
2020-12-21 23:32 - 2020-12-21 23:32 - 005712776 _____ (COMODO) C:\Users\Pavel\Desktop\cav_installer_138430010_1a.exe
2020-12-21 22:47 - 2020-12-21 22:47 - 000010931 _____ C:\Users\Pavel\Desktop\hijackthis1
2020-12-21 22:30 - 2020-12-21 22:30 - 000000000 _____ C:\WINDOWS\system32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2020-12-20 14:00 - 2020-12-20 14:00 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pavel\Downloads\HijackThis.exe
2020-12-20 14:00 - 2020-12-20 14:00 - 000388608 _____ (Trend Micro Inc.) C:\Users\Pavel\Desktop\HijackThis.exe
2020-12-20 13:55 - 2020-12-20 13:55 - 002286592 _____ (Farbar) C:\Users\Pavel\Desktop\FRST64.exe
2020-12-20 13:27 - 2020-12-20 13:27 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-20 10:24 - 2020-12-20 10:25 - 000001564 _____ C:\DelFix.txt
2020-12-19 17:48 - 2020-12-08 10:07 - 000932181 _____ C:\Users\Pavel\Desktop\Digitální přihřívač s climatronic.pdf
2020-12-19 16:39 - 2020-12-19 16:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-12-19 16:39 - 2020-12-19 16:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-18 23:50 - 2020-12-18 23:51 - 030536752 _____ (Piriform Software Ltd) C:\Users\Pavel\Downloads\ccsetup575.exe
2020-12-18 18:09 - 2020-12-18 20:43 - 1630582604 _____ C:\Users\Pavel\Downloads\SpongeBob ve filmu Houba na útěku animovane komedie 2020 cz.avi
2020-12-17 21:06 - 2020-12-17 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-12-15 22:09 - 2020-12-15 22:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-12-15 22:09 - 2020-12-15 22:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-12-15 22:09 - 2020-12-15 22:09 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-12-15 22:09 - 2020-12-15 22:09 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-12-15 13:35 - 2020-12-15 13:35 - 000000000 ____D C:\Users\Vojta\AppData\Local\CrashDumps
2020-12-14 10:36 - 2020-12-14 10:36 - 000001039 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2020-12-14 10:36 - 2020-12-14 10:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-14 10:36 - 2020-12-14 10:36 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-14 10:35 - 2020-12-14 10:35 - 007458656 _____ (VS Revo Group ) C:\Users\Pavel\Downloads\revosetup.exe
2020-12-13 16:04 - 2020-12-13 16:04 - 000000000 ____D C:\Users\Pavel\Downloads\backups
2020-12-13 14:24 - 2020-12-21 21:40 - 004779707 _____ C:\WINDOWS\ZAM.krnl.trace
2020-12-13 14:24 - 2020-12-13 14:24 - 000000000 ____D C:\Users\Pavel\AppData\Local\Zemana
2020-12-13 14:23 - 2020-12-21 21:40 - 000000000 ____D C:\Users\Pavel\AppData\Local\AMSDK
2020-12-12 23:14 - 2020-12-12 23:14 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Sun
2020-12-12 16:23 - 2020-12-12 16:23 - 000000000 ____D C:\ProgramData\Sophos
2020-12-12 13:09 - 2020-12-20 13:29 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-12-12 13:09 - 2020-12-12 13:09 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-12-11 20:01 - 2020-12-11 20:01 - 000000000 ____D C:\Users\Lukáš\AppData\Local\D3DSCache
2020-12-10 20:34 - 2020-12-10 20:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-10 20:34 - 2020-12-10 20:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-10 20:34 - 2020-12-10 20:34 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-10 20:34 - 2020-12-10 20:34 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-10 20:34 - 2020-12-10 20:34 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-10 20:34 - 2020-12-10 20:34 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-10 20:33 - 2020-12-10 20:33 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-10 20:33 - 2020-12-10 20:33 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-10 20:33 - 2020-12-10 20:33 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-10 20:33 - 2020-12-10 20:33 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-10 20:33 - 2020-12-10 20:33 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-07 17:02 - 2020-12-07 17:03 - 000000000 ____D C:\Users\Pavel\Desktop\Vojta
2020-12-07 17:01 - 2020-12-07 17:01 - 006056089 _____ C:\Users\Pavel\Downloads\iCloud Photos(1).zip
2020-12-07 13:41 - 2020-12-16 15:06 - 000000000 ____D C:\Users\Lukáš\AppData\Local\CrashDumps
2020-12-05 18:28 - 2020-12-05 18:28 - 002719648 _____ C:\Users\Pavel\Downloads\iCloud Photos.zip
2020-12-05 18:25 - 2020-12-06 17:00 - 000000000 ____D C:\Users\Lukáš\AppData\LocalLow\Mozilla
2020-12-05 18:25 - 2020-12-05 18:25 - 000000000 ____D C:\Users\Lukáš\AppData\Roaming\Mozilla
2020-12-05 18:25 - 2020-12-05 18:25 - 000000000 ____D C:\Users\Lukáš\AppData\Local\Mozilla
2020-12-02 17:42 - 2020-12-02 17:42 - 000050688 _____ (Atribune.org) C:\Users\Pavel\Downloads\atf-cleaner.exe
2020-12-02 17:41 - 2020-12-06 17:26 - 000000000 ____D C:\Users\Vojta\AppData\LocalLow\Mozilla
2020-12-02 17:41 - 2020-12-02 17:41 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\Mozilla
2020-12-02 17:41 - 2020-12-02 17:41 - 000000000 ____D C:\Users\Vojta\AppData\Local\Mozilla
2020-12-02 14:01 - 2020-12-02 14:01 - 000000000 ____D C:\Users\Vojta\AppData\Local\CEF
2020-11-30 12:44 - 2020-11-30 12:44 - 000481422 _____ C:\Users\Pavel\Downloads\informace-k-prijimacimu-rizeni-v-roce-2020-2021-2011152339.pdf
2020-11-30 09:51 - 2020-11-30 09:51 - 000000000 ____D C:\Users\Pavel\AppData\Local\OneDrive
2020-11-29 20:40 - 2020-11-29 20:40 - 001317080 _____ (Google LLC) C:\Users\Pavel\Downloads\ChromeSetup.exe
2020-11-29 19:50 - 2020-11-29 19:50 - 000000000 ____D C:\Users\Lukáš\AppData\Local\CEF
2020-11-29 16:18 - 2020-11-29 16:18 - 006542392 _____ (EnigmaSoft Limited) C:\Users\Pavel\Downloads\SpyHunter-Installer.exe
2020-11-29 15:49 - 2020-12-12 13:10 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-29 15:49 - 2020-12-12 13:10 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-29 15:49 - 2020-12-12 13:09 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-11-29 15:49 - 2020-11-29 15:49 - 000000000 ____D C:\Users\Pavel\AppData\Local\mbam
2020-11-29 15:48 - 2020-11-29 15:48 - 002076624 _____ (Malwarebytes) C:\Users\Pavel\Downloads\MBSetup.exe
2020-11-29 15:48 - 2020-11-29 15:48 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-11-29 15:48 - 2020-11-29 15:48 - 000000000 ____D C:\Program Files\Malwarebytes
2020-11-29 15:26 - 2020-12-23 23:02 - 000000000 ____D C:\Users\Pavel\AppData\LocalLow\Mozilla
2020-11-29 15:26 - 2020-12-23 23:01 - 000000000 ____D C:\ProgramData\Mozilla
2020-11-29 15:26 - 2020-12-20 10:21 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\Mozilla
2020-11-29 15:26 - 2020-12-19 21:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-11-29 15:26 - 2020-12-19 16:39 - 000000907 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-11-29 15:26 - 2020-11-29 15:26 - 000000895 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-11-29 15:26 - 2020-11-29 15:26 - 000000000 ____D C:\Users\Pavel\AppData\Local\Mozilla
2020-11-29 14:52 - 2020-11-29 14:52 - 000000000 ____D C:\Users\Pavel\AppData\Local\CEF
2020-11-24 23:22 - 2020-11-24 23:22 - 000191489 _____ C:\Users\Pavel\Desktop\Informace o správci příloh v systému Microsoft Windows.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-23 23:01 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-23 22:28 - 2019-06-05 18:47 - 000000000 ____D C:\Users\Pavel\AppData\Local\Google
2020-12-23 22:28 - 2019-06-05 18:47 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-23 22:17 - 2019-07-14 07:19 - 000000000 ____D C:\Users\Pavel\AppData\Local\CrashDumps
2020-12-23 22:05 - 2020-07-26 17:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-23 19:51 - 2019-06-05 18:47 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-23 18:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-23 18:15 - 2019-07-04 16:40 - 000000000 ___RD C:\Users\Pavel\Dropbox
2020-12-23 08:34 - 2019-06-05 18:46 - 000000000 ___RD C:\Users\Pavel\OneDrive
2020-12-22 19:47 - 2019-12-16 13:24 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\.tlauncher
2020-12-22 19:47 - 2019-12-16 13:23 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\.minecraft
2020-12-22 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-22 08:44 - 2020-07-26 17:09 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-22 08:44 - 2019-12-07 15:43 - 000682184 _____ C:\WINDOWS\system32\perfh005.dat
2020-12-22 08:44 - 2019-12-07 15:43 - 000137000 _____ C:\WINDOWS\system32\perfc005.dat
2020-12-22 08:44 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2020-12-22 08:37 - 2020-07-26 17:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-22 08:37 - 2020-07-26 17:03 - 000008192 ___SH C:\DumpStack.log.tmp
2020-12-22 08:37 - 2020-03-26 20:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-21 23:57 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-12-21 23:46 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-12-21 22:34 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-19 21:50 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps.tmp
2020-12-19 17:49 - 2019-06-28 08:55 - 000000000 ____D C:\Users\Pavel\Desktop\Nová složka
2020-12-19 13:19 - 2020-06-05 15:58 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-19 13:19 - 2020-06-05 15:58 - 000002257 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-12-18 23:53 - 2020-07-24 18:36 - 000000000 ___DC C:\WINDOWS\Panther
2020-12-18 23:53 - 2020-03-26 20:13 - 000000000 ____D C:\Users\Pavel\AppData\Roaming\TeamViewer
2020-12-17 21:06 - 2019-06-27 21:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-12-16 16:51 - 2020-04-17 18:50 - 000002479 _____ C:\Users\Pavel\Desktop\Microsoft Teams.lnk
2020-12-16 16:51 - 2019-12-16 13:23 - 000002084 _____ C:\Users\Pavel\Desktop\TLauncher.lnk
2020-12-16 13:48 - 2019-07-05 19:30 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-15 13:35 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1003
2020-12-15 13:35 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-15 13:35 - 2019-07-03 16:29 - 000000000 ___RD C:\Users\Vojta\OneDrive
2020-12-14 20:54 - 2019-07-05 22:24 - 000000000 ____D C:\KMPlayer
2020-12-14 19:20 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1002
2020-12-14 19:20 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-14 19:20 - 2019-06-27 21:16 - 000000000 ___RD C:\Users\Lukáš\OneDrive
2020-12-13 15:40 - 2019-06-05 18:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-12 23:15 - 2020-07-26 17:11 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1980947671-2380292906-1612769214-1001
2020-12-12 23:15 - 2020-07-26 17:04 - 000002365 _____ C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-12-12 23:15 - 2019-12-16 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-12-12 23:15 - 2019-12-16 13:24 - 000000000 ____D C:\Program Files\Java
2020-12-12 23:13 - 2019-12-16 13:24 - 000192168 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2020-12-12 10:00 - 2020-10-29 19:19 - 000001425 _____ C:\Users\Lukáš\Desktop\Roblox Player.lnk
2020-12-12 10:00 - 2020-10-29 19:18 - 000001248 _____ C:\Users\Lukáš\Desktop\Roblox Studio.lnk
2020-12-12 10:00 - 2020-10-29 19:18 - 000000000 ____D C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-12-11 23:40 - 2020-07-26 17:11 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-12-11 23:40 - 2020-07-26 17:11 - 000003452 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2020-12-11 23:40 - 2020-07-26 17:11 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-12-11 23:40 - 2020-07-26 17:11 - 000003228 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2020-12-11 22:40 - 2019-06-05 18:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\VirtualStore
2020-12-11 19:32 - 2020-10-29 18:31 - 000001425 _____ C:\Users\Vojta\Desktop\Roblox Player.lnk
2020-12-11 19:32 - 2020-10-29 18:31 - 000001248 _____ C:\Users\Vojta\Desktop\Roblox Studio.lnk
2020-12-11 19:32 - 2020-10-29 18:31 - 000000000 ____D C:\Users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-12-10 23:04 - 2020-07-26 17:03 - 000437992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-10 23:03 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-10 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-08 13:37 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Lukáš
2020-12-07 22:19 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Vojta
2020-12-07 22:19 - 2020-07-26 17:04 - 000000000 ____D C:\Users\Pavel
2020-12-06 13:18 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-05 19:03 - 2019-06-05 18:42 - 000000000 ____D C:\Users\Pavel\AppData\Local\Packages
2020-12-03 22:06 - 2019-06-05 18:45 - 000000000 ____D C:\Users\Pavel\AppData\Local\PlaceholderTileLogoFolder
2020-11-30 16:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2020-11-28 20:40 - 2019-07-05 19:24 - 000000000 ____D C:\Users\Pavel\AppData\Local\D3DSCache

==================== Files in the root of some directories ========

2020-03-24 13:49 - 2020-03-24 13:49 - 000000017 _____ () C:\Users\Pavel\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[Paull]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Pavel (23-12-2020 23:05:34)
Running from C:\Users\Pavel\Desktop
Windows 10 Pro Version 2004 19041.685 (X64) (2020-07-26 16:11:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1980947671-2380292906-1612769214-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1980947671-2380292906-1612769214-503 - Limited - Disabled)
Guest (S-1-5-21-1980947671-2380292906-1612769214-501 - Limited - Disabled)
Lukáš (S-1-5-21-1980947671-2380292906-1612769214-1002 - Limited - Enabled) => C:\Users\Lukáš
Pavel (S-1-5-21-1980947671-2380292906-1612769214-1001 - Administrator - Enabled) => C:\Users\Pavel
Vojta (S-1-5-21-1980947671-2380292906-1612769214-1003 - Limited - Enabled) => C:\Users\Vojta
WDAGUtilityAccount (S-1-5-21-1980947671-2380292906-1612769214-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 86.1.6938.201 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
COMODO Antivirus (HKLM\...\{0B6EEF71-4118-4836-9448-BB7546AB5EBC}) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.) Hidden
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 85.0.4183.121 - Comodo)
Dropbox (HKLM-x32\...\Dropbox) (Version: 112.4.321 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.377.1 - Dropbox, Inc.) Hidden
ElsaWin (HKLM-x32\...\ElsaWin) (Version: 4.00 - )
Excel (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.28 - PandoraTV)
LEGO® Piráti z Karibiku Počítačová hra UKÁZKA (HKLM-x32\...\{A85568D7-A01E-4E05-AFEE-4A1852D70281}) (Version: 1.0.0.0 - Disney Interactive Studios)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1980947671-2380292906-1612769214-1002\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1980947671-2380292906-1612769214-1003\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 84.0 (x64 cs) (HKLM\...\Mozilla Firefox 84.0 (x64 cs)) (Version: 84.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Opera Stable 73.0.3856.284 (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\Opera 73.0.3856.284) (Version: 73.0.3856.284 - Opera Software)
Outlook (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Ovládací panel NVIDIA 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 432.00 - NVIDIA Corporation) Hidden
PowerPoint (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
Roblox Player for Lukáš (HKU\S-1-5-21-1980947671-2380292906-1612769214-1002\...\roblox-player) (Version: - Roblox Corporation)
Roblox Player for Vojta (HKU\S-1-5-21-1980947671-2380292906-1612769214-1003\...\roblox-player) (Version: - Roblox Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Trust WB-1400T Webcam (HKLM-x32\...\{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera) Hidden
Trust WB-1400T Webcam (HKLM-x32\...\InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.170 - McAfee, LLC)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Word (HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2020-12-18] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.49.2.0_x86__kgqvnymyfvs32 [2020-12-14] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-30] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-11-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-11-30] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0 [2020-12-12] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Pavel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1980947671-2380292906-1612769214-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Pavel\Dropbox [2019-07-04 16:40]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2020-09-25] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Pavel\Desktop\facebook.lnk -> C:\Users\Pavel\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2020-04-18 20:42 - 2020-04-18 20:42 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-18 20:42 - 2020-04-18 20:42 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2011-12-06 16:03 - 2011-12-06 16:03 - 000364032 _____ (Volkswagen AG) [File not signed] C:\ElsaWin\bin\vfc10u.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll [2011-12-06] (TODO: <Company name>) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1980947671-2380292906-1612769214-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1980947671-2380292906-1612769214-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1980947671-2380292906-1612769214-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "IseUI"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{76D93167-65EB-4B6A-BDF8-1045D1624BA0}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [UDP Query User{6DCD83D7-25E4-4599-AE74-50E622D4DB55}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_271\bin\javaw.exe
FirewallRules: [{2A4EA98D-98D0-4728-A6B7-AD8E4A89A67E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EA12EE71-1A13-46B7-91F2-330AE5A87662}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{38D026B3-2A50-4014-9B44-EAB68F50B122}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F316FE0D-71B6-4D9B-ABBA-C91645483441}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6BF146F1-E0B5-4C91-B4D0-FA0714EC7894}] => (Allow) C:\Users\Pavel\AppData\Local\Programs\Opera\67.0.3575.53\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{8DB4D001-EA43-4E34-BCDF-BB5A90055032}] => (Allow) C:\Users\Pavel\AppData\Local\Programs\Opera\73.0.3856.284\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{1966877D-C9F0-4E77-A892-A96FDDA60A60}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)

==================== Restore Points =========================

23-12-2020 18:29:45 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/23/2020 10:15:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ccleaner-browser-update.exe, verze: 6.8.1.3192, časové razítko: 0x5df6d4ed
Název chybujícího modulu: jsis.dll_unloaded, verze: 1.0.1.41, časové razítko: 0x5f467e2b
Kód výjimky: 0xc0000005
Posun chyby: 0x00004535
ID chybujícího procesu: 0x3eac
Čas spuštění chybující aplikace: 0x01d6d970b8a459d7
Cesta k chybující aplikaci: C:\Users\Pavel\AppData\Local\Temp\nsz5995.tmp\ccleaner-browser-update.exe
Cesta k chybujícímu modulu: jsis.dll
ID zprávy: bc483f56-99b1-439b-812c-d24a14d76408
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/21/2020 11:46:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (12/21/2020 10:30:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet


System errors:
=============
Error: (12/23/2020 10:30:11 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-54V8III)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (12/23/2020 10:17:33 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-54V8III)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (12/23/2020 01:21:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server Windows.Internal.Shell.ConsentUx.Details.ConsentUxService se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/23/2020 01:19:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server Windows.Internal.Shell.ConsentUx.Details.ConsentUxService se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/23/2020 01:17:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server Windows.Internal.Shell.ConsentUx.Details.ConsentUxService se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/23/2020 10:09:30 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/23/2020 12:01:02 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-54V8III)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/22/2020 04:48:00 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.


Windows Defender:
===================================
Date: 2020-12-17 14:30:36.5000000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5BEB22FA-C26E-4987-B404-68B83323640E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-16 22:36:10.5960000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D5C7644D-877B-4FAE-A09E-D8195858A8C7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-16 22:31:00.7770000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CE07A02F-88A6-4E8D-87FC-F4A0154B2643}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-16 22:18:31.9990000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D5106311-0DE8-40BC-AD4D-67C4F35A99B9}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-12-13 17:48:58.1500000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Vigorf.A
ID: 2147714384
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Pavel\Downloads\EW400.rar
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-54V8III\Pavel
Název procesu: C:\Users\Pavel\Desktop\FRST64.exe
Verze bezpečnostních informací: AV: 1.329.332.0, AS: 1.329.332.0, NIS: 1.329.332.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2020-12-17 18:50:06.6420000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-12-17 18:50:06.6410000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-12-17 18:50:06.6410000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-12-17 18:50:06.6340000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-12-17 18:50:06.6330000Z
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.329.332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17700.4
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-12-23 23:01:34.4890000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 23:00:25.2140000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:50:40.1600000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:44:02.3640000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:30:19.9380000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:28:50.5190000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:28:50.5050000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:28:08.9520000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. P2.40 08/29/2014
Motherboard: ASRock B85M
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 57%
Total physical RAM: 8111.44 MB
Available physical RAM: 3421.35 MB
Total Virtual: 18351.44 MB
Available Virtual: 10352.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:446.56 GB) (Free:231.92 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1863.01 GB) (Free:1238.08 GB) NTFS

\\?\Volume{7d762e9c-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.13 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 7D762E9C)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: DA29E555)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

[Paull]

MiniToolBox by Farbar Version: 17-06-2016
Ran by Pavel (administrator) on 23-12-2020 at 23:25:07
Running from "C:\Users\Pavel\Desktop"
Microsoft Windows 10 Pro (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
========================= IP Configuration: ================================

Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Ethernet (ladicˇ program j dra)" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-54V8III
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Physical Address. . . . . . . . . : D0-50-99-4A-9C-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e500:927a:b77c:fbb%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : stýeda 23. prosince 2020 8:33:57
Lease Expires . . . . . . . . . . : źtvrtek 24. prosince 2020 0:33:54
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 97538201
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-24-89-B7-04-D0-50-99-4A-9C-DB
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4014:80d::200e
172.217.23.238


Pinging google.com [172.217.23.238] with 32 bytes of data:
Reply from 172.217.23.238: bytes=32 time=11ms TTL=117
Reply from 172.217.23.238: bytes=32 time=10ms TTL=117

Ping statistics for 172.217.23.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 11ms, Average = 10ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 2001:4998:44:3507::8000
2001:4998:124:1507::f001
2001:4998:44:3507::8001
2001:4998:124:1507::f000
2001:4998:24:120d::1:1
2001:4998:24:120d::1:0
74.6.143.25
74.6.143.26
98.137.11.164
74.6.231.21
74.6.231.20
98.137.11.163


Pinging yahoo.com [74.6.143.25] with 32 bytes of data:
Reply from 74.6.143.25: bytes=32 time=127ms TTL=46
Reply from 74.6.143.25: bytes=32 time=128ms TTL=46

Ping statistics for 74.6.143.25:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 128ms, Average = 127ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...d0 50 99 4a 9c db ......Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.108 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.0.0 255.255.255.0 On-link 192.168.0.108 281
192.168.0.108 255.255.255.255 On-link 192.168.0.108 281
192.168.0.255 255.255.255.255 On-link 192.168.0.108 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.0.108 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.0.108 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
9 281 fe80::/64 On-link
9 281 fe80::e500:927a:b77c:fbb/128
On-link
1 331 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\NLAapi.dll [71168] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\winrnr.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [89088] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [89088] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\NLAapi.dll [97280] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [49152] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/23/2020 10:15:46 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: ccleaner-browser-update.exe, verze: 6.8.1.3192, časové razítko: 0x5df6d4ed
Název chybujícího modulu: jsis.dll_unloaded, verze: 1.0.1.41, časové razítko: 0x5f467e2b
Kód výjimky: 0xc0000005
Posun chyby: 0x00004535
ID chybujícího procesu: 0x3eac
Čas spuštění chybující aplikace: 0xccleaner-browser-update.exe0
Cesta k chybující aplikaci: ccleaner-browser-update.exe1
Cesta k chybujícímu modulu: ccleaner-browser-update.exe2
ID zprávy: ccleaner-browser-update.exe3
Úplný název chybujícího balíčku: ccleaner-browser-update.exe4
ID aplikace související s chybujícím balíčkem: ccleaner-browser-update.exe5

Error: (12/21/2020 11:46:54 PM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (12/21/2020 10:30:36 PM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet


System errors:
=============
Error: (12/23/2020 10:30:11 PM) (Source: DCOM) (User: DESKTOP-54V8III)
Description: C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2147942767{0358B920-0AC7-461F-98F4-58E32CD89148}

Error: (12/23/2020 10:17:33 PM) (Source: DCOM) (User: DESKTOP-54V8III)
Description: C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}2147942767{0358B920-0AC7-461F-98F4-58E32CD89148}

Error: (12/23/2020 01:21:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Windows.Internal.Shell.ConsentUx.Details.ConsentUxService

Error: (12/23/2020 01:19:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Windows.Internal.Shell.ConsentUx.Details.ConsentUxService

Error: (12/23/2020 01:17:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Windows.Internal.Shell.ConsentUx.Details.ConsentUxService

Error: (12/23/2020 10:09:30 AM) (Source: DCOM) (User: DESKTOP-54V8III)
Description: {FD06603A-2BDF-4BB1-B7DF-5DC68F353601}

Error: (12/23/2020 12:01:02 AM) (Source: DCOM) (User: DESKTOP-54V8III)
Description: {FD06603A-2BDF-4BB1-B7DF-5DC68F353601}

Error: (12/22/2020 04:48:00 PM) (Source: volsnap) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (12/21/2020 11:57:29 PM) (Source: DCOM) (User: DESKTOP-54V8III)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/21/2020 11:44:00 PM) (Source: Service Control Manager) (User: )
Description: Služba COMODO Internet Security Helper Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Microsoft Office Sessions:
=========================
Error: (12/23/2020 10:15:46 PM) (Source: Application Error)(User: )
Description: ccleaner-browser-update.exe6.8.1.31925df6d4edjsis.dll_unloaded1.0.1.415f467e2bc0000005000045353eac01d6d970b8a459d7C:\Users\Pavel\AppData\Local\Temp\nsz5995.tmp\ccleaner-browser-update.exejsis.dllbc483f56-99b1-439b-812c-d24a14d76408

Error: (12/21/2020 11:46:54 PM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x80070006, Neplatný popisovač.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (12/21/2020 10:30:36 PM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x80070006, Neplatný popisovač.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet


CodeIntegrity Errors:
===================================
Date: 2020-12-23 23:22:47.6450000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 23:15:56.3630000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 23:01:34.4890000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 23:00:25.2140000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:50:40.1600000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:44:02.3640000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:30:19.9380000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:28:50.5190000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:28:50.5050000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-23 22:28:08.9520000Z
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 86.1.6938.201 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
COMODO Antivirus (HKLM\...\{0B6EEF71-4118-4836-9448-BB7546AB5EBC}) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.) Hidden
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 12.2.2.7062 - COMODO Security Solutions Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 85.0.4183.121 - Comodo)
Dropbox (HKLM-x32\...\Dropbox) (Version: 112.4.321 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.377.1 - Dropbox, Inc.) Hidden
ElsaWin (HKLM-x32\...\ElsaWin) (Version: 4.00 - )
Excel (HKCU\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.28 - PandoraTV)
LEGO® Piráti z Karibiku Počítačová hra UKÁZKA (HKLM-x32\...\{A85568D7-A01E-4E05-AFEE-4A1852D70281}) (Version: 1.0.0.0 - Disney Interactive Studios)
LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.2.0 - LG Electronics)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Teams (HKCU\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 84.0 (x64 cs) (HKLM\...\Mozilla Firefox 84.0 (x64 cs)) (Version: 84.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Opera Stable 73.0.3856.284 (HKCU\...\Opera 73.0.3856.284) (Version: 73.0.3856.284 - Opera Software)
Outlook (HKCU\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Ovládací panel NVIDIA 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 432.00 - NVIDIA Corporation) Hidden
PowerPoint (HKCU\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Trust WB-1400T Webcam (HKLM-x32\...\{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera) Hidden
Trust WB-1400T Webcam (HKLM-x32\...\InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}) (Version: 1.0.4.7 - PC Camera)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.170 - McAfee, LLC)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Word (HKCU\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 8111.44 MB
Available physical RAM: 3538.45 MB
Total Virtual: 18351.44 MB
Available Virtual: 10270.61 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:446.56 GB) (Free:231.76 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:1863.01 GB) (Free:1238.08 GB) NTFS

========================= Users: ========================================

U§ivatelsk‚ Łźty pro \\DESKTOP-54V8III

Administrator DefaultAccount Guest
Luk ç Pavel Vojta
WDAGUtilityAccount
Pýˇkaz byl ŁspŘçnŘ dokonźen.


**** End of log ****

[jaro3]

Vyzkoušej:
Ukončit Chrome > smazat svůj profil > spustit Chrome.
Smažeš složku která se jmenuje "User Data" a kterou máš umístěnu zde : C:\Users\-tvoje jméno-\AppData\Local\Google\Chrome\

nebo hledej zde:
https://www.google.com/search?client=op ... 8&oe=UTF-8

dneska toho času mít moc nebudu..omlouvám se.

[Paull]

Ahoj,
tak nakonec pomohl ten videopostup na Yotube, kde jsem přes regedit vlezl do "Počítač\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments" a přenastavil tam z hodnoty 3 na hodnotu 1.
Kdyby někdo četl tuto komunikaci, pak vkládám odkaz na to video

https://www.youtube.com/watch?v=vzv6fuL7tNY&t=56s


Zajímavé ale je, pokud se nepletu (a za to bych ruku do ohně nedal, páč jsem zkoušel kde co), tak tento postup jsem již dříve také zkoušel a tehdy nepomohl. Mno, hlavně že už to frčí )
Krásné svátky!

[jaro3]

Krásné svátky!

Skvělý! Už jsem myslel že Tě budu muset navést na nějaké forum Chrome.

Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[Paull]

DELFIX

# DelFix v1.013 - Logfile created 24/12/2020 at 22:25:47
# Updated 17/04/2016 by Xplode
# Username : Pavel - DESKTOP-54V8III
# Operating System : Windows 10 Enterprise (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Pavel\Desktop\Addition.txt
Deleted : C:\Users\Pavel\Desktop\FRST.txt
Deleted : C:\Users\Pavel\Desktop\FRST64.exe
Deleted : C:\Users\Pavel\Desktop\HijackThis.exe
Deleted : C:\Users\Pavel\Desktop\hijackthis.log
Deleted : C:\Users\Pavel\Desktop\hijackthis1
Deleted : C:\Users\Pavel\Desktop\MiniToolBox.exe
Deleted : C:\Users\Pavel\Downloads\HijackThis.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #51 [Naplánovaný kontrolní bod | 12/23/2020 17:29:45]

New restore point created !

########## - EOF - ##########