Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

chrome hlásí nákazu trojským koněm a vypršení předplatného norton

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Taby
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 30 zář 2007 10:48

chrome hlásí nákazu trojským koněm a vypršení předplatného norton

#1 Příspěvek od Taby »

Po spuštění počítače a následně chromu hlásí oznámení windows, že v chrome našel počítači našel virus, konkrétně trojský kůň, a že uniky platební informace. Pak, že končí předplatn Norton. Na tom počítači nikdo snad nikdy nijak neplatil. Dokonce tam není ani na chromu nikdo přihlášen, a Norton také ne. Poslední info je pak čas a web lovesushi29.ru. Stáhl a spustil jsem malwarebytes, našel 7 souborů a dal je do karantény. Pak už nešlo jít ani na viry.cz se spuštěnou ochranou webu kvůli hlášeí o trojském koni. Zde dávám logy z frst a mb:

Děkuji převelice

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-01-2021
Ran by jirih (administrator) on JIRKA-BRUTUS (19-01-2021 09:31:21)
Running from C:\Users\jirih\Desktop
Loaded Profiles: jirih
Platform: Windows 10 Pro Version 2004 19041.746 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.6.32.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.6.32.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHeciSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Epson Software\Epson Edge Dashboard\bin\node.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SafeNet, Inc. -> SafeNet, Inc.) C:\Windows\System32\hasplms.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\DeviceFramework\bin\ServerService\ServerService.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\DeviceFramework\DFAgency.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\DeviceFramework\Model\SC-S80600_Series\DFAgentSC-S80600_Series.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Edge Dashboard\bin\EEDNotify\EEDNotify.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Epson Edge Dashboard\bin\ServerService\ServerService.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON\LFP Accounting Tool\LFPAccountingTool.exe
(SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-25] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Epson LFP Accounting Tool] => C:\Program Files (x86)\EPSON\LFP Accounting Tool\LFPAccountingTool.exe [3032160 2020-11-13] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2719575083-1539358898-2089985085-1002\...\MountPoints2: {1059ca22-11cf-11eb-920c-6045cb9ecb6e} - "F:\startme.exe"
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55872 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON SC-S80600 Series 64MonitorBE: C:\WINDOWS\system32\E_NLM1EE.DLL [123392 2017-06-16] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\WinConnect Monitor: C:\WINDOWS\SysWOW64\OnxMonX64.dll [32256 2017-06-15] (Onyx Graphics) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Epson Edge Dashboard.lnk [2021-01-06]
ShortcutTarget: Epson Edge Dashboard.lnk -> C:\Program Files (x86)\Epson Software\Epson Edge Dashboard\bin\EEDNotify\EEDNotify.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009BB9E3-DB17-4F26-95C6-7189F124256B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23061896 2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {1D4C7F71-B10D-43C4-B87A-A2BBD9DA2B2B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2021-01-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {33857293-DF13-490B-9899-B6158FAED7B4} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1551520 2015-05-14] (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {36CA1B65-7EF2-42C3-8F40-0AC69812EDAC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23061896 2021-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E391E3A-26A0-4CBA-849A-D18F2A4AD1B1} - System32\Tasks\EPSON SC-S80600 Series Comm Driver Update {D297DAA5-C3D5-4480-B8CC-3096E0CB98BE} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_NTS01EE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {43F8B5DE-1182-49FE-BE6A-FB48079F164F} - System32\Tasks\Apple Diagnostics => C:\Users\jirih\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2021-01-06] ()
Task: {7025E6AB-7539-48E7-BD37-19471CA721A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-09-18] (Google Inc -> Google Inc.)
Task: {80E59868-76F3-4ECB-9983-7CD892B1F98E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {87420087-F98F-4E2A-A9CC-8A5D0760094E} - System32\Tasks\EPSON SC-S80600 Series Comm Driver Update {8BD27141-666F-468F-A68D-87485012681B} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_NTS01EE.EXE [690536 2013-11-22] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {A1A7E01B-00D6-48E5-B4FE-598B496E4A91} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2021-01-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C7B7A81C-EC65-4BF6-80A0-8F2690AF1099} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E2BEAB5D-2FE0-45C9-9BA8-DDA264DC6B95} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1547160 2021-01-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3A6CEC1-E3A2-43CA-A31E-C1A216CA2613} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-09-18] (Google Inc -> Google Inc.)
Task: {F52311A9-07F9-49FD-9903-97FDE7308E89} - System32\Tasks\Agent Activation Runtime\S-1-5-21-2719575083-1539358898-2089985085-1002 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-09] (Microsoft Windows -> )
Task: {F935ABAE-029E-4C17-9C4C-1D7A9F11C82F} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jiri.holik@dy.cz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON SC-S80600 Series Comm Driver Update {8BD27141-666F-468F-A68D-87485012681B}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_NTS01EE.EXE:/EXE:{8BD27141-666F-468F-A68D-87485012681B} /F:UpdateWORKGROUP\JIRKA-BRUTUS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON SC-S80600 Series Comm Driver Update {D297DAA5-C3D5-4480-B8CC-3096E0CB98BE}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_NTS01EE.EXE:/EXE:{D297DAA5-C3D5-4480-B8CC-3096E0CB98BE} /F:UpdateWORKGROUP\JIRKA-BRUTUS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [193824 2010-10-07] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{4c928171-acd8-4caf-839c-5f433e536c70}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{d4a31222-5b44-4c42-897f-8533dcb9f636}: [DhcpNameServer] 172.20.10.1

Edge:
=======
DownloadDir: C:\Users\jirih\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\jirih\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-19]
Edge DownloadDir: C:\Users\jirih\Downloads
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: bz3ifoe1.default
FF ProfilePath: C:\Users\jirih\AppData\Roaming\Mozilla\Firefox\Profiles\bz3ifoe1.default [2021-01-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-11-25] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-03-23]
CHR Profile: C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-01-19]
CHR Notifications: Profile 2 -> hxxps://lovesushi29.ru
CHR Extension: (Prezentace) - C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-03]
CHR Extension: (Dokumenty) - C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-03]
CHR Extension: (Disk Google) - C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-03]
CHR Extension: (Tabulky) - C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-13]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-01-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-03]
CHR Extension: (Gmail) - C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-03]
CHR Extension: (Chrome Media Router) - C:\Users\jirih\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]
CHR Profile: C:\Users\jirih\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-03]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960904 2021-01-03] (Microsoft Corporation -> Microsoft Corporation)
R2 DFAgencyService; C:\Program Files (x86)\Epson Software\DeviceFramework\bin\ServerService\ServerService.exe [16984 2020-08-25] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBSVC.exe [94208 2008-11-05] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonEdgeDashboard; C:\Program Files (x86)\Epson Software\Epson Edge Dashboard\bin\ServerService\ServerService.exe [16984 2020-08-25] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4574520 2017-02-14] (SafeNet, Inc. -> SafeNet, Inc.)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-19] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshasp; C:\WINDOWS\system32\DRIVERS\akshasp.sys [87864 2017-02-14] (SafeNet, Inc. -> SafeNet, Inc.)
S3 akshhl; C:\WINDOWS\system32\DRIVERS\akshhl.sys [86328 2017-02-14] (SafeNet, Inc. -> SafeNet, Inc.)
S3 aksusb; C:\WINDOWS\system32\DRIVERS\aksusb.sys [332088 2017-02-14] (SafeNet, Inc. -> SafeNet, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-19] (Malwarebytes Corporation -> Malwarebytes)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [1287496 2017-02-14] (SafeNet, Inc. -> SafeNet, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-19] (Malwarebytes Inc -> Malwarebytes)
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-19 09:31 - 2021-01-19 09:31 - 000024569 ____C C:\Users\jirih\Desktop\FRST.txt
2021-01-19 09:31 - 2021-01-19 09:31 - 000000000 ____D C:\FRST
2021-01-19 09:28 - 2021-01-19 09:28 - 002295296 _____ (Farbar) C:\Users\jirih\Desktop\FRST64.exe
2021-01-19 09:24 - 2021-01-19 09:24 - 000002764 ____C C:\Users\jirih\Desktop\mb.txt
2021-01-19 09:21 - 2021-01-19 09:22 - 000000000 ___DC C:\Users\jirih\AppData\LocalLow\IGDump
2021-01-19 09:21 - 2021-01-19 09:21 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-19 09:21 - 2021-01-19 09:21 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-19 09:20 - 2021-01-19 09:20 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-19 09:20 - 2021-01-19 09:20 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-19 09:20 - 2021-01-19 09:20 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-19 09:20 - 2021-01-19 09:20 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-19 09:20 - 2021-01-19 09:20 - 000000000 ____D C:\Users\jirih\AppData\Local\mbam
2021-01-19 09:20 - 2021-01-19 09:19 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-19 09:20 - 2021-01-19 09:19 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-19 09:19 - 2021-01-19 09:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-19 09:19 - 2021-01-19 09:19 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-19 09:18 - 2021-01-19 09:18 - 002086424 _____ (Malwarebytes) C:\Users\jirih\Downloads\MBSetup.exe
2021-01-19 09:18 - 2021-01-19 09:18 - 002086424 _____ (Malwarebytes) C:\Users\jirih\Downloads\MBSetup (1).exe
2021-01-18 08:01 - 2021-01-18 08:01 - 000001941 ____C C:\Users\jirih\Desktop\loga 2014 (Taby2021).lnk
2021-01-18 08:01 - 2021-01-18 08:01 - 000001917 ____C C:\Users\jirih\Desktop\Print (TABY2021).lnk
2021-01-14 10:43 - 2021-01-14 10:43 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-14 10:42 - 2021-01-14 10:42 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-14 10:42 - 2021-01-14 10:42 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-14 10:42 - 2021-01-14 10:42 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-14 10:42 - 2021-01-14 10:42 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-14 10:42 - 2021-01-14 10:42 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-14 10:42 - 2021-01-14 10:42 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-14 10:42 - 2021-01-14 10:42 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-14 10:42 - 2021-01-14 10:42 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-14 10:42 - 2021-01-14 10:42 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-14 10:42 - 2021-01-14 10:42 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-14 10:42 - 2021-01-14 10:42 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-14 10:42 - 2021-01-14 10:42 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-14 10:42 - 2021-01-14 10:42 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-14 10:42 - 2021-01-14 10:42 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-14 10:42 - 2021-01-14 10:42 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-14 10:42 - 2021-01-14 10:42 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-14 10:42 - 2021-01-14 10:42 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-14 10:42 - 2021-01-14 10:42 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-14 10:42 - 2021-01-14 10:42 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-14 10:42 - 2021-01-14 10:42 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-14 10:42 - 2021-01-14 10:42 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-14 10:42 - 2021-01-14 10:42 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-14 10:42 - 2021-01-14 10:42 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-14 10:41 - 2021-01-14 10:41 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-14 10:41 - 2021-01-14 10:41 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-14 10:41 - 2021-01-14 10:41 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-14 10:41 - 2021-01-14 10:41 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-14 10:41 - 2021-01-14 10:41 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-14 10:41 - 2021-01-14 10:41 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-14 10:41 - 2021-01-14 10:41 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-14 10:41 - 2021-01-14 10:41 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-08 14:34 - 2021-01-08 14:34 - 000000057 _____ C:\WINDOWS\SureColorS80600.INI
2021-01-08 14:34 - 2017-06-15 05:29 - 000032256 _____ (Onyx Graphics) C:\WINDOWS\SysWOW64\OnxMonX64.dll
2021-01-08 11:35 - 2021-01-15 00:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-08 11:35 - 2021-01-08 11:35 - 000001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-01-08 11:35 - 2021-01-08 11:35 - 000001104 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2021-01-08 11:34 - 2021-01-08 11:34 - 029285264 _____ (TeamViewer Germany GmbH) C:\Users\jirih\Downloads\TeamViewer_Setup.exe
2021-01-08 11:32 - 2021-01-08 11:36 - 000000947 _____ C:\WINDOWS\Tasks\EPSON SC-S80600 Series Comm Driver Update {D297DAA5-C3D5-4480-B8CC-3096E0CB98BE}.job
2021-01-08 11:32 - 2021-01-08 11:32 - 000004174 _____ C:\WINDOWS\system32\Tasks\EPSON SC-S80600 Series Comm Driver Update {D297DAA5-C3D5-4480-B8CC-3096E0CB98BE}
2021-01-08 09:16 - 2021-01-08 09:16 - 001284069 ____C C:\Users\jirih\Desktop\Úschova - 2541335.pdf
2021-01-07 15:40 - 2021-01-08 09:22 - 000000947 _____ C:\WINDOWS\Tasks\EPSON SC-S80600 Series Comm Driver Update {8BD27141-666F-468F-A68D-87485012681B}.job
2021-01-07 15:40 - 2021-01-07 15:40 - 000004174 _____ C:\WINDOWS\system32\Tasks\EPSON SC-S80600 Series Comm Driver Update {8BD27141-666F-468F-A68D-87485012681B}
2021-01-07 15:40 - 2017-06-16 03:08 - 000123392 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_NLM1EE.DLL
2021-01-07 15:40 - 2011-03-15 03:03 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_NBCB1EE.DLL
2021-01-07 15:39 - 2021-01-07 15:39 - 009224192 _____ C:\Users\jirih\Downloads\epson628187eu (1).exe
2021-01-06 11:52 - 2021-01-06 11:52 - 000000000 ____D C:\Users\jirih\AppData\Local\SafeNet Sentinel
2021-01-06 11:50 - 2021-01-08 11:07 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-01-06 11:50 - 2021-01-06 11:50 - 000000513 _____ C:\Users\Public\Desktop\RIP-Queue.lnk
2021-01-06 11:50 - 2021-01-06 11:50 - 000000000 ____D C:\ProgramData\Onyx
2021-01-06 11:50 - 2021-01-06 11:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIPCenter 12
2021-01-06 11:50 - 2021-01-06 11:50 - 000000000 ____D C:\Program Files\EpsonNet
2021-01-06 11:50 - 2021-01-06 11:50 - 000000000 ____D C:\Program Files (x86)\EpsonNet
2021-01-06 11:50 - 2010-09-03 12:06 - 000110592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EEBDSCVR.dll
2021-01-06 11:50 - 2010-09-03 11:02 - 000077824 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EEBUtil2.dll
2021-01-06 11:50 - 2010-09-03 11:00 - 000077824 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EBAPI.dll
2021-01-06 11:50 - 2010-06-25 16:55 - 000135168 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EEBAPI.dll
2021-01-06 11:50 - 2007-03-28 18:26 - 000065536 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EEBUtil.dll
2021-01-06 11:50 - 2005-07-25 03:11 - 000080731 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EBPMON2.DLL
2021-01-06 11:50 - 2003-12-17 01:01 - 000055808 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\SysWOW64\EEBSDKIF.dll
2021-01-06 11:50 - 2001-09-04 02:04 - 000000182 _____ C:\WINDOWS\SysWOW64\EBPPORT.DAT
2021-01-06 11:47 - 2021-01-06 11:47 - 000000000 ____D C:\ProgramData\SafeNet Sentinel
2021-01-06 11:47 - 2021-01-06 11:47 - 000000000 ____D C:\Program Files\Bonjour
2021-01-06 11:47 - 2021-01-06 11:47 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-01-06 11:47 - 2017-02-14 09:38 - 004574520 _____ (SafeNet, Inc.) C:\WINDOWS\system32\hasplms.exe
2021-01-06 11:47 - 2017-02-14 09:38 - 000215496 _____ (Aladdin Knowledge Systems Ltd.) C:\WINDOWS\SysWOW64\hlvdd.dll
2021-01-06 11:46 - 2017-02-14 09:38 - 001287496 _____ (SafeNet, Inc.) C:\WINDOWS\system32\Drivers\hardlock.sys
2021-01-06 11:46 - 2017-02-14 09:38 - 000464184 _____ (SafeNet, Inc.) C:\WINDOWS\system32\Drivers\aksfridge.sys
2021-01-06 11:46 - 2017-02-14 09:38 - 000399168 _____ (SafeNet, Inc.) C:\WINDOWS\system32\Drivers\aksdf.sys
2021-01-06 11:46 - 2017-02-14 09:38 - 000332088 _____ (SafeNet, Inc.) C:\WINDOWS\system32\Drivers\aksusb.sys
2021-01-06 11:46 - 2017-02-14 09:38 - 000318776 _____ (SafeNet Inc.) C:\WINDOWS\system32\akshhl32.dll
2021-01-06 11:46 - 2017-02-14 09:38 - 000104248 _____ (SafeNet, Inc.) C:\WINDOWS\system32\aksusb5.dll
2021-01-06 11:46 - 2017-02-14 09:38 - 000092984 _____ (SafeNet, Inc.) C:\WINDOWS\system32\akshsp53.dll
2021-01-06 11:46 - 2017-02-14 09:38 - 000087864 _____ (SafeNet, Inc.) C:\WINDOWS\system32\Drivers\akshasp.sys
2021-01-06 11:46 - 2017-02-14 09:38 - 000086328 _____ (SafeNet, Inc.) C:\WINDOWS\system32\Drivers\akshhl.sys
2021-01-06 11:46 - 2017-02-14 09:38 - 000049464 _____ (SafeNet, Inc.) C:\WINDOWS\system32\Drivers\aksclass.sys
2021-01-06 11:44 - 2021-01-08 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2021-01-06 11:43 - 2021-01-08 07:41 - 000000000 ____D C:\Program Files (x86)\Epson Software
2021-01-06 11:43 - 2021-01-06 11:43 - 000000000 ____D C:\Users\Public\Documents\Epson
2021-01-06 11:41 - 2021-01-06 11:43 - 182770776 _____ C:\Users\jirih\Downloads\epson636589eu.exe
2021-01-06 11:41 - 2021-01-06 11:42 - 123121664 _____ C:\Users\jirih\Downloads\epson637259eu.exe
2021-01-06 11:41 - 2021-01-06 11:41 - 009224192 _____ C:\Users\jirih\Downloads\epson628187eu.exe
2021-01-05 14:34 - 2021-01-08 09:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-19 09:31 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-19 09:20 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-19 09:20 - 2018-11-08 08:45 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-19 09:20 - 2018-01-02 08:07 - 000000000 ___DC C:\Users\jirih\AppData\LocalLow\Mozilla
2021-01-19 09:20 - 2018-01-02 08:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-19 09:14 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-19 09:10 - 2019-10-03 16:05 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-19 09:05 - 2017-12-18 10:45 - 000000000 __SHD C:\Users\jirih\IntelGraphicsProfiles
2021-01-18 14:04 - 2020-08-03 08:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-18 08:00 - 2020-08-03 09:00 - 000000000 ____D C:\Users\jirih
2021-01-18 08:00 - 2019-02-01 10:34 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-18 07:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-15 00:37 - 2020-08-03 09:07 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-15 00:37 - 2019-12-07 15:43 - 000716706 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-15 00:37 - 2019-12-07 15:43 - 000144884 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-15 00:30 - 2020-08-03 09:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-15 00:30 - 2020-08-03 08:59 - 017574920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-15 00:30 - 2020-08-03 08:59 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-15 00:30 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-15 00:30 - 2017-09-18 06:18 - 000000000 ___DC C:\Intel
2021-01-15 00:29 - 2020-08-03 09:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-15 00:29 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-15 00:29 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-15 00:29 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-15 00:29 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-14 22:17 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-14 10:44 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-14 10:41 - 2020-08-03 09:00 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-14 10:36 - 2017-12-18 15:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-14 10:34 - 2017-12-18 15:41 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 11:53 - 2017-09-18 06:17 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-11 08:55 - 2020-09-18 07:36 - 000000000 ____D C:\ProgramData\EPSON
2021-01-11 08:10 - 2020-09-17 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-11 08:04 - 2020-06-09 10:26 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-11 08:04 - 2020-06-09 10:26 - 000002257 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-08 13:50 - 2019-11-13 13:45 - 000000000 ____D C:\Users\jirih\AppData\Local\TeamViewer
2021-01-08 09:16 - 2018-01-02 08:07 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-01-07 13:27 - 2018-05-18 10:03 - 000000000 ___DC C:\Users\jirih\AppData\Local\D3DSCache
2021-01-06 11:50 - 2017-09-18 06:17 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-01-06 11:43 - 2020-09-18 07:36 - 000002194 _____ C:\Users\Public\Desktop\LFP Accounting Tool.lnk
2021-01-06 11:43 - 2020-09-18 07:36 - 000000156 _____ C:\WINDOWS\ODBC.INI
2021-01-06 11:43 - 2020-09-18 07:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LFP Accounting Tool

==================== Files in the root of some directories ========

2018-02-16 12:28 - 2020-05-14 12:20 - 000000132 ____C () C:\Users\jirih\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2018-01-04 15:40 - 2020-02-25 12:42 - 000001480 ____C () C:\Users\jirih\AppData\Local\Adobe Uložit pro web 13.0 Prefs
2018-09-29 15:55 - 2018-09-29 15:55 - 000000000 ____C () C:\Users\jirih\AppData\Local\oobelibMkey.log
2018-02-28 11:33 - 2018-02-28 11:33 - 000007604 ____C () C:\Users\jirih\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2021
Ran by jirih (19-01-2021 09:32:52)
Running from C:\Users\jirih\Desktop
Windows 10 Pro Version 2004 19041.746 (X64) (2020-08-03 08:05:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2719575083-1539358898-2089985085-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2719575083-1539358898-2089985085-503 - Limited - Disabled)
Guest (S-1-5-21-2719575083-1539358898-2089985085-501 - Limited - Disabled)
jirih (S-1-5-21-2719575083-1539358898-2089985085-1002 - Administrator - Enabled) => C:\Users\jirih
WDAGUtilityAccount (S-1-5-21-2719575083-1539358898-2089985085-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - Eastern European (Group 1) (HKLM-x32\...\{AC76BA86-1029-4770-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Design Standard (HKLM-x32\...\{0327A4BF-62BF-48BB-8928-B971B749E9E1}) (Version: 6 - Adobe Systems Incorporated)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.030 - ASUSTek Computer Inc.)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Epson Device Framework (HKLM-x32\...\{505D7E0D-4753-48FD-9A6E-687092B5003D}_is1) (Version: 2.9.0.387 - Seiko Epson Corporation)
Epson Edge Dashboard (HKLM-x32\...\{24EB1C19-9D8C-4F1B-B1A7-87B8685D58A1}_is1) (Version: 2.9.0.387 - Seiko Epson Corporation)
EPSON SC-S80600 Series Comm Driver Printer Uninstall (HKLM\...\EPSON SC-S80600 Series Comm Driver) (Version: - SEIKO EPSON Corporation)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EpsonNet SDK for Windows (HKLM-x32\...\{57E43A88-5936-11D7-AB30-0050DA8CDA09}) (Version: 1.00.035 - EPSON)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.141 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
iCloud Outlook (HKLM\...\{F8D8BAB3-5CBA-48FF-A39B-6D13C7EE83F5}) (Version: 11.5.0.28 - Apple Inc.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
LFP Accounting Tool (HKLM-x32\...\{32EF4912-C198-11E0-9EC5-FAD14824019B}) (Version: 1.8.1 - SEIKO EPSON Corporation) Hidden
LFP Accounting Tool (HKLM-x32\...\LFP Accounting Tool) (Version: 1.8.1 - SEIKO EPSON Corporation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.13530.20376 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-2719575083-1539358898-2089985085-1002\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 69.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 69.0.1 (x64 cs)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.1 - Mozilla)
Mozilla Thunderbird 78.6.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 78.6.0 (x86 cs)) (Version: 78.6.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13530.20376 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 4.6.2.2750 - Jan Fiala)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7701 - Realtek Semiconductor Corp.)
RIPCenter 12 (HKLM\...\RIPCenter 12) (Version: - Onyx Graphics)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.6.32.0_x86__nzyj5cx40ttqa [2021-01-06] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-13] (Microsoft Studios) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2017-12-18] (Samsung Electronics Co. Ltd.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2719575083-1539358898-2089985085-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-99B7495E1C09} -> [Creative Cloud Files] => C:\Users\jirih\Creative Cloud Files [2018-01-25 11:38]
CustomCLSID: HKU\S-1-5-21-2719575083-1539358898-2089985085-1002_Classes\CLSID\{3947AFCD-3D6A-4926-B03E-7666F3E8F386} -> [Fotky na iCloudu] => C:\Users\jirih\Pictures\iCloud Photos\Photos0
CustomCLSID: HKU\S-1-5-21-2719575083-1539358898-2089985085-1002_Classes\CLSID\{C4023771-A014-45E9-82C4-29AACCE1ABD9} -> [iCloud Drive] => C:\Users\jirih\iCloudDrive0
CustomCLSID: HKU\S-1-5-21-2719575083-1539358898-2089985085-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2719575083-1539358898-2089985085-1002_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxDTCM.dll [2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-27] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2719575083-1539358898-2089985085-1002: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files (x86)\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-01-06 11:43 - 2020-08-25 13:28 - 000144384 _____ () [File not signed] \\?\C:\Program Files (x86)\Epson Software\Epson Edge Dashboard\scripts\node_modules\ffi\build\Release\ffi_bindings.node
2021-01-06 11:43 - 2020-08-25 13:27 - 000137728 _____ () [File not signed] \\?\C:\Program Files (x86)\Epson Software\Epson Edge Dashboard\scripts\node_modules\ref\build\Release\binding.node
2021-01-06 11:43 - 2019-01-12 02:15 - 001048064 _____ () [File not signed] \\?\C:\Program Files (x86)\Epson Software\Epson Edge Dashboard\scripts\node_modules\sqlite3\lib\binding\node-v64-win32-ia32\node_sqlite3.node
2021-01-06 11:43 - 2018-10-19 05:35 - 000573440 _____ () [File not signed] \\?\C:\Program Files (x86)\Epson Software\Epson Edge Dashboard\scripts\node_modules\zeromq\build\Release\zmq.node
2015-09-24 16:41 - 2015-09-24 16:41 - 000019968 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\cs_CZ\acrotray.cze
2017-12-19 11:44 - 2014-11-02 18:45 - 000029184 _____ () [File not signed] C:\Program Files (x86)\PSPad editor\pspshellx64.dll
2015-09-24 16:41 - 2015-09-24 16:41 - 000334848 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\cs_CZ\Acrobat Elements\ContextMenu64.cze
2021-01-08 14:34 - 2017-06-15 05:29 - 000032256 _____ (Onyx Graphics) [File not signed] C:\WINDOWS\SysWOW64\OnxMonX64.dll
2021-01-06 11:50 - 2009-06-30 10:33 - 000430080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBIPDev.dll
2021-01-06 11:50 - 2008-11-05 19:52 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBLPBidiDev.dll
2021-01-06 11:50 - 2011-06-02 11:45 - 000135168 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\eEBRSVC.dll
2021-01-06 11:50 - 2008-09-30 01:03 - 000106496 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Common Files\EPSON\eEBAPI\epLocalBidi.dll
2020-06-29 10:03 - 2020-06-29 10:03 - 001697792 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCB90\SCB90.dll
2020-06-29 10:05 - 2020-06-29 10:05 - 001692160 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCF100\SCF100.dll
2020-06-29 10:05 - 2020-06-29 10:05 - 001696768 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCF30\SCF30.dll
2020-06-29 10:04 - 2020-06-29 10:04 - 001704960 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCF5\SCF5.dll
2020-06-29 10:05 - 2020-06-29 10:05 - 001692672 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCF62\SCF62.dll
2020-06-29 10:03 - 2020-06-29 10:03 - 001691136 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCF63\SCF63.dll
2020-06-29 10:02 - 2020-06-29 10:02 - 001703936 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCF92\SCF92.dll
2020-06-29 10:04 - 2020-06-29 10:04 - 001697792 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCF94\SCF94.dll
2020-06-29 10:04 - 2020-06-29 10:04 - 001708544 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCF94\SCF94H.dll
2020-06-29 10:03 - 2020-06-29 10:03 - 001754624 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCP100D\SCP100D.dll
2020-06-29 10:03 - 2020-06-29 10:03 - 001759232 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCP200\SCP200.dll
2020-06-29 10:02 - 2020-06-29 10:02 - 001715712 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCP68\SCP68.dll
2020-06-29 10:04 - 2020-06-29 10:04 - 001790464 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCP7595\SCP7595.dll
2020-06-29 10:02 - 2020-06-29 10:02 - 001765376 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCP79\SCP79.dll
2020-11-13 16:10 - 2020-11-13 16:10 - 001708032 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCR50\SCR50.dll
2020-06-29 10:03 - 2020-06-29 10:03 - 001698816 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCS406\SCS406.dll
2020-06-29 10:03 - 2020-06-29 10:03 - 001698816 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCS606\SCS606.dll
2020-06-29 10:04 - 2020-06-29 10:04 - 001698816 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCS606\SCS606L.dll
2020-06-29 10:03 - 2020-06-29 10:03 - 001733632 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCS806\SCS806.dll
2020-06-29 10:04 - 2020-06-29 10:04 - 001733632 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCS806\SCS806L.dll
2020-06-29 10:03 - 2020-06-29 10:03 - 001702400 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCT3454\SCT3454.dll
2020-11-13 16:09 - 2020-11-13 16:09 - 001704448 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCT3454\SCT34545.dll
2020-06-29 10:02 - 2020-06-29 10:02 - 001690112 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCT357\SCT357.dll
2020-06-29 10:02 - 2020-06-29 10:02 - 001692672 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SCT357\SCT357A.dll
2020-06-29 10:02 - 2020-06-29 10:02 - 001673216 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\DLL\SP7797\SP7797.dll
2020-06-29 10:01 - 2020-06-29 10:01 - 000224256 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON\LFP Accounting Tool\PDFLib.dll
2021-01-06 11:42 - 2016-03-18 08:03 - 002744320 _____ (Seiko Epson Corporation) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_NENSTRMA1EE.DLL

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2019-05-31 09:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2719575083-1539358898-2089985085-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\jirih\Desktop\JAGR-_Navrat-krale-tapeta-1920x1280.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4B612FDB-E06E-4B9B-BE40-16BAAD4D0DE1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E8F0A531-E50F-4639-ACCD-099945DE8485}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8FA2BDD2-6A05-404C-9ADF-FABDA8887508}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{1B5A0573-93AA-4ECB-BA7C-0ACBFEDFABE4}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{610B1CC7-564F-4A29-B7A3-A0100AEADDF3}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{C280F345-ECC9-4ADE-B4E3-1E9D717F828F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B3A84E69-A2E4-4A9C-A6A7-D1DF9C96342B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{195734B1-579B-4004-B7BB-6CDF55375C99}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0A021495-B68D-4BD0-A3FF-8BEC49C994E2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{995F9C29-1C47-4605-B668-5A5D83716BE4}] => (Allow) C:\WINDOWS\system32\hasplms.exe (SafeNet, Inc. -> SafeNet, Inc.)
FirewallRules: [{BFC8FF20-6918-48AE-9BD1-18F1E2F78651}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A137D54A-8DFE-4775-A987-9C5600080031}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{5AA07CB1-14E8-4DD7-8F95-C5B98D037FC7}D:\onyx12\server\postershop.exe] => (Allow) D:\onyx12\server\postershop.exe (Onyx Graphics) [File not signed]
FirewallRules: [UDP Query User{1C75ECDB-FACA-4612-B380-3674966DA0F1}D:\onyx12\server\postershop.exe] => (Allow) D:\onyx12\server\postershop.exe (Onyx Graphics) [File not signed]
FirewallRules: [{C0E11746-820E-4ED6-B8D0-7AAD689E0B9F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{408E45FE-76AF-4FE6-AE20-61B6E52FB428}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6A9DB0CF-B0AE-483D-9BB6-9480A2BA4E6E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D4864014-0C03-4161-8C35-40F6ED9A1CF6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{09D32A3E-67E4-481F-9F0B-D28D9A4F4CEE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE648D38-CD0A-4EB7-828F-5EF1B7299C73}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:110.74 GB) (Free:13.76 GB) (12%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/19/2021 09:08:38 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/18/2021 07:58:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/15/2021 05:21:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/15/2021 12:29:58 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/15/2021 12:29:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (01/15/2021 12:29:58 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (01/14/2021 08:25:49 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/13/2021 09:08:56 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (01/08/2021 11:07:04 AM) (Source: DCOM) (EventID: 10010) (User: JIRKA-BRUTUS)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/06/2021 11:45:41 AM) (Source: DCOM) (EventID: 10010) (User: JIRKA-BRUTUS)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/06/2021 11:45:41 AM) (Source: DCOM) (EventID: 10010) (User: JIRKA-BRUTUS)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/06/2021 11:45:41 AM) (Source: DCOM) (EventID: 10010) (User: JIRKA-BRUTUS)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/06/2021 11:45:41 AM) (Source: DCOM) (EventID: 10010) (User: JIRKA-BRUTUS)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/05/2021 08:56:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9PKTQ5699M62-AppleInc.iCloud.

Error: (01/04/2021 08:35:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9PKTQ5699M62-AppleInc.iCloud.

Error: (11/11/2020 08:29:13 AM) (Source: DCOM) (EventID: 10010) (User: JIRKA-BRUTUS)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2021-01-19 09:16:20.9000000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {AA5274DE-3C49-465B-8EC8-2ED048ACF46E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-18 09:27:40.9800000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {02D0F511-693A-403F-8F9E-C7B01607EEFA}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-18 08:06:46.6440000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {65FF3687-DA7E-4DC3-8A21-A1BA0E7F26A8}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-14 08:58:10.7000000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {DCA9A5C8-6CDD-4AE9-A4ED-5A5453FE3895}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-01-13 09:29:28.4650000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C4535C2F-E849-4195-B481-80E2A2B9ACA0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2021-01-19 09:31:33.4640000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-19 09:31:33.4630000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-19 09:27:40.4980000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-19 09:27:40.4920000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-19 09:27:39.8660000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-19 09:27:39.8600000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-19 09:26:30.5710000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-01-19 09:26:30.5680000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 3401 03/16/2017
Motherboard: ASUSTeK COMPUTER INC. H110M-K
Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
Percentage of memory in use: 32%
Total physical RAM: 16249.54 MB
Available physical RAM: 10897.16 MB
Total Virtual: 18681.54 MB
Available Virtual: 13478.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.74 GB) (Free:13.76 GB) NTFS
Drive d: () (Fixed) (Total:931.5 GB) (Free:928.17 GB) NTFS
Drive e: (DATA) (Fixed) (Total:698.63 GB) (Free:20.5 GB) NTFS

\\?\Volume{23bb9fdb-f7be-44fc-96ab-c90e5d591b2e}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{55f334c1-aa71-48ce-9904-b349003dd5f2}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{896dcddd-737a-4c16-863a-eb6412e40343}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 6814C998)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

a MB

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 19.01.21
Čas skenování: 9:21
Logovací soubor: 4ffe2b92-5a2f-11eb-b3a8-6045cb9ecb6e.json

-Informace o softwaru-
Verze: 4.3.0.98
Verze komponentů: 1.0.1146
Aktualizovat verzi balíku komponent: 1.0.35943
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 19041.746)
CPU: x64
Systém souborů: NTFS
Uživatel: JIRKA-BRUTUS\jirih

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 299179
Zjištěné hrozby: 7
Hrozby umístěné do karantény: 0
Uplynulý čas: 1 min, 17 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 4
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DRPNPS, Žádná uživatelská akce, 8344, 411166, , , , , ,
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{98A2BC80-D508-46B4-AADF-0D310AA045AD}, Žádná uživatelská akce, 8344, 411166, , , , , ,
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{98A2BC80-D508-46B4-AADF-0D310AA045AD}, Žádná uživatelská akce, 8344, 411166, , , , , ,
PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU, Žádná uživatelská akce, 8344, 472300, 1.0.35943, , ame, , ,

Hodnota v registru: 2
PUP.Optional.DriverPack, HKLM\SOFTWARE\WOW6432NODE\DRPSU|CLIENTID, Žádná uživatelská akce, 8344, 472300, 1.0.35943, , ame, , ,
PUP.Optional.DriverPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{98A2BC80-D508-46B4-AADF-0D310AA045AD}|PATH, Žádná uživatelská akce, 8344, 411164, 1.0.35943, , ame, , ,

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
PUP.Optional.DriverPack, C:\WINDOWS\SYSTEM32\TASKS\DRPNPS, Žádná uživatelská akce, 8344, 411166, 1.0.35943, , ame, , 0BD326DAEFA21E5D09BE75C33D40FD04, 211B73B72E296D91F4CD138568C45ABC77ACFAAC45131507BFCD719251349F58

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113388
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: chrome hlásí nákazu trojským koněm a vypršení předplatného norton

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Taby
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 30 zář 2007 10:48

Re: chrome hlásí nákazu trojským koněm a vypršení předplatného norton

#3 Příspěvek od Taby »

Děkuji. Sken proběhl, k čištění nic nebylo. U vyskakovacího okna jsem zjistil, že došlo k povolení informací ze zmiňovaného webu. Při návětěvě fora viry malware píše toto (níže je log Asfcleaneru:

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum události ochrany: 19.01.21
Čas události ochrany: 11:12
Logovací soubor: dcf0a66a-5a3e-11eb-9fb6-6045cb9ecb6e.json

-Informace o softwaru-
Verze: 4.3.0.98
Verze komponentů: 1.0.1146
Aktualizovat verzi balíku komponent: 1.0.35943
Licence: Zkušební

-Systémová informace-
OS: Windows 10 (Build 19041.746)
CPU: x64
Systém souborů: NTFS
Uživatel: System

-Podrobnosti o zablokovaném webu-
Škodlivý web: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Zablokováno, -1, -1, 0.0.0, ,

-Údaje o webu-
Kategorie: Trojský kůň
Doména: forum.viry.cz
IP Adresa: 89.221.217.81
Port: 80
Typ: Odchozí
Soubor: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe



(end)



Tady je log z AdwCleaneru

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-19-2021
# Duration: 00:00:15
# OS: Windows 10 Pro
# Scanned: 31956
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSProductRegistration Folder C:\Program Files (x86)\ASUS\APRP
Preinstalled.ASUSProductRegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113388
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: chrome hlásí nákazu trojským koněm a vypršení předplatného norton

#4 Příspěvek od Rudy »

OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKU\S-1-5-21-2719575083-1539358898-2089985085-1002\...\MountPoints2: {1059ca22-11cf-11eb-920c-6045cb9ecb6e} - "F:\startme.exe"
Task: {7025E6AB-7539-48E7-BD37-19471CA721A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-09-18] (Google Inc -> Google Inc.)
Task: {F3A6CEC1-E3A2-43CA-A31E-C1A216CA2613} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-09-18] (Google Inc -> Google Inc.)
CHR Notifications: Profile 2 -> hxxps://lovesushi29.ru
C:\Program Files\Bonjour
C:\Program Files (x86)\Bonjour
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Taby
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 30 zář 2007 10:48

Re: chrome hlásí nákazu trojským koněm a vypršení předplatného norton

#5 Příspěvek od Taby »

Dobrý den, zde to je. A děkuji

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-01-2021
Ran by jirih (20-01-2021 10:08:52) Run:1
Running from C:\Users\jirih\Desktop
Loaded Profiles: jirih
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-2719575083-1539358898-2089985085-1002\...\MountPoints2: {1059ca22-11cf-11eb-920c-6045cb9ecb6e} - "F:\startme.exe"
Task: {7025E6AB-7539-48E7-BD37-19471CA721A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-09-18] (Google Inc -> Google Inc.)
Task: {F3A6CEC1-E3A2-43CA-A31E-C1A216CA2613} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2017-09-18] (Google Inc -> Google Inc.)
CHR Notifications: Profile 2 -> hxxps://lovesushi29.ru
C:\Program Files\Bonjour
C:\Program Files (x86)\Bonjour
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2719575083-1539358898-2089985085-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1059ca22-11cf-11eb-920c-6045cb9ecb6e} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7025E6AB-7539-48E7-BD37-19471CA721A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7025E6AB-7539-48E7-BD37-19471CA721A4}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3A6CEC1-E3A2-43CA-A31E-C1A216CA2613}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A6CEC1-E3A2-43CA-A31E-C1A216CA2613}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"Chrome Notifications" => removed successfully
C:\Program Files\Bonjour => moved successfully
C:\Program Files (x86)\Bonjour => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 117369180 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 13375674 B
Edge => 1291713 B
Chrome => 394842870 B
Brave => 0 B
Firefox => 328372292 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16192 B
NetworkService => 229144 B
jirih => 242447272 B

RecycleBin => 63551098 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:14:54 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113388
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: chrome hlásí nákazu trojským koněm a vypršení předplatného norton

#6 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět