Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Trojský kůň, pomalý notebook, blokovaný Chrome...

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
pepaa
Návštěvník
Návštěvník
Příspěvky: 98
Registrován: 01 kvě 2007 18:51
Kontaktovat uživatele:

Trojský kůň, pomalý notebook, blokovaný Chrome...

#1 Příspěvek od pepaa »

Dobrý den,

prosím o kontrolu logi z FRST, po skenování Zabezpečení Windows nalezeny 2 hrozby, Trojský kůň a nějaký malware, dlouho se načítá stránka a blokují se okna.


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-12-2021
Ran by Josef Dlouhý (05-12-2021 20:41:07)
Running from C:\Users\Josef\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1387 (X86) (2021-08-08 22:25:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1174052206-1239866868-2889758395-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1174052206-1239866868-2889758395-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1174052206-1239866868-2889758395-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1174052206-1239866868-2889758395-501 - Limited - Disabled)
Josef Dlouhý (S-1-5-21-1174052206-1239866868-2889758395-1001 - Administrator - Enabled) => C:\Users\Josef
WDAGUtilityAccount (S-1-5-21-1174052206-1239866868-2889758395-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Mobile Device Support (HKLM\...\{FEC646C7-7157-4E48-8008-9C58C9F6F64B}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
iCloud Outlook (HKLM\...\{9A62F1BE-ABA0-45CE-AC0E-13BC806B7F29}) (Version: 12.4.0.103 - Apple Inc.)
iTunes (HKLM\...\{A80D8730-B27D-4602-A2CC-ADA2A4340C03}) (Version: 12.12.2.2 - Apple Inc.)
Kontrola stavu osobního počítače s Windows (HKLM\...\{F920D25E-42AD-4811-B0A7-A0D22107150F}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo Service Bridge (HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.8 - Lenovo)
Lenovo System Interface Foundation Driver (HKLM\...\{884BAF97-AC8D-463E-846A-47DD41866A19}) (Version: 1.1.17.2 - Lenovo)
Lenovo Welcome (HKLM\...\Lenovo Welcome) (Version: 3.2 - Lenovo Group Ltd.)
MediaHuman YouTube to MP3 Converter 3.9.9.62 (HKLM\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.62 - MediaHuman)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\Teams) (Version: 1.4.00.31569 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7F6C1718-0D64-4E43-988F-2B4B8044151C}) (Version: 2.93.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Pioneer MIX Driver (HKLM\...\Pioneer MIX) (Version: 5.6.0.0017 - Pioneer DJ Corporation.)
rekordbox 5.6.0 (HKLM\...\Pioneer rekordbox 5.6.0) (Version: 5.6.0.0017 - Pioneer DJ)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Teams Machine-Wide Installer (HKLM\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.4.0.22976 - Microsoft Corporation)
WhatsApp (HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\WhatsApp) (Version: 2.2144.11 - WhatsApp)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.4.265.0_x86__v10z8vjag6ke6 [2021-12-01] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-09-05] (Apple Inc.) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.28.13.0_x86__k1h2ywk1493x8 [2021-11-24] (LENOVO INC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x86__8wekyb3d8bbwe [2021-11-13] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0 [2021-11-27] (Spotify AB) [Startup Task]
Surface Diagnostic Toolkit -> C:\Program Files\WindowsApps\Microsoft.SurfaceDiagnostics_2.168.139.0_x86__8wekyb3d8bbwe [2021-11-24] (Microsoft Corporation) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001_Classes\CLSID\{17844A39-A7C2-428D-9B21-7E9E7AB4A719} -> [Fotky na iCloudu] => C:\Users\Josef\Pictures\iCloud Photos\Photos [2021-08-09 02:24]
CustomCLSID: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Josef\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21229.2\x86\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001_Classes\CLSID\{3F1E95C5-9C6E-42B0-A56E-5BE2199A29B8} -> [iCloud Drive] => C:\Users\Josef\iCloudDrive [2021-08-09 02:24]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-11-24 10:13 - 2020-11-03 05:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-08-08 22:35 - 2021-08-08 22:32 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-12-03 19:44 - 2021-12-03 23:01 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1174052206-1239866868-2889758395-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{649EA97B-47CD-4C28-984B-13A161801AE4}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{E7B309EA-6E60-4F39-8CD4-D0C099BD3911}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{0FDB7F3F-3182-4E61-A384-1D9B6E96C40C}C:\program files\pioneer\rekordbox 5.6.0\psvnfsd.exe] => (Block) C:\program files\pioneer\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [UDP Query User{6CA15FEA-15DB-482A-9312-478684ADD837}C:\program files\pioneer\rekordbox 5.6.0\psvnfsd.exe] => (Block) C:\program files\pioneer\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [TCP Query User{7E409257-F1ED-4661-AD18-BA83C7A50FB4}C:\program files\pioneer\rekordbox 5.6.0\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [UDP Query User{3C66B6F3-2647-44EF-976E-5A80F5FE2299}C:\program files\pioneer\rekordbox 5.6.0\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [TCP Query User{10AA9310-EF86-4F58-8C0D-C26B6CF5F886}C:\program files\pioneer\rekordbox 5.6.0\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [UDP Query User{05017E14-90CB-4212-95D9-2AC88E524BB9}C:\program files\pioneer\rekordbox 5.6.0\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)

==================== Restore Points =========================

27-11-2021 17:54:06 Naplánovaný kontrolní bod
05-12-2021 16:09:27 Odebráno: Microsoft Update Health Tools

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/05/2021 08:11:36 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (12/05/2021 07:52:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbam.exe, verze: 4.0.0.1170, časové razítko: 0x618d7b69
Název chybujícího modulu: Qt5Core.dll, verze: 5.14.1.0, časové razítko: 0x60397225
Kód výjimky: 0xc0000005
Posun chyby: 0x001a4c89
ID chybujícího procesu: 0x33c8
Čas spuštění chybující aplikace: 0x01d7ea08d26e38bd
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID zprávy: a6965b4b-0ed4-4238-8b48-20e79d5829f7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/05/2021 06:07:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.1320 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 136c

Čas spuštění: 01d7e9fa63baf6d0

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: 77c36fdf-e75d-4724-ab8f-0aaa642c43c2

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Quiesce

Error: (12/05/2021 06:06:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SoftwareUpdate.exe verze 2.6.3.1 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3020

Čas spuštění: 01d7e9f518c9f192

Čas ukončení: 156

Cesta k aplikaci: C:\Program Files\Apple Software Update\SoftwareUpdate.exe

ID hlášení: 1af2532c-0b72-4c42-9388-289fa5dd5eff

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (12/05/2021 06:04:07 PM) (Source: MsiInstaller) (EventID: 10005) (User: JOSECKO)
Description: Produkt: iCloud - Někteří uživatelé počítače nainstalovali iCloud z Microsoft Storu. Před pokračováním této instalace musí všichni uživatelé iCloud odinstalovat.

Error: (12/05/2021 05:29:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Lenovo.Modern.ImController.PluginHost.SettingsApp.exe, verze: 1.1.17.2, časové razítko: 0x5c33e675
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1387, časové razítko: 0xd3c205d3
Kód výjimky: 0xe0434352
Posun chyby: 0x00133982
ID chybujícího procesu: 0x20dc
Čas spuštění chybující aplikace: 0x01d7e9f532b8d40d
Cesta k chybující aplikaci: C:\Program Files\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: a334bdcf-7788-41a0-bbf3-9a227a796de2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (12/05/2021 05:29:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.BadImageFormatException
na 8b28fb11-8877-4fe7-b842-0ec3332b4928Type.RunWinEventMonitor(IntPtr, IntPtr, System.String, Int32)
na PlugIn_Harmony.Monitor.ActiveAppMonitor+<>c.<AppMonitor>b__13_0()
na System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (12/05/2021 05:27:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Lenovo.Modern.ImController.PluginHost.SettingsApp.exe, verze: 1.1.17.2, časové razítko: 0x5c33e675
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1387, časové razítko: 0xd3c205d3
Kód výjimky: 0xe0434352
Posun chyby: 0x00133982
ID chybujícího procesu: 0xc08
Čas spuštění chybující aplikace: 0x01d7e9f4ee19e50b
Cesta k chybující aplikaci: C:\Program Files\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 37b7558e-d68c-4e1d-a872-252eb2bdff70
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (12/05/2021 08:15:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby DeviceAssociationService bylo dosaženo časového limitu (30000 ms).

Error: (12/05/2021 08:15:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ClickToRunSvc bylo dosaženo časového limitu (30000 ms).

Error: (12/05/2021 08:15:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ImControllerService bylo dosaženo časového limitu (30000 ms).

Error: (12/05/2021 08:14:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024001e): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.353.2133.0).

Error: (12/05/2021 07:01:47 PM) (Source: DCOM) (EventID: 10010) (User: JOSECKO)
Description: Server Microsoft.Windows.Photos_2021.21090.10008.0_x86__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/05/2021 04:42:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {752073A1-23F2-4396-85F0-8FDB879ED0ED} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/05/2021 04:30:31 PM) (Source: DCOM) (EventID: 10010) (User: JOSECKO)
Description: Server Microsoft.Windows.Photos_2021.21090.10008.0_x86__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/05/2021 02:44:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Služba úložiště přestala během spouštění reagovat.


Windows Defender:
================
Date: 2021-12-05 20:30:30
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Sabsik.TE.A!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Josef\Downloads\FRST.exe; webfile:_C:\Users\Josef\Downloads\FRST.exe|https://download.bleepingcomputer.com/d ... 2237188817
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: JOSECKO\Josef Dlouhý
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.353.2131.0, AS: 1.353.2131.0, NIS: 1.353.2131.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-12-05 20:29:28
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Sabsik.TE.A!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Josef\Downloads\FRST.exe; webfile:_C:\Users\Josef\Downloads\FRST.exe|https://download.bleepingcomputer.com/d ... 1559458078
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: JOSECKO\Josef Dlouhý
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.353.2131.0, AS: 1.353.2131.0, NIS: 1.353.2131.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-12-05 19:26:54
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Josef\Documents\ES_SETUP\msimg32.dll
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Uživatel
Uživatel: DESKTOP-EKO581J\Josef Dlouhý
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.353.2124.0, AS: 1.353.2124.0, NIS: 1.353.2124.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-12-05 19:26:54
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\Windows.old\Users\Josef\AppData\Local\Temp\nsyA6D8.tmp\setuprcsetup153.exe; file:_C:\Windows.old\Users\Josef\AppData\Local\Temp\nsyA6D8.tmp\setuprcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: DESKTOP-EKO581J\Josef Dlouhý
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.353.2124.0, AS: 1.353.2124.0, NIS: 1.353.2124.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-12-05 15:57:34
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D02228E3-0E9C-4ED1-A183-AAF6C421B948}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2021-12-05 20:14:18
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.353.2131.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18700.4
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

Date: 2021-12-04 19:19:42
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2021-12-03 10:11:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.353.1914.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18700.4
Kód chyby: 0x80070050
Popis chyby: Soubor existuje.

Date: 2021-11-23 08:13:35
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.353.943.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18700.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2021-11-23 08:13:35
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.353.943.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18700.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

CodeIntegrity:
===============
Date: 2021-12-05 20:38:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 40CN28WW(V2.14) 10/07/2011
Motherboard: LENOVO Base Board Product Name
Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 84%
Total physical RAM: 3017.86 MB
Available physical RAM: 466.68 MB
Total Virtual: 4681.86 MB
Available Virtual: 1641.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.75 GB) (Free:363.8 GB) NTFS

\\?\Volume{4a982910-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{4a982910-0000-0000-0000-b04f74000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4A982910)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=527 MB) - (Type=27)

==================== End of Addition.txt =======================

pepaa
Návštěvník
Návštěvník
Příspěvky: 98
Registrován: 01 kvě 2007 18:51
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#2 Příspěvek od pepaa »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-12-2021
Ran by Josef Dlouhý (administrator) on JOSECKO (LENOVO 20079) (05-12-2021 20:34:41)
Running from C:\Users\Josef\Downloads
Loaded Profiles: Josef Dlouhý
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1387 (X86) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudIE.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\secd.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <32>
(Google LLC -> Google LLC) C:\Program Files\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Josef\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Josef\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x86__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) [File not signed] C:\Windows\System32\winlogon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_21fd3b90c425147a\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Vimicro) C:\Program Files\USB Camera\VM331STI.EXE
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => "X:\Program Files\DellTPad\Apoint.exe" (No File)
HKLM\...\Run: [331BigDog] => C:\Program Files\USB Camera\VM331STI.EXE [571928 2015-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3531952 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [TeamsMachineInstaller] => C:\Program Files\Teams Installer\Teams.exe [117208824 2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [293432 2021-10-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1174052206-1239866868-2889758395-1000\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2367352 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2367352 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Josef\AppData\Local\Microsoft\Teams\Update.exe [2459328 2021-11-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\Run: [MicrosoftEdgeAutoLaunch_1A7B786E7EE443075A2B429E7D94B8F0] => "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-23] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0997DC01-13D4-4E8D-98BC-DB8A56E3DB36} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {0BDE4D20-E1B3-4E3A-80B2-2F6BDBA1286F} - System32\Tasks\Lenovo\LenovoWelcomeLauncher => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcome.exe /task (No File)
Task: {18F0B19C-33E2-4DE7-B4FE-ACB38F5A08CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [17620872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {235FC4E2-7862-479B-8D49-0BC42FBE5B60} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\344435fb-dd55-4613-87a1-ca3424cb5198 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62744 2019-01-07] (Lenovo -> Lenovo Group Ltd.)
Task: {2688C0B3-87AC-4B73-A0B2-97ED368ADA59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [737992 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {28866EC6-AC6F-48EF-82A7-A5B02BBD7F8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [737992 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DA0C212-DD4C-4538-9E02-27CA1592DA16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [737992 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {39F8DA04-D73D-4EAF-88E5-B4E8A86B54A1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c272a884-09da-431c-91c1-0e2bf9ec30da => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62744 2019-01-07] (Lenovo -> Lenovo Group Ltd.)
Task: {3B3B5D5C-4B88-4D2A-91CF-26C42104E727} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe $(EventData) (No File)
Task: {4A1098BD-B20E-4DA1-9459-D2124547C6B6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3060072 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {604164F9-B8A8-4C02-B058-AB2FF6624ABB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {62E6163C-3AA8-42CF-883E-9D07C841F2C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {686EA2BB-C21B-4211-87C1-04F3B133ECEE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8dc3df5c-9f05-42fa-9c25-1cfbe4c1a395 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62744 2019-01-07] (Lenovo -> Lenovo Group Ltd.)
Task: {6D32BFF3-57EA-43EA-B077-9C9C5E765E98} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {6EFD55DA-860F-4F8F-9846-71EAECDAA703} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156232 2021-09-05] (Google LLC -> Google LLC)
Task: {8CDAED93-972E-4B68-B6AF-ED5D81E96C71} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {9D71F66C-92C1-47EC-BDA9-3E8A2BCFF6EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156232 2021-09-05] (Google LLC -> Google LLC)
Task: {A86DA082-A827-4262-AD53-C0F0A4936AF7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c1012850-f2ae-49da-9e06-5358d388c636 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62744 2019-01-07] (Lenovo -> Lenovo Group Ltd.)
Task: {B1D9CAC6-2F29-4682-9DF9-0A4E832EB9DF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B206DCFD-CF4B-4B44-A9B0-4D93485702DA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1174052206-1239866868-2889758395-1001 => C:\Users\Josef\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-10-30] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {B4BFCD62-4D59-4279-9EFD-F7EF7E1F0B06} - System32\Tasks\Apple Diagnostics => C:\Users\Josef\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2021-09-05] () [simlink -> ]
Task: {B5069498-C81D-4E30-808B-0BB670A0BE28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [737992 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D606B747-6E9B-410F-8043-09FDEBA336EA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [17620872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {DEF3D371-B747-4C65-8C91-3D7A633D93B6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC6DE2F2-8909-4562-843D-33256CAFE1E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{693e75ed-dcfd-410a-992d-e4113d7b3c8d}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{75313810-d76b-4f33-8b94-2a6cc0460627}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c02dea1d-3f47-4472-80a2-776e56274c86}: [DhcpNameServer] 172.20.10.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-05]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-05]
Edge HKLM\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default [2021-12-05]
CHR Notifications: Default -> hxxps://business.facebook.com; hxxps://www.amateri.com; hxxps://www.facebook.com; hxxps://www.instagram.com
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-05]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87336 2016-10-20] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8273784 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
S3 cloudidsvc; C:\WINDOWS\system32\cloudidsvc.dll [81408 2021-11-23] (Microsoft Windows -> Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [300120 2017-03-10] (Intel(R) pGFX -> Intel Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncHelper.exe [2448232 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [260256 2021-11-13] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62744 2019-01-07] (Lenovo -> Lenovo Group Ltd.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.220.1024.0005\OneDriveUpdaterService.exe [2836840 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4752832 2021-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217264 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
S4 uhssvc; C:\Program Files\Microsoft Update Health Tools\uhssvc.exe [283960 2021-10-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [1869144 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [88664 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [152560 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\WINDOWS\System32\drivers\AcpiVpc.sys [36176 2015-06-15] (LENOVO -> Lenovo Corporation)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [54032 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [17952 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [31344 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63.sys [6811648 2019-12-07] (Microsoft Windows -> Broadcom Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [205312 2021-04-02] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [104448 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [16880 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R3 ICCWDT; C:\WINDOWS\System32\drivers\ICCWDT.sys [34384 2017-10-17] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x86.sys [102912 2019-12-07] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 MEI; C:\WINDOWS\System32\DriverStore\FileRepository\heci.inf_x86_3fec17f874687c29\x86\TeeDriverW10.sys [253960 2020-09-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl.sys [28256 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [293904 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [34480 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [35504 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
S3 teamviewervpn; C:\WINDOWS\System32\drivers\teamviewervpn.sys [25088 2021-11-16] (Microsoft Windows Hardware Compatibility Publisher -> TeamViewer GmbH)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [597784 2015-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [39304 2021-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [342240 2021-11-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60640 2021-11-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [44720 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [213504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-05 20:34 - 2021-12-05 20:37 - 000020880 _____ C:\Users\Josef\Downloads\FRST.txt
2021-12-05 20:33 - 2021-12-05 20:36 - 000000000 ____D C:\FRST
2021-12-05 20:32 - 2021-12-05 20:32 - 002019840 _____ (Farbar) C:\Users\Josef\Downloads\FRST.exe
2021-12-05 19:53 - 2021-12-05 19:53 - 000000000 ____D C:\Users\Josef\AppData\Local\CrashDumps
2021-12-05 19:50 - 2021-12-05 19:50 - 000000000 ____D C:\Users\Josef\AppData\Local\mbam
2021-12-05 19:45 - 2021-12-05 19:45 - 002101944 _____ (Malwarebytes) C:\Users\Josef\Downloads\MBSetup-119967.119967-consumer.exe
2021-12-05 17:13 - 2021-12-05 17:13 - 003232984 _____ (Lenovo ) C:\Users\Josef\Downloads\LSBSetup (2).exe
2021-12-05 17:05 - 2021-12-05 17:05 - 003232984 _____ (Lenovo ) C:\Users\Josef\Downloads\LSBSetup.exe
2021-12-05 16:37 - 2021-12-05 16:37 - 000000000 ____D C:\inetpub
2021-12-05 16:11 - 2021-12-05 16:11 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-12-05 14:43 - 2021-12-05 14:43 - 000002247 _____ C:\Users\Josef\Desktop\Google Chrome.lnk
2021-12-04 14:21 - 2021-12-04 14:21 - 000001319 _____ C:\Users\Josef\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2021-12-04 14:21 - 2021-12-04 14:21 - 000000215 _____ C:\Users\Josef\Desktop\Visit MediaHuman Website.url
2021-12-04 00:34 - 2021-12-04 00:34 - 031575736 _____ (Telegram FZ-LLC ) C:\Users\Josef\Downloads\tsetup.3.2.5.exe
2021-12-04 00:31 - 2021-12-04 00:31 - 034826400 _____ (Telegram FZ-LLC ) C:\Users\Josef\Downloads\tsetup-x64.3.2.5.exe
2021-12-04 00:29 - 2021-12-04 00:30 - 042408804 _____ C:\Users\Josef\Downloads\tportable-x64.3.2.5.zip
2021-12-04 00:28 - 2021-12-04 00:29 - 081336976 _____ (TuneIn Inc) C:\Users\Josef\Downloads\TuneIn+Setup+1.24.0.exe
2021-12-03 23:56 - 2021-12-03 23:56 - 000000157 _____ C:\Users\Josef\Downloads\hwflowlog.txt
2021-12-03 23:49 - 2021-12-03 23:49 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-12-03 20:53 - 2021-11-16 14:47 - 000025088 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2021-12-03 20:48 - 2021-12-03 20:50 - 031853392 _____ (TeamViewer Germany GmbH) C:\Users\Josef\Downloads\TeamViewer_Setup (1).exe
2021-12-03 19:44 - 2021-12-03 23:01 - 000000445 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-12-03 18:31 - 2021-12-03 20:22 - 000000000 ____D C:\Users\Josef\AppData\Local\ElevatedDiagnostics
2021-12-01 20:13 - 2021-12-01 20:13 - 000000000 ____D C:\$WINDOWS.~BT
2021-12-01 20:12 - 2021-12-01 20:12 - 000000000 ___HD C:\$Windows.~WS
2021-11-24 17:26 - 2021-11-24 17:26 - 000000000 ____D C:\Users\Josef\Desktop\DNEEES
2021-11-24 17:25 - 2021-11-24 17:25 - 000000000 ____D C:\Users\Josef\Desktop\FASHION
2021-11-24 15:53 - 2021-11-24 15:54 - 375799665 _____ C:\Users\Josef\Downloads\Install_rekordbox_x64_6_6_0.zip
2021-11-24 12:33 - 2021-11-24 12:33 - 000000000 ____D C:\Users\Josef\AppData\LocalLow\Lenovo
2021-11-24 10:35 - 2021-12-05 17:21 - 000000796 _____ C:\WINDOWS\storelibdebug.txt
2021-11-24 10:12 - 2021-11-24 10:12 - 000000000 ____D C:\Users\Josef\AppData\Local\Lenovo
2021-11-24 10:11 - 2021-11-24 10:11 - 000000000 ____D C:\Program Files\Lenovo
2021-11-24 10:09 - 2021-11-24 10:35 - 000000000 ____D C:\ProgramData\Lenovo
2021-11-24 10:09 - 2021-11-24 10:17 - 000000000 ____D C:\WINDOWS\TempInst
2021-11-24 10:06 - 2021-11-24 10:08 - 407487992 _____ (Lenovo ) C:\Users\Josef\Downloads\SystemInterfaceFoundation.exe
2021-11-24 08:43 - 2021-11-24 08:43 - 000125440 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-11-24 08:29 - 2021-11-24 08:29 - 000000000 ___HD C:\$WinREAgent
2021-11-24 07:43 - 2021-11-24 10:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-11-24 07:42 - 2021-11-24 07:42 - 003232984 _____ (Lenovo ) C:\Users\Josef\Downloads\LSBSetup (1).exe
2021-11-24 04:28 - 2021-11-24 04:28 - 000000000 ____D C:\Users\Josef\AppData\Local\Apple Inc
2021-11-24 04:20 - 2021-11-24 04:20 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-11-24 04:20 - 2021-11-24 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-11-24 03:54 - 2021-12-05 18:21 - 000000000 ____D C:\Users\Josef\Desktop\iTunes
2021-11-24 03:51 - 2021-11-24 03:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-11-24 03:50 - 2021-11-24 03:50 - 000000000 ____D C:\Program Files\Bonjour
2021-11-24 03:50 - 2021-11-24 03:50 - 000000000 ____D C:\Program Files\Apple Software Update
2021-11-24 03:46 - 2021-11-24 03:47 - 176901096 _____ (Apple Inc.) C:\Users\Josef\Downloads\iTunesSetup (1).exe
2021-11-24 03:40 - 2021-11-24 04:09 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Apple Computer
2021-11-24 03:40 - 2021-11-24 03:40 - 000000000 ____D C:\Users\Josef\AppData\Local\Apple Computer
2021-11-24 03:39 - 2021-11-24 04:20 - 000000000 ____D C:\Program Files\iTunes
2021-11-24 03:39 - 2021-11-24 03:56 - 000000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2021-11-24 03:39 - 2021-11-24 03:50 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2021-11-24 03:39 - 2021-11-24 03:39 - 000000000 ____D C:\Users\Josef\AppData\Local\Apple
2021-11-24 03:38 - 2021-11-24 03:56 - 000000000 ____D C:\Program Files\Common Files\Apple
2021-11-24 03:29 - 2021-11-24 03:30 - 108771096 _____ (Apple Inc.) C:\Users\Josef\Downloads\iTunesSetup.exe
2021-11-23 17:10 - 2021-11-23 17:10 - 000313039 _____ C:\Users\Josef\Downloads\Nov 23, Doc 1.pdf
2021-11-23 17:05 - 2021-11-23 17:05 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Apowersoft
2021-11-23 17:05 - 2021-11-23 17:05 - 000000000 ____D C:\Program Files\Apowersoft
2021-11-23 17:04 - 2021-11-23 17:05 - 001892784 _____ (Apowersoft) C:\Users\Josef\Downloads\watermarkremover-setup.exe
2021-11-23 09:57 - 2021-11-23 10:32 - 000002413 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-11-23 09:57 - 2021-11-23 10:32 - 000002405 _____ C:\Users\Josef\Desktop\Microsoft Teams.lnk
2021-11-23 09:57 - 2021-11-23 09:57 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Teams
2021-11-23 09:43 - 2021-11-23 09:58 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-11-23 09:43 - 2021-11-23 09:58 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-23 09:43 - 2021-11-23 09:43 - 000000000 ___RD C:\Users\defaultuser0\OneDrive
2021-11-23 09:43 - 2021-11-23 09:43 - 000000000 ___RD C:\Users\Default\OneDrive
2021-11-23 09:42 - 2021-11-24 09:23 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-11-23 09:42 - 2021-11-23 09:42 - 000000000 ____D C:\Program Files\Teams Installer
2021-11-23 09:41 - 2021-11-23 09:41 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2021-11-23 09:39 - 2021-11-23 09:39 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002476 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2021-11-23 09:29 - 2021-11-23 09:40 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-23 09:29 - 2021-11-23 09:29 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-11-23 09:10 - 2021-11-23 09:10 - 000045056 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-23 09:09 - 2021-11-23 09:09 - 000223744 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-23 09:00 - 2021-11-24 07:56 - 000002296 _____ C:\Users\Josef\Desktop\Microsoft Edge.lnk
2021-11-23 08:15 - 2021-11-23 08:15 - 000001968 _____ C:\Users\Josef\Desktop\PC Health Check.lnk
2021-11-23 08:09 - 2021-11-23 08:15 - 000000000 ___RD C:\Users\Josef\AppData\Local\PCHealthCheck
2021-11-23 08:09 - 2021-11-23 08:09 - 000001378 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-23 08:04 - 2021-11-23 08:04 - 014065664 _____ C:\Users\Josef\Downloads\WindowsPCHealthCheckSetup.msi
2021-11-13 18:07 - 2021-11-13 18:07 - 000157696 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-11-13 18:07 - 2021-11-13 18:07 - 000132096 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-11-13 18:07 - 2021-11-13 18:07 - 000033280 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-11-13 18:06 - 2021-11-13 18:06 - 000942080 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-11-13 18:05 - 2021-11-13 18:05 - 000073216 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-11-13 18:04 - 2021-11-13 18:04 - 000611960 _____ C:\WINDOWS\system32\TextShaping.dll
2021-11-13 18:03 - 2021-11-13 18:03 - 000224256 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-05 20:29 - 2021-08-08 22:35 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-05 20:21 - 2021-08-09 02:24 - 000000000 ___RD C:\Users\Josef\iCloudDrive
2021-12-05 20:20 - 2021-03-18 16:37 - 000000000 ___RD C:\Users\Josef\OneDrive
2021-12-05 20:18 - 2021-09-05 12:06 - 000000000 ____D C:\Program Files\Google
2021-12-05 20:16 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-05 20:16 - 2021-08-08 22:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-05 20:16 - 2021-08-08 22:03 - 000432760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-05 20:16 - 2021-03-19 08:40 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-05 20:15 - 2021-08-08 22:23 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-05 20:14 - 2021-08-08 22:36 - 000000000 ____D C:\Users\Josef
2021-12-05 20:12 - 2021-08-08 22:35 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-05 19:34 - 2021-08-08 22:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-05 17:57 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-12-05 17:01 - 2021-08-08 22:35 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-05 17:01 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-05 17:00 - 2021-08-08 23:38 - 000000000 ____D C:\Users\Josef\AppData\Local\Packages
2021-12-05 16:58 - 2021-09-05 11:53 - 000000000 ____D C:\Users\Josef\AppData\Roaming\WhatsApp
2021-12-05 16:38 - 2021-08-08 22:27 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-05 16:37 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-12-05 14:57 - 2021-08-09 07:30 - 000000000 ____D C:\Users\Josef\AppData\Roaming\PioneerLog
2021-12-05 14:56 - 2021-08-09 08:35 - 000000000 ____D C:\Program Files\TeamViewer
2021-12-05 14:54 - 2021-09-11 09:42 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Zoom
2021-12-03 20:53 - 2021-08-08 22:33 - 000000000 ____D C:\WINDOWS\INF
2021-12-03 19:46 - 2021-08-08 22:59 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-03 19:46 - 2021-08-08 22:40 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2021-12-03 19:46 - 2021-08-08 22:40 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2021-12-03 19:08 - 2021-08-08 23:58 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-12-01 21:04 - 2021-08-08 23:01 - 000000000 ____D C:\WINDOWS\Panther
2021-11-24 17:25 - 2021-09-11 15:11 - 000000000 ____D C:\Users\Josef\Desktop\mejdan
2021-11-24 16:09 - 2021-08-08 23:40 - 000000000 ____D C:\ProgramData\Packages
2021-11-24 16:08 - 2021-08-08 23:46 - 000000000 ____D C:\Users\Josef\AppData\Local\PlaceholderTileLogoFolder
2021-11-24 13:06 - 2021-09-05 12:47 - 000000000 ____D C:\Users\Josef\AppData\Local\WhatsApp
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\Provisioning
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-24 07:56 - 2021-03-28 16:17 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-24 07:42 - 2021-06-06 05:39 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-11-24 03:51 - 2021-08-09 00:43 - 000000000 ____D C:\ProgramData\Apple
2021-11-24 03:43 - 2021-05-16 02:11 - 000000000 ____D C:\Users\Josef\Desktop\HUDBA -
2021-11-24 03:39 - 2021-08-09 00:43 - 000000000 ____D C:\ProgramData\Apple Computer
2021-11-23 09:58 - 2021-09-05 11:50 - 000000000 ____D C:\Users\Josef\AppData\Local\SquirrelTemp
2021-11-23 09:43 - 2021-08-08 22:36 - 000000000 ____D C:\Users\defaultuser0
2021-11-23 09:41 - 2021-08-08 22:35 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-23 09:17 - 2021-08-08 22:23 - 000000000 ____D C:\WINDOWS\servicing
2021-11-23 08:18 - 2021-08-08 23:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-23 08:12 - 2021-08-08 23:52 - 138072184 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-23 08:04 - 2021-08-08 22:18 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-23 08:04 - 2021-08-08 22:18 - 000003448 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-13 20:05 - 2021-08-08 22:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-11-13 19:50 - 2021-08-08 22:35 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-11-13 19:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugins
2021-11-13 19:49 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-11-13 18:48 - 2021-04-01 12:05 - 000000000 ____D C:\Users\Josef\Documents\rekordbox

==================== Files in the root of some directories ========

2021-08-09 03:18 - 2021-08-09 03:18 - 000000017 _____ () C:\Users\Josef\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#3 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

pepaa
Návštěvník
Návštěvník
Příspěvky: 98
Registrován: 01 kvě 2007 18:51
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#4 Příspěvek od pepaa »

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-05-2021
# Duration: 00:00:18
# OS: Windows 10 Pro
# Cleaned: 9
# Awaiting reboot:4
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoEasyCamera Folder C:\Program Files\USB CAMERA
Deleted Preinstalled.LenovoEasyCamera Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|331BigDog
Deleted Preinstalled.LenovoEasyCamera Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Needs Reboot Preinstalled.LenovoIMController Folder C:\Program Files\LENOVO\IMCONTROLLER
Needs Reboot Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Needs Reboot Preinstalled.LenovoIMController Folder C:\Users\Josef\AppData\Local\LENOVO\IMCONTROLLER
Needs Reboot Preinstalled.LenovoServiceBridge Folder C:\Users\Josef\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****


***** [ Folders ] *****

Cleaning failed C:\Program Files\LENOVO\IMCONTROLLER
Cleaning failed C:\ProgramData\LENOVO\IMCONTROLLER
Cleaning failed C:\Users\Josef\AppData\Local\LENOVO\IMCONTROLLER
Cleaning failed C:\Users\Josef\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE

*************************

AdwCleaner[S00].txt - [2298 octets] - [05/12/2021 20:58:21]
AdwCleaner[S01].txt - [2359 octets] - [05/12/2021 20:59:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#5 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

pepaa
Návštěvník
Návštěvník
Příspěvky: 98
Registrován: 01 kvě 2007 18:51
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#6 Příspěvek od pepaa »

can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-12-2021
Ran by Josef Dlouhý (administrator) on JOSECKO (LENOVO 20079) (05-12-2021 22:06:31)
Running from C:\Users\Josef\Downloads
Loaded Profiles: Josef Dlouhý
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1387 (X86) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudIE.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\secd.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <29>
(Google LLC -> Google LLC) C:\Program Files\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft\Edge\Application\96.0.1054.43\identity_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x86__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => "X:\Program Files\DellTPad\Apoint.exe" (No File)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3531952 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [293432 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Josef\AppData\Local\Microsoft\Teams\Update.exe [2459328 2021-11-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
HKU\S-1-5-21-1174052206-1239866868-2889758395-1000\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2367352 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2367352 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Josef\AppData\Local\Microsoft\Teams\Update.exe [2459328 2021-11-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\Run: [MicrosoftEdgeAutoLaunch_1A7B786E7EE443075A2B429E7D94B8F0] => "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-23] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0997DC01-13D4-4E8D-98BC-DB8A56E3DB36} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {0BDE4D20-E1B3-4E3A-80B2-2F6BDBA1286F} - System32\Tasks\Lenovo\LenovoWelcomeLauncher => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcome.exe /task (No File)
Task: {18F0B19C-33E2-4DE7-B4FE-ACB38F5A08CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [17620872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {235FC4E2-7862-479B-8D49-0BC42FBE5B60} - \Lenovo\ImController\TimeBasedEvents\344435fb-dd55-4613-87a1-ca3424cb5198 -> No File <==== ATTENTION
Task: {2688C0B3-87AC-4B73-A0B2-97ED368ADA59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [737992 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {28866EC6-AC6F-48EF-82A7-A5B02BBD7F8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [737992 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2DA0C212-DD4C-4538-9E02-27CA1592DA16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [737992 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {39F8DA04-D73D-4EAF-88E5-B4E8A86B54A1} - \Lenovo\ImController\TimeBasedEvents\c272a884-09da-431c-91c1-0e2bf9ec30da -> No File <==== ATTENTION
Task: {3B3B5D5C-4B88-4D2A-91CF-26C42104E727} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe $(EventData) (No File)
Task: {4A1098BD-B20E-4DA1-9459-D2124547C6B6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [3060072 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {604164F9-B8A8-4C02-B058-AB2FF6624ABB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {62E6163C-3AA8-42CF-883E-9D07C841F2C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {686EA2BB-C21B-4211-87C1-04F3B133ECEE} - \Lenovo\ImController\TimeBasedEvents\8dc3df5c-9f05-42fa-9c25-1cfbe4c1a395 -> No File <==== ATTENTION
Task: {6D32BFF3-57EA-43EA-B077-9C9C5E765E98} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {6EFD55DA-860F-4F8F-9846-71EAECDAA703} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156232 2021-09-05] (Google LLC -> Google LLC)
Task: {8CDAED93-972E-4B68-B6AF-ED5D81E96C71} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {9D71F66C-92C1-47EC-BDA9-3E8A2BCFF6EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156232 2021-09-05] (Google LLC -> Google LLC)
Task: {A86DA082-A827-4262-AD53-C0F0A4936AF7} - \Lenovo\ImController\TimeBasedEvents\c1012850-f2ae-49da-9e06-5358d388c636 -> No File <==== ATTENTION
Task: {B1D9CAC6-2F29-4682-9DF9-0A4E832EB9DF} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B206DCFD-CF4B-4B44-A9B0-4D93485702DA} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1174052206-1239866868-2889758395-1001 => C:\Users\Josef\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [87896 2021-10-30] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {B4BFCD62-4D59-4279-9EFD-F7EF7E1F0B06} - System32\Tasks\Apple Diagnostics => C:\Users\Josef\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2021-09-05] () [simlink -> ]
Task: {B5069498-C81D-4E30-808B-0BB670A0BE28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [737992 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D606B747-6E9B-410F-8043-09FDEBA336EA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [17620872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {DEF3D371-B747-4C65-8C91-3D7A633D93B6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC6DE2F2-8909-4562-843D-33256CAFE1E7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{693e75ed-dcfd-410a-992d-e4113d7b3c8d}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{75313810-d76b-4f33-8b94-2a6cc0460627}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c02dea1d-3f47-4472-80a2-776e56274c86}: [DhcpNameServer] 172.20.10.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-05]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-05]
Edge HKLM\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default [2021-12-05]
CHR Notifications: Default -> hxxps://business.facebook.com; hxxps://www.amateri.com; hxxps://www.facebook.com; hxxps://www.instagram.com
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-05]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87336 2016-10-20] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8273784 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
S3 cloudidsvc; C:\WINDOWS\system32\cloudidsvc.dll [81408 2021-11-23] (Microsoft Windows -> Microsoft Corporation)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [300120 2017-03-10] (Intel(R) pGFX -> Intel Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncHelper.exe [2448232 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [260256 2021-11-13] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62744 2019-01-07] (Lenovo -> Lenovo Group Ltd.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.220.1024.0005\OneDriveUpdaterService.exe [2836840 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4752832 2021-11-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [217264 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [1869144 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [88664 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [152560 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\WINDOWS\System32\drivers\AcpiVpc.sys [36176 2015-06-15] (LENOVO -> Lenovo Corporation)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [54032 2016-03-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [17952 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [31344 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63.sys [6811648 2019-12-07] (Microsoft Windows -> Broadcom Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [205312 2021-04-02] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [104448 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [16880 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R3 ICCWDT; C:\WINDOWS\System32\drivers\ICCWDT.sys [34384 2017-10-17] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x86.sys [102912 2019-12-07] (Microsoft Windows -> Qualcomm Atheros Co., Ltd.)
S3 MEI; C:\WINDOWS\System32\DriverStore\FileRepository\heci.inf_x86_3fec17f874687c29\x86\TeeDriverW10.sys [253960 2020-09-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl.sys [28256 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [293904 2015-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [34480 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [35504 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
S3 teamviewervpn; C:\WINDOWS\System32\drivers\teamviewervpn.sys [25088 2021-11-16] (Microsoft Windows Hardware Compatibility Publisher -> TeamViewer GmbH)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [597784 2015-09-03] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [39304 2021-11-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [342240 2021-11-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60640 2021-11-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [44720 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [213504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-05 22:05 - 2021-12-05 22:05 - 002019840 _____ (Farbar) C:\Users\Josef\Downloads\FRST (1).exe
2021-12-05 21:33 - 2021-12-05 21:33 - 022675648 _____ (LENOVO (UNITED STATES) INC. ) C:\Users\Josef\Downloads\ldiag_4.41.0_windows_x86.exe
2021-12-05 20:56 - 2021-12-05 21:01 - 000000000 ____D C:\AdwCleaner
2021-12-05 20:53 - 2021-12-05 20:53 - 008540344 _____ (Malwarebytes) C:\Users\Josef\Desktop\adwcleaner_8.3.1.exe
2021-12-05 20:41 - 2021-12-05 20:56 - 000008712 _____ C:\Users\Josef\Downloads\Addition.txt
2021-12-05 20:34 - 2021-12-05 22:09 - 000019341 _____ C:\Users\Josef\Downloads\FRST.txt
2021-12-05 20:33 - 2021-12-05 22:08 - 000000000 ____D C:\FRST
2021-12-05 20:32 - 2021-12-05 20:32 - 002019840 _____ (Farbar) C:\Users\Josef\Downloads\FRST.exe
2021-12-05 19:53 - 2021-12-05 19:53 - 000000000 ____D C:\Users\Josef\AppData\Local\CrashDumps
2021-12-05 19:50 - 2021-12-05 19:50 - 000000000 ____D C:\Users\Josef\AppData\Local\mbam
2021-12-05 19:45 - 2021-12-05 19:45 - 002101944 _____ (Malwarebytes) C:\Users\Josef\Downloads\MBSetup-119967.119967-consumer.exe
2021-12-05 17:13 - 2021-12-05 17:13 - 003232984 _____ (Lenovo ) C:\Users\Josef\Downloads\LSBSetup (2).exe
2021-12-05 17:05 - 2021-12-05 17:05 - 003232984 _____ (Lenovo ) C:\Users\Josef\Downloads\LSBSetup.exe
2021-12-05 16:37 - 2021-12-05 16:37 - 000000000 ____D C:\inetpub
2021-12-05 16:11 - 2021-12-05 21:41 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2021-12-05 14:43 - 2021-12-05 14:43 - 000002247 _____ C:\Users\Josef\Desktop\Google Chrome.lnk
2021-12-04 14:21 - 2021-12-04 14:21 - 000001319 _____ C:\Users\Josef\Desktop\MediaHuman YouTube to MP3 Converter.lnk
2021-12-04 14:21 - 2021-12-04 14:21 - 000000215 _____ C:\Users\Josef\Desktop\Visit MediaHuman Website.url
2021-12-04 00:34 - 2021-12-04 00:34 - 031575736 _____ (Telegram FZ-LLC ) C:\Users\Josef\Downloads\tsetup.3.2.5.exe
2021-12-04 00:31 - 2021-12-04 00:31 - 034826400 _____ (Telegram FZ-LLC ) C:\Users\Josef\Downloads\tsetup-x64.3.2.5.exe
2021-12-04 00:29 - 2021-12-04 00:30 - 042408804 _____ C:\Users\Josef\Downloads\tportable-x64.3.2.5.zip
2021-12-04 00:28 - 2021-12-04 00:29 - 081336976 _____ (TuneIn Inc) C:\Users\Josef\Downloads\TuneIn+Setup+1.24.0.exe
2021-12-03 23:56 - 2021-12-03 23:56 - 000000157 _____ C:\Users\Josef\Downloads\hwflowlog.txt
2021-12-03 23:49 - 2021-12-03 23:49 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-12-03 20:53 - 2021-11-16 14:47 - 000025088 _____ (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2021-12-03 20:48 - 2021-12-03 20:50 - 031853392 _____ (TeamViewer Germany GmbH) C:\Users\Josef\Downloads\TeamViewer_Setup (1).exe
2021-12-03 19:44 - 2021-12-03 23:01 - 000000445 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-12-03 18:31 - 2021-12-03 20:22 - 000000000 ____D C:\Users\Josef\AppData\Local\ElevatedDiagnostics
2021-12-01 20:13 - 2021-12-01 20:13 - 000000000 ____D C:\$WINDOWS.~BT
2021-12-01 20:12 - 2021-12-01 20:12 - 000000000 ___HD C:\$Windows.~WS
2021-11-24 17:26 - 2021-11-24 17:26 - 000000000 ____D C:\Users\Josef\Desktop\DNEEES
2021-11-24 17:25 - 2021-11-24 17:25 - 000000000 ____D C:\Users\Josef\Desktop\FASHION
2021-11-24 15:53 - 2021-11-24 15:54 - 375799665 _____ C:\Users\Josef\Downloads\Install_rekordbox_x64_6_6_0.zip
2021-11-24 12:33 - 2021-11-24 12:33 - 000000000 ____D C:\Users\Josef\AppData\LocalLow\Lenovo
2021-11-24 10:35 - 2021-12-05 17:21 - 000000796 _____ C:\WINDOWS\storelibdebug.txt
2021-11-24 10:12 - 2021-11-24 10:12 - 000000000 ____D C:\Users\Josef\AppData\Local\Lenovo
2021-11-24 10:11 - 2021-11-24 10:11 - 000000000 ____D C:\Program Files\Lenovo
2021-11-24 10:09 - 2021-11-24 10:35 - 000000000 ____D C:\ProgramData\Lenovo
2021-11-24 10:09 - 2021-11-24 10:17 - 000000000 ____D C:\WINDOWS\TempInst
2021-11-24 10:06 - 2021-11-24 10:08 - 407487992 _____ (Lenovo ) C:\Users\Josef\Downloads\SystemInterfaceFoundation.exe
2021-11-24 08:43 - 2021-11-24 08:43 - 000125440 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-11-24 08:29 - 2021-11-24 08:29 - 000000000 ___HD C:\$WinREAgent
2021-11-24 07:43 - 2021-12-05 21:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-11-24 07:42 - 2021-11-24 07:42 - 003232984 _____ (Lenovo ) C:\Users\Josef\Downloads\LSBSetup (1).exe
2021-11-24 04:28 - 2021-11-24 04:28 - 000000000 ____D C:\Users\Josef\AppData\Local\Apple Inc
2021-11-24 04:20 - 2021-11-24 04:20 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-11-24 04:20 - 2021-11-24 04:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-11-24 03:54 - 2021-12-05 18:21 - 000000000 ____D C:\Users\Josef\Desktop\iTunes
2021-11-24 03:51 - 2021-11-24 03:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-11-24 03:50 - 2021-11-24 03:50 - 000000000 ____D C:\Program Files\Bonjour
2021-11-24 03:50 - 2021-11-24 03:50 - 000000000 ____D C:\Program Files\Apple Software Update
2021-11-24 03:46 - 2021-11-24 03:47 - 176901096 _____ (Apple Inc.) C:\Users\Josef\Downloads\iTunesSetup (1).exe
2021-11-24 03:40 - 2021-11-24 04:09 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Apple Computer
2021-11-24 03:40 - 2021-11-24 03:40 - 000000000 ____D C:\Users\Josef\AppData\Local\Apple Computer
2021-11-24 03:39 - 2021-11-24 04:20 - 000000000 ____D C:\Program Files\iTunes
2021-11-24 03:39 - 2021-11-24 03:56 - 000000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2021-11-24 03:39 - 2021-11-24 03:50 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2021-11-24 03:39 - 2021-11-24 03:39 - 000000000 ____D C:\Users\Josef\AppData\Local\Apple
2021-11-24 03:38 - 2021-11-24 03:56 - 000000000 ____D C:\Program Files\Common Files\Apple
2021-11-24 03:29 - 2021-11-24 03:30 - 108771096 _____ (Apple Inc.) C:\Users\Josef\Downloads\iTunesSetup.exe
2021-11-23 17:10 - 2021-11-23 17:10 - 000313039 _____ C:\Users\Josef\Downloads\Nov 23, Doc 1.pdf
2021-11-23 17:05 - 2021-11-23 17:05 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Apowersoft
2021-11-23 17:05 - 2021-11-23 17:05 - 000000000 ____D C:\Program Files\Apowersoft
2021-11-23 17:04 - 2021-11-23 17:05 - 001892784 _____ (Apowersoft) C:\Users\Josef\Downloads\watermarkremover-setup.exe
2021-11-23 09:57 - 2021-11-23 09:57 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Teams
2021-11-23 09:43 - 2021-11-23 09:58 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-11-23 09:43 - 2021-11-23 09:58 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-23 09:43 - 2021-11-23 09:43 - 000000000 ___RD C:\Users\defaultuser0\OneDrive
2021-11-23 09:43 - 2021-11-23 09:43 - 000000000 ___RD C:\Users\Default\OneDrive
2021-11-23 09:42 - 2021-11-24 09:23 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-11-23 09:41 - 2021-11-23 09:41 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2021-11-23 09:39 - 2021-11-23 09:39 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002476 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-11-23 09:39 - 2021-11-23 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2021-11-23 09:29 - 2021-11-23 09:40 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-23 09:29 - 2021-11-23 09:29 - 000000000 ____D C:\Program Files\Microsoft Office 15
2021-11-23 09:10 - 2021-11-23 09:10 - 000045056 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-23 09:09 - 2021-11-23 09:09 - 000223744 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-23 09:00 - 2021-11-24 07:56 - 000002296 _____ C:\Users\Josef\Desktop\Microsoft Edge.lnk
2021-11-23 08:15 - 2021-11-23 08:15 - 000001968 _____ C:\Users\Josef\Desktop\PC Health Check.lnk
2021-11-23 08:09 - 2021-11-23 08:15 - 000000000 ___RD C:\Users\Josef\AppData\Local\PCHealthCheck
2021-11-23 08:09 - 2021-11-23 08:09 - 000001378 _____ C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-23 08:04 - 2021-11-23 08:04 - 014065664 _____ C:\Users\Josef\Downloads\WindowsPCHealthCheckSetup.msi
2021-11-13 18:07 - 2021-11-13 18:07 - 000157696 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-11-13 18:07 - 2021-11-13 18:07 - 000132096 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-11-13 18:07 - 2021-11-13 18:07 - 000033280 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-11-13 18:06 - 2021-11-13 18:06 - 000942080 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-11-13 18:05 - 2021-11-13 18:05 - 000073216 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-11-13 18:04 - 2021-11-13 18:04 - 000611960 _____ C:\WINDOWS\system32\TextShaping.dll
2021-11-13 18:03 - 2021-11-13 18:03 - 000224256 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-12-05 22:05 - 2021-08-08 22:35 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-05 22:04 - 2021-08-09 02:24 - 000000000 ___RD C:\Users\Josef\iCloudDrive
2021-12-05 22:04 - 2021-03-18 16:37 - 000000000 ___RD C:\Users\Josef\OneDrive
2021-12-05 22:03 - 2021-09-05 12:06 - 000000000 ____D C:\Program Files\Google
2021-12-05 22:01 - 2021-08-08 22:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-05 22:01 - 2021-03-19 08:40 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-05 22:00 - 2021-08-08 22:23 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-05 21:41 - 2021-08-08 23:58 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-12-05 20:16 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-05 20:16 - 2021-08-08 22:03 - 000432760 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-05 20:14 - 2021-08-08 22:36 - 000000000 ____D C:\Users\Josef
2021-12-05 20:12 - 2021-08-08 22:35 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-05 19:34 - 2021-08-08 22:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-05 17:57 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-12-05 17:01 - 2021-08-08 22:35 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-05 17:01 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-05 17:00 - 2021-08-08 23:38 - 000000000 ____D C:\Users\Josef\AppData\Local\Packages
2021-12-05 16:58 - 2021-09-05 11:53 - 000000000 ____D C:\Users\Josef\AppData\Roaming\WhatsApp
2021-12-05 16:38 - 2021-08-08 22:27 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-05 16:37 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-12-05 14:57 - 2021-08-09 07:30 - 000000000 ____D C:\Users\Josef\AppData\Roaming\PioneerLog
2021-12-05 14:56 - 2021-08-09 08:35 - 000000000 ____D C:\Program Files\TeamViewer
2021-12-05 14:54 - 2021-09-11 09:42 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Zoom
2021-12-03 20:53 - 2021-08-08 22:33 - 000000000 ____D C:\WINDOWS\INF
2021-12-03 19:46 - 2021-08-08 22:59 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-03 19:46 - 2021-08-08 22:40 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2021-12-03 19:46 - 2021-08-08 22:40 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2021-12-01 21:04 - 2021-08-08 23:01 - 000000000 ____D C:\WINDOWS\Panther
2021-11-24 17:25 - 2021-09-11 15:11 - 000000000 ____D C:\Users\Josef\Desktop\mejdan
2021-11-24 16:09 - 2021-08-08 23:40 - 000000000 ____D C:\ProgramData\Packages
2021-11-24 16:08 - 2021-08-08 23:46 - 000000000 ____D C:\Users\Josef\AppData\Local\PlaceholderTileLogoFolder
2021-11-24 13:06 - 2021-09-05 12:47 - 000000000 ____D C:\Users\Josef\AppData\Local\WhatsApp
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\Provisioning
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-24 08:50 - 2021-08-08 22:35 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-24 07:56 - 2021-03-28 16:17 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-24 07:42 - 2021-06-06 05:39 - 000000000 ____D C:\Users\Josef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2021-11-24 03:51 - 2021-08-09 00:43 - 000000000 ____D C:\ProgramData\Apple
2021-11-24 03:43 - 2021-05-16 02:11 - 000000000 ____D C:\Users\Josef\Desktop\HUDBA -
2021-11-24 03:39 - 2021-08-09 00:43 - 000000000 ____D C:\ProgramData\Apple Computer
2021-11-23 09:58 - 2021-09-05 11:50 - 000000000 ____D C:\Users\Josef\AppData\Local\SquirrelTemp
2021-11-23 09:43 - 2021-08-08 22:36 - 000000000 ____D C:\Users\defaultuser0
2021-11-23 09:41 - 2021-08-08 22:35 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-23 09:17 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-23 09:17 - 2021-08-08 22:23 - 000000000 ____D C:\WINDOWS\servicing
2021-11-23 08:18 - 2021-08-08 23:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-23 08:12 - 2021-08-08 23:52 - 138072184 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-23 08:04 - 2021-08-08 22:18 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-23 08:04 - 2021-08-08 22:18 - 000003448 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-13 20:05 - 2021-08-08 22:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-11-13 19:50 - 2021-08-08 22:35 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-11-13 19:50 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugins
2021-11-13 19:49 - 2021-08-08 22:35 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-11-13 18:48 - 2021-04-01 12:05 - 000000000 ____D C:\Users\Josef\Documents\rekordbox

==================== Files in the root of some directories ========

2021-08-09 03:18 - 2021-08-09 03:18 - 000000017 _____ () C:\Users\Josef\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

pepaa
Návštěvník
Návštěvník
Příspěvky: 98
Registrován: 01 kvě 2007 18:51
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#7 Příspěvek od pepaa »

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-12-2021
Ran by Josef Dlouhý (05-12-2021 22:13:13)
Running from C:\Users\Josef\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1387 (X86) (2021-08-08 22:25:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1174052206-1239866868-2889758395-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1174052206-1239866868-2889758395-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1174052206-1239866868-2889758395-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1174052206-1239866868-2889758395-501 - Limited - Disabled)
Josef Dlouhý (S-1-5-21-1174052206-1239866868-2889758395-1001 - Administrator - Enabled) => C:\Users\Josef
WDAGUtilityAccount (S-1-5-21-1174052206-1239866868-2889758395-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Mobile Device Support (HKLM\...\{FEC646C7-7157-4E48-8008-9C58C9F6F64B}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
iCloud Outlook (HKLM\...\{9A62F1BE-ABA0-45CE-AC0E-13BC806B7F29}) (Version: 12.4.0.103 - Apple Inc.)
iTunes (HKLM\...\{A80D8730-B27D-4602-A2CC-ADA2A4340C03}) (Version: 12.12.2.2 - Apple Inc.)
Kontrola stavu osobního počítače s Windows (HKLM\...\{F920D25E-42AD-4811-B0A7-A0D22107150F}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Lenovo System Interface Foundation Driver (HKLM\...\{884BAF97-AC8D-463E-846A-47DD41866A19}) (Version: 1.1.17.2 - Lenovo)
MediaHuman YouTube to MP3 Converter 3.9.9.62 (HKLM\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.62 - MediaHuman)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Pioneer MIX Driver (HKLM\...\Pioneer MIX) (Version: 5.6.0.0017 - Pioneer DJ Corporation.)
rekordbox 5.6.0 (HKLM\...\Pioneer rekordbox 5.6.0) (Version: 5.6.0.0017 - Pioneer DJ)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
WhatsApp (HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\...\WhatsApp) (Version: 2.2144.11 - WhatsApp)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.4.265.0_x86__v10z8vjag6ke6 [2021-12-01] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-09-05] (Apple Inc.) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.28.13.0_x86__k1h2ywk1493x8 [2021-11-24] (LENOVO INC.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x86__8wekyb3d8bbwe [2021-11-13] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0 [2021-11-27] (Spotify AB) [Startup Task]
Surface Diagnostic Toolkit -> C:\Program Files\WindowsApps\Microsoft.SurfaceDiagnostics_2.168.139.0_x86__8wekyb3d8bbwe [2021-11-24] (Microsoft Corporation) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001_Classes\CLSID\{17844A39-A7C2-428D-9B21-7E9E7AB4A719} -> [Fotky na iCloudu] => C:\Users\Josef\Pictures\iCloud Photos\Photos [2021-08-09 02:24]
CustomCLSID: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Josef\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21229.2\x86\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001_Classes\CLSID\{3F1E95C5-9C6E-42B0-A56E-5BE2199A29B8} -> [iCloud Drive] => C:\Users\Josef\iCloudDrive [2021-08-09 02:24]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-08-08 22:35 - 2021-08-08 22:32 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-12-03 19:44 - 2021-12-03 23:01 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1174052206-1239866868-2889758395-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{649EA97B-47CD-4C28-984B-13A161801AE4}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{E7B309EA-6E60-4F39-8CD4-D0C099BD3911}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{0FDB7F3F-3182-4E61-A384-1D9B6E96C40C}C:\program files\pioneer\rekordbox 5.6.0\psvnfsd.exe] => (Block) C:\program files\pioneer\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [UDP Query User{6CA15FEA-15DB-482A-9312-478684ADD837}C:\program files\pioneer\rekordbox 5.6.0\psvnfsd.exe] => (Block) C:\program files\pioneer\rekordbox 5.6.0\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [TCP Query User{7E409257-F1ED-4661-AD18-BA83C7A50FB4}C:\program files\pioneer\rekordbox 5.6.0\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [UDP Query User{3C66B6F3-2647-44EF-976E-5A80F5FE2299}C:\program files\pioneer\rekordbox 5.6.0\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 5.6.0\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [TCP Query User{10AA9310-EF86-4F58-8C0D-C26B6CF5F886}C:\program files\pioneer\rekordbox 5.6.0\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [UDP Query User{05017E14-90CB-4212-95D9-2AC88E524BB9}C:\program files\pioneer\rekordbox 5.6.0\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 5.6.0\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)

==================== Restore Points =========================

27-11-2021 17:54:06 Naplánovaný kontrolní bod
05-12-2021 16:09:27 Odebráno: Microsoft Update Health Tools
05-12-2021 21:00:11 AdwCleaner_BeforeCleaning_05/12/2021_21:00:08

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (12/05/2021 10:01:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 720: ERROR: read_msg errno 203 (Systém nenalezl zadanou možnost prostředí.)

Error: (12/05/2021 10:01:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (12/05/2021 09:56:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (12/05/2021 09:56:40 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (12/05/2021 09:02:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (12/05/2021 09:02:54 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (12/05/2021 09:02:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (12/05/2021 09:02:54 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (12/05/2021 09:56:25 PM) (Source: DCOM) (EventID: 10010) (User: JOSECKO)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/05/2021 09:03:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby DeviceAssociationService bylo dosaženo časového limitu (30000 ms).

Error: (12/05/2021 09:03:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Apple Mobile Device Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (12/05/2021 09:02:26 PM) (Source: DCOM) (EventID: 10010) (User: JOSECKO)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (12/05/2021 09:02:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba System Interface Foundation Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 20 milisekund: Restartovat službu.

Error: (12/05/2021 09:01:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Microsoft Office Click-to-Run Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (12/05/2021 09:01:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Apple Mobile Device Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (12/05/2021 09:01:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Alps HID Monitor Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2021-12-05 20:30:30
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Sabsik.TE.A!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Josef\Downloads\FRST.exe; webfile:_C:\Users\Josef\Downloads\FRST.exe|https://download.bleepingcomputer.com/d ... 2237188817
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: JOSECKO\Josef Dlouhý
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.353.2131.0, AS: 1.353.2131.0, NIS: 1.353.2131.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-12-05 20:29:28
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Sabsik.TE.A!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Josef\Downloads\FRST.exe; webfile:_C:\Users\Josef\Downloads\FRST.exe|https://download.bleepingcomputer.com/d ... 1559458078
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: JOSECKO\Josef Dlouhý
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.353.2131.0, AS: 1.353.2131.0, NIS: 1.353.2131.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-12-05 19:26:54
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Josef\Documents\ES_SETUP\msimg32.dll
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Uživatel
Uživatel: DESKTOP-EKO581J\Josef Dlouhý
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.353.2124.0, AS: 1.353.2124.0, NIS: 1.353.2124.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-12-05 19:26:54
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\Windows.old\Users\Josef\AppData\Local\Temp\nsyA6D8.tmp\setuprcsetup153.exe; file:_C:\Windows.old\Users\Josef\AppData\Local\Temp\nsyA6D8.tmp\setuprcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: DESKTOP-EKO581J\Josef Dlouhý
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.353.2124.0, AS: 1.353.2124.0, NIS: 1.353.2124.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-12-05 15:57:34
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D02228E3-0E9C-4ED1-A183-AAF6C421B948}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2021-12-05 20:14:18
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.353.2131.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18700.4
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

Date: 2021-12-04 19:19:42
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.

Date: 2021-12-03 10:11:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.353.1914.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18700.4
Kód chyby: 0x80070050
Popis chyby: Soubor existuje.

Date: 2021-11-23 08:13:35
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.353.943.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18700.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2021-11-23 08:13:35
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.353.943.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18700.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

CodeIntegrity:
===============
Date: 2021-12-05 22:16:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO 40CN28WW(V2.14) 10/07/2011
Motherboard: LENOVO Base Board Product Name
Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 67%
Total physical RAM: 3017.86 MB
Available physical RAM: 966.75 MB
Total Virtual: 4681.86 MB
Available Virtual: 2593.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.75 GB) (Free:363.96 GB) NTFS

\\?\Volume{4a982910-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{4a982910-0000-0000-0000-b04f74000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 4A982910)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=527 MB) - (Type=27)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Josef\Documents\ES_SETUP\msimg32.dll
HKLM\...\Run: [Apoint] => "X:\Program Files\DellTPad\Apoint.exe" (No File)
HKLM\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
Task: {0BDE4D20-E1B3-4E3A-80B2-2F6BDBA1286F} - System32\Tasks\Lenovo\LenovoWelcomeLauncher => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcome.exe /task (No File)
Task: {235FC4E2-7862-479B-8D49-0BC42FBE5B60} - \Lenovo\ImController\TimeBasedEvents\344435fb-dd55-4613-87a1-ca3424cb5198 -> No File <==== ATTENTION
Task: {39F8DA04-D73D-4EAF-88E5-B4E8A86B54A1} - \Lenovo\ImController\TimeBasedEvents\c272a884-09da-431c-91c1-0e2bf9ec30da -> No File <==== ATTENTION
Task: {3B3B5D5C-4B88-4D2A-91CF-26C42104E727} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe $(EventData) (No File)
Task: {686EA2BB-C21B-4211-87C1-04F3B133ECEE} - \Lenovo\ImController\TimeBasedEvents\8dc3df5c-9f05-42fa-9c25-1cfbe4c1a395 -> No File <==== ATTENTION
Task: {6D32BFF3-57EA-43EA-B077-9C9C5E765E98} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {6EFD55DA-860F-4F8F-9846-71EAECDAA703} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156232 2021-09-05] (Google LLC -> Google LLC)
Task: {8CDAED93-972E-4B68-B6AF-ED5D81E96C71} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {9D71F66C-92C1-47EC-BDA9-3E8A2BCFF6EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156232 2021-09-05] (Google LLC -> Google LLC)
Task: {A86DA082-A827-4262-AD53-C0F0A4936AF7} - \Lenovo\ImController\TimeBasedEvents\c1012850-f2ae-49da-9e06-5358d388c636 -> No File <==== ATTENTION
c:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB

EmptyTemp:
End
Uložte do C:\Users\Josef\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

pepaa
Návštěvník
Návštěvník
Příspěvky: 98
Registrován: 01 kvě 2007 18:51
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#9 Příspěvek od pepaa »

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-12-2021
Ran by Josef Dlouhý (06-12-2021 13:00:11) Run:1
Running from C:\Users\Josef\Downloads
Loaded Profiles: defaultuser0 & Josef Dlouhý
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1174052206-1239866868-2889758395-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Josef\Documents\ES_SETUP\msimg32.dll
HKLM\...\Run: [Apoint] => "X:\Program Files\DellTPad\Apoint.exe" (No File)
HKLM\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (No File)
Task: {0BDE4D20-E1B3-4E3A-80B2-2F6BDBA1286F} - System32\Tasks\Lenovo\LenovoWelcomeLauncher => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcome.exe /task (No File)
Task: {235FC4E2-7862-479B-8D49-0BC42FBE5B60} - \Lenovo\ImController\TimeBasedEvents\344435fb-dd55-4613-87a1-ca3424cb5198 -> No File <==== ATTENTION
Task: {39F8DA04-D73D-4EAF-88E5-B4E8A86B54A1} - \Lenovo\ImController\TimeBasedEvents\c272a884-09da-431c-91c1-0e2bf9ec30da -> No File <==== ATTENTION
Task: {3B3B5D5C-4B88-4D2A-91CF-26C42104E727} - System32\Tasks\Lenovo\LenovoWelcomeTask => C:\ProgramData\Lenovo\ImController\Plugins\LenovoFirstRunExperiencePackage\x86\LenovoWelcomeTask.exe $(EventData) (No File)
Task: {686EA2BB-C21B-4211-87C1-04F3B133ECEE} - \Lenovo\ImController\TimeBasedEvents\8dc3df5c-9f05-42fa-9c25-1cfbe4c1a395 -> No File <==== ATTENTION
Task: {6D32BFF3-57EA-43EA-B077-9C9C5E765E98} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {6EFD55DA-860F-4F8F-9846-71EAECDAA703} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [156232 2021-09-05] (Google LLC -> Google LLC)
Task: {8CDAED93-972E-4B68-B6AF-ED5D81E96C71} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {9D71F66C-92C1-47EC-BDA9-3E8A2BCFF6EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [156232 2021-09-05] (Google LLC -> Google LLC)
Task: {A86DA082-A827-4262-AD53-C0F0A4936AF7} - \Lenovo\ImController\TimeBasedEvents\c1012850-f2ae-49da-9e06-5358d388c636 -> No File <==== ATTENTION
c:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully.
"HKU\S-1-5-21-1174052206-1239866868-2889758395-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully.
Could not move "C:\Users\Josef\Documents\ES_SETUP\msimg32.dll" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Apoint" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TeamsMachineUninstallerProgramData" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BDE4D20-E1B3-4E3A-80B2-2F6BDBA1286F}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BDE4D20-E1B3-4E3A-80B2-2F6BDBA1286F}" => removed successfully.
C:\Windows\System32\Tasks\Lenovo\LenovoWelcomeLauncher => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LenovoWelcomeLauncher" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{235FC4E2-7862-479B-8D49-0BC42FBE5B60}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{235FC4E2-7862-479B-8D49-0BC42FBE5B60}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\344435fb-dd55-4613-87a1-ca3424cb5198" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39F8DA04-D73D-4EAF-88E5-B4E8A86B54A1}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39F8DA04-D73D-4EAF-88E5-B4E8A86B54A1}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\c272a884-09da-431c-91c1-0e2bf9ec30da" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B3B5D5C-4B88-4D2A-91CF-26C42104E727}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B3B5D5C-4B88-4D2A-91CF-26C42104E727}" => removed successfully.
C:\Windows\System32\Tasks\Lenovo\LenovoWelcomeTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\LenovoWelcomeTask" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{686EA2BB-C21B-4211-87C1-04F3B133ECEE}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{686EA2BB-C21B-4211-87C1-04F3B133ECEE}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\8dc3df5c-9f05-42fa-9c25-1cfbe4c1a395" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D32BFF3-57EA-43EA-B077-9C9C5E765E98}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D32BFF3-57EA-43EA-B077-9C9C5E765E98}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EFD55DA-860F-4F8F-9846-71EAECDAA703}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EFD55DA-860F-4F8F-9846-71EAECDAA703}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CDAED93-972E-4B68-B6AF-ED5D81E96C71}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CDAED93-972E-4B68-B6AF-ED5D81E96C71}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D71F66C-92C1-47EC-BDA9-3E8A2BCFF6EA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D71F66C-92C1-47EC-BDA9-3E8A2BCFF6EA}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A86DA082-A827-4262-AD53-C0F0A4936AF7}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A86DA082-A827-4262-AD53-C0F0A4936AF7}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\c1012850-f2ae-49da-9e06-5358d388c636" => removed successfully.
c:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 1572864 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38121979 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 92462762 B
Edge => 0 B
Chrome => 445189893 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 7518 B
NetworkService => 439465692 B
defaultuser0 => 439465692 B
Josef => 699764801 B

RecycleBin => 2021 B
EmptyTemp: => 2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 06-12-2021 13:06:06)

C:\Users\Josef\Documents\ES_SETUP\msimg32.dll => is moved successfully

==== End of Fixlog 13:06:15 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#10 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

pepaa
Návštěvník
Návštěvník
Příspěvky: 98
Registrován: 01 kvě 2007 18:51
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#11 Příspěvek od pepaa »

Načítá se rychleji windwows ale chrome pomaleji..

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#12 Příspěvek od Rudy »

Zkusíme vyčistit ještě prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

pepaa
Návštěvník
Návštěvník
Příspěvky: 98
Registrován: 01 kvě 2007 18:51
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#13 Příspěvek od pepaa »

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Josef Dlouhě on 06.12.2021 at 17:41:19,56.
Microsoft Windows 10 Pro 10.0.19044 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Josef\Downloads\1253QUANTUMVM.UNRARMETRO_ckbnxvahp5f44!App\Extracted\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

06.12.2021 17:43:46 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\SoftwareDistribution deleted successfully
C:\PROGRA~2\ssh deleted successfully
C:\Users\defaultuser0\AppData\LocalLow deleted successfully
C:\Users\Josef\AppData\Local\PeerDistRepub deleted successfully
C:\Users\Josef\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uhssvc deleted successfully

==== Deleting Files \ Folders ======================

C:\Users\Josef\AppData\Roaming\WhatsApp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\CM2848C.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\CM2956D.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\CM2BD56.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\CM2C68E.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\CM2CDDF.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-964fca.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-964feb.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-96501c.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-96504d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-96509d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-9650be.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-9650d0.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-9650e1.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-9650f3.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-965104.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-965116.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-965128.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-965139.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-96514b.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-96515d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-96516e.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-965180.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-965191.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1094-260-965193.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d9067.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d9088.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d90b9.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d90da.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d90ec.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d910d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d913e.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d9150.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d9161.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d9183.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d91a4.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d91a6.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d91c7.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d91f8.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d920a.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d924a.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d927b.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d928d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-14a8-d74-d929e.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19fc36.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19fc96.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19fcf6.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19fd55.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19fdb5.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19fdf6.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19ff4f.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19ff90.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19ffd0.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-19fff2.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-1a0061.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-1a00b1.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-1a00e2.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-1a0103.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-1a0144.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-1a01a4.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-1a01e4.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-1a0244.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1518-22dc-1a0294.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21dc53.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21dd11.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21dd80.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21ddef.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21de30.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21de90.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21dec1.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e02a.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e0d8.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e31c.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e3ca.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e458.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e4a9.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e4ba.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e4db.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e54b.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e5ba.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e724.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-181c-1ce4-21e754.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fd94bd.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdaa89.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdb8e3.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdbc60.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdbf7e.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdc722.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdcd9c.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdd2fd.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdd9a6.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fde4b4.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fde94a.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdee4d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdfb4f.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fdfdc2.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fe0c5b.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fe140d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fe3b7d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fe4fe2.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-1900-1d80-fe65ae.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd4d21.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd4ee8.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd4f19.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd4fb7.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd4fe8.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5028.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5078.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd50b9.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5138.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5198.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd51c8.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5228.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd52a7.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5317.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5396.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5993.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5a21.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5aa0.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-217c-23e0-dd5b2f.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-9554df.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-955733.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-955793.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-955812.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-955843.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-9558b2.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-9558d3.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-955981.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-955bc5.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-955fbf.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-95604d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-95608e.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-9560af.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-9560e0.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-95615f.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-9561a0.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-9561e0.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-956240.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2ed8-2ec0-9562de.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fdd35.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fddc4.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fde24.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fde83.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fdea5.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fded6.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe07d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe0ae.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe0df.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe100.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe122.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe133.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe155.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe176.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe187.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe199.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe1ba.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe20a.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-2f30-2efc-fe24b.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13ca94.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13caa6.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cab8.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cac9.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cadb.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cafc.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb0e.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb10.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb21.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb33.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb45.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb47.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb58.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb6a.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb6c.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb7d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb8f.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cb91.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-560-564-13cba3.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca367.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca3b7.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca3c9.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca3cb.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca3fc.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca41d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca43e.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca450.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca461.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca473.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca494.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca4b6.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca4c7.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca4d9.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca4fa.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca51b.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca53d.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca54e.tmp deleted
C:\WINDOWS\system32\config\systemprofile\AppData\Local\tw-cec-24cc-ca56f.tmp deleted
"C:\DumpStack.log.tmp" not deleted
"C:\Program Files\ModifiableWindowsApps" deleted
"C:\Program Files\Windows Defender Advanced Threat Protection" deleted
"C:\Program Files\Windows Defender Advanced Threat Protection" deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ihcjicgdanjaechkgeegckofjjedodee - No path found[]

Malwarebytes Browser Guard - Josef\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Web Data will be reset at reboot
C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Users\Josef\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Josef\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Josef\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Josef\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Josef\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=160 folders=223 68189539 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Josef\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Web Data" not found
"C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0" deleted
"C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1" deleted
"C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2" deleted
"C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3" deleted
"C:\Users\Josef\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index" deleted

==== EOF on 06.12.2021 at 18:07:07,83 ======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#14 Příspěvek od Rudy »

Tady smazáno. Co log z Junkware?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

pepaa
Návštěvník
Návštěvník
Příspěvky: 98
Registrován: 01 kvě 2007 18:51
Kontaktovat uživatele:

Re: Trojský kůň, pomalý notebook, blokovaný Chrome...

#15 Příspěvek od pepaa »

jak jsem nainstaloval ten Junk, nejdřív mi to nechtělo pustit, protože mi vyskakovalo okno, že je tam virus, až když jsem povolil stažení, jinak to nešlo.


LOG ZDE:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x86
Ran by Josef Dlouhě (Administrator) on 06.12.2021 at 19:32:11,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.12.2021 at 19:37:16,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Odpovědět