Dobrý den,
banka mi zablokovala účet z důvodu údajného napadení mého PC virem Emotet. Můžu vás poprosit o kontrolu?
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2021
Ran by milanek (administrator) on BALU (LENOVO 90C2001DCK) (12-02-2021 16:35:20)
Running from C:\Users\milanek\Desktop
Loaded Profiles: milanek
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
() [File not signed] C:\Windows\SysWOW64\UMonit64.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupUI.exe <2>
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [185648 2021-02-11] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [2614832 2020-12-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc -> Raptr, Inc)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) [File not signed]
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series XPS: C:\WINDOWS\system32\CNMXLMBX.DLL [393728 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk [2015-09-26]
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe () [File not signed]
BootExecute: autocheck autochk * icarus_rvrt.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A86697D-48A3-4B4C-B719-F20C41EE5068} - System32\Tasks\AVG\AVG TuneUp Update BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [2812664 2020-12-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log" --path "C:\ProgramData\AVG\Icarus\Logs" --guid 151264e0-81fe-421f-9250-e280370df22b
Task: {12DF0AD2-AB76-49FF-A783-8AAC3BDAE50C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {31B37CEF-D396-4257-B7E3-0DA1F284CED5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4CE58772-AA9F-46A8-B1A2-A547DD98557C} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [5495432 2020-11-25] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {54641D57-7D4D-405A-99A8-3E35EAEA58B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
Task: {588C834B-5B50-4945-91FD-914D3F9D9DBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
Task: {5EFB9E7C-DB13-40AD-A42A-E2EA25194714} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {66791A04-F3E5-4369-B4D8-EC89D01D56C7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-08-17] (LENOVO -> Lenovo)
Task: {66A81B1B-B6F1-47FF-A691-53CFE8B20E45} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {8568E347-8F68-4993-895B-EA0167FEFCA9} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {93705B35-D9E5-4137-8F8D-5F795BF56B5F} - System32\Tasks\InstallShield Update Service => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [File not signed]
Task: {9850F859-93E0-4D2A-9CC2-71A8F5F5B603} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A0C25534-7296-4F85-AEE1-A7F2D09386D7} - System32\Tasks\{91C2BEF2-DF0A-475B-A5C1-B6DA94654FFF} => "c:\program files (x86)\google\chrome\application\chrome.exe" https://ui.skype.com/ui/0/7.39.0.102/cs ... rogressBar
Task: {C85A3B9A-FEE8-45C4-9FD2-EFC59880D9F5} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {CAEB823F-A40E-4F64-8E16-B17355090BFD} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [53248 2013-10-25] () [File not signed]
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D8BECF53-A5BF-4497-82D0-6A3B30142CBA} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{af639643-1296-4a44-a76c-e6794e959101}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{cfa2a185-1263-4480-99a2-f80ab525d9e8}: [DhcpNameServer] 192.168.42.129
Edge:
=======
DownloadDir: C:\Users\milanek\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> hxxp://www.seznam.cz/
Edge DefaultProfile: Default
Edge Profile: C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-29]
Edge HomePage: Default -> hxxp://www.seznam.cz/
Edge StartupUrls: Default -> "hxxp://www.seznam.cz/"
Edge DefaultSearchURL: Default -> hxxps://www.google.cz/search?q={searchTerms}&ie ... utEncoding?}
Edge Extension: (Seznam doplněk - Email) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-08-20]
Edge Extension: (Seznam doplněk - Esko-) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2020-08-20]
Edge Extension: (appear.in screen sharing) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bodncoafpihbhpfljcaofnebjkaiaiga [2020-08-20]
Edge Extension: (Titulky++) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nkaajhpmfeljpnmmpiodgfkcpnadghaa [2020-08-20]
Edge Extension: (Seznam doplněk - Esko) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-08-20]
FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google Inc -> Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default [2021-02-12]
CHR Notifications: Default -> hxxps://blastnotificationx.com; hxxps://paleosnadno.cz; hxxps://www.alza.cz; hxxps://www.netflix.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR NewTab: Default -> Not-active:"chrome-extension://blmojkbhnkkphngknkmgccmlenfaelkd/speeddial/html/newTab.html"
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxps://suggest.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Extension: (Prezentace) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dokumenty) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (Seznam doplněk - Email) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-04-06]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-29]
CHR Extension: (appear.in screen sharing) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodncoafpihbhpfljcaofnebjkaiaiga [2017-12-06]
CHR Extension: (Seznam.cz) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkncgicdohgfdncecojfiapgebmlnaoc [2017-01-31]
CHR Extension: (Adobe Acrobat) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-15]
CHR Extension: (Tabulky) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-12]
CHR Extension: (Skype) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Titulky++) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkaajhpmfeljpnmmpiodgfkcpnadghaa [2021-01-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-04-06]
CHR Extension: (Gmail) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [12976336 2020-12-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2371760 2021-02-11] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2371760 2021-02-11] (ESET, spol. s r.o. -> ESET)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-25] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [158512 2021-02-11] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15288 2020-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [195976 2021-02-11] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [116488 2021-02-11] (ESET, spol. s r.o. -> ESET)
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [103656 2013-10-21] (Genesys Logic,INC. -> GenesysLogic)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [1134208 2009-08-05] (Creative Labs Inc -> Creative Technology Ltd.)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2008-12-12] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2008-12-12] () [File not signed]
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
R3 SplitCamAudio; C:\WINDOWS\system32\drivers\SplitCamAudio.sys [33904 2017-08-11] (Microsoft Windows Hardware Compatibility Publisher -> SplitCam Co.)
R3 splitcam_hd_driver; C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys [38000 2017-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-25] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-12 16:35 - 2021-02-12 16:37 - 000018371 _____ C:\Users\milanek\Desktop\FRST.txt
2021-02-12 16:34 - 2021-02-12 16:36 - 000000000 ____D C:\FRST
2021-02-12 16:33 - 2021-02-12 16:33 - 002297344 _____ (Farbar) C:\Users\milanek\Desktop\FRST64.exe
2021-02-12 16:16 - 2021-02-12 16:16 - 000000000 ____D C:\Users\milanek\Desktop\rufus_files
2021-02-12 16:12 - 2021-02-12 16:14 - 736100352 _____ C:\Users\milanek\Desktop\eset_sysrescue_live_enu (2).iso
2021-02-12 16:08 - 2021-02-12 16:26 - 000000270 __RSH C:\ProgramData\ntuser.pol
2021-02-12 16:07 - 2021-02-12 16:07 - 001156152 _____ (Akeo Consulting) C:\Users\milanek\Desktop\rufus-3.13.exe
2021-02-12 16:02 - 2021-02-12 16:04 - 736100352 _____ C:\Users\milanek\Desktop\eset_sysrescue_live_enu (1).iso
2021-02-12 15:57 - 2021-02-12 15:59 - 736100352 _____ C:\Users\milanek\Desktop\eset_sysrescue_live_enu.iso
2021-02-09 09:08 - 2021-02-09 09:08 - 001243284 _____ C:\WINDOWS\Minidump\020921-42859-01.dmp
2021-02-01 07:27 - 2021-02-01 07:27 - 001154276 _____ C:\WINDOWS\Minidump\020121-36484-01.dmp
2021-01-31 07:51 - 2021-02-09 09:08 - 716259020 _____ C:\WINDOWS\MEMORY.DMP
2021-01-31 07:51 - 2021-01-31 08:01 - 001217220 _____ C:\WINDOWS\Minidump\013121-37906-01.dmp
2021-01-19 08:20 - 2021-01-19 08:20 - 000263286 _____ C:\Users\milanek\Desktop\Jízdenka.pdf
2021-01-14 06:14 - 2021-01-14 06:26 - 000303376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-13 20:56 - 2021-01-13 20:56 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 20:55 - 2021-01-13 20:55 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 20:55 - 2021-01-13 20:55 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 20:55 - 2021-01-13 20:55 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 20:55 - 2021-01-13 20:55 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 20:55 - 2021-01-13 20:55 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 20:55 - 2021-01-13 20:55 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 20:55 - 2021-01-13 20:55 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 20:55 - 2021-01-13 20:55 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 20:55 - 2021-01-13 20:55 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 20:54 - 2021-01-13 20:54 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 20:54 - 2021-01-13 20:54 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 20:54 - 2021-01-13 20:54 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 20:54 - 2021-01-13 20:54 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 20:54 - 2021-01-13 20:54 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 20:54 - 2021-01-13 20:54 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 20:54 - 2021-01-13 20:54 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 20:53 - 2021-01-13 20:53 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 20:53 - 2021-01-13 20:53 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-13 20:52 - 2021-01-13 20:52 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 20:52 - 2021-01-13 20:52 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 20:52 - 2021-01-13 20:52 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 20:52 - 2021-01-13 20:52 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 20:52 - 2021-01-13 20:52 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 20:51 - 2021-01-13 20:51 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 20:51 - 2021-01-13 20:51 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 20:51 - 2021-01-13 20:51 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 20:51 - 2021-01-13 20:51 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 20:50 - 2021-01-13 20:50 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 20:50 - 2021-01-13 20:50 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 20:49 - 2021-01-13 20:49 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 20:49 - 2021-01-13 20:49 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 20:49 - 2021-01-13 20:49 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 20:49 - 2021-01-13 20:49 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 20:49 - 2021-01-13 20:49 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-12 16:39 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-12 16:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-02-12 16:08 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-02-12 15:34 - 2020-08-19 18:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-12 04:08 - 2018-07-18 20:00 - 000000000 ____D C:\ProgramData\Avg
2021-02-11 21:15 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-11 21:15 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-11 20:47 - 2020-08-20 07:32 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 20:47 - 2020-08-20 07:32 - 000003348 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-11 20:41 - 2020-08-19 18:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-11 20:41 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-11 20:33 - 2020-08-19 18:55 - 000004194 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5FCAE6BA-5F98-43BD-B032-CD0FD2E26723}
2021-02-11 19:21 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-11 19:21 - 2018-04-12 15:26 - 000116488 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2021-02-11 19:21 - 2017-11-30 19:42 - 000195976 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2021-02-11 19:21 - 2017-11-30 19:42 - 000158512 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2021-02-10 08:10 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-10 08:09 - 2015-08-06 11:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 08:04 - 2015-08-06 11:22 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-09 09:13 - 2020-08-19 18:34 - 001693640 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-09 09:13 - 2019-03-19 12:55 - 000716944 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-09 09:13 - 2019-03-19 12:55 - 000145024 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-09 09:09 - 2020-08-31 08:46 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-09 00:49 - 2015-08-08 19:49 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-09 00:49 - 2015-08-04 08:11 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-08 22:24 - 2020-08-19 18:55 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1040683045-3520781050-4236757564-1001
2021-02-08 22:24 - 2020-08-19 18:19 - 000002417 _____ C:\Users\milanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-08 22:24 - 2015-08-04 08:50 - 000000000 ___RD C:\Users\milanek\OneDrive
2021-02-08 13:03 - 2019-11-16 11:23 - 000000000 ____D C:\Users\milanek\Downloads\Filmy
2021-02-08 10:34 - 2015-08-06 15:52 - 000000000 ____D C:\Users\milanek\AppData\Roaming\uTorrent
2021-02-06 05:44 - 2020-08-20 07:33 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-06 05:44 - 2020-08-20 07:33 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-05 06:43 - 2020-08-19 18:55 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:43 - 2020-08-19 18:55 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-29 10:14 - 2017-10-27 18:30 - 000000000 _____ C:\end
2021-01-29 10:12 - 2020-07-26 09:18 - 000000612 _____ C:\nsispromotion_log.txt
2021-01-28 07:32 - 2017-11-30 20:32 - 000000000 ____D C:\Users\milanek\AppData\Local\Packages
2021-01-27 21:29 - 2020-08-19 18:19 - 000000000 ____D C:\Users\milanek
2021-01-27 21:28 - 2020-07-12 00:03 - 000768569 ____N C:\WINDOWS\Minidump\012721-42968-01.dmp
2021-01-14 12:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-14 06:28 - 2016-04-27 07:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-14 06:28 - 2015-09-16 11:28 - 000000000 ___RD C:\Users\milanek\3D Objects
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-14 06:19 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-14 06:19 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 20:49 - 2020-08-19 18:17 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 20:42 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
==================== Files in the root of some directories ========
2015-08-26 07:24 - 2015-08-26 07:24 - 000007602 _____ () C:\Users\milanek\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2021
Ran by milanek (12-02-2021 16:42:16)
Running from C:\Users\milanek\Desktop
Windows 10 Home Version 1909 18363.1316 (X64) (2020-08-19 17:56:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1040683045-3520781050-4236757564-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1040683045-3520781050-4236757564-503 - Limited - Disabled)
Guest (S-1-5-21-1040683045-3520781050-4236757564-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1040683045-3520781050-4236757564-1003 - Limited - Enabled)
milanek (S-1-5-21-1040683045-3520781050-4236757564-1001 - Administrator - Enabled) => C:\Users\milanek
WDAGUtilityAccount (S-1-5-21-1040683045-3520781050-4236757564-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Disabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 20.1.2191.714 - AVG)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: - )
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.224 - DivX, LLC)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
DTS+AC3 ÇĘĹÍ (HKLM-x32\...\DtsFilter) (Version: - )
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 13.2.18.0 - ESET, spol. s r.o.)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
forteManager (HKLM-x32\...\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}) (Version: 3.15 - LG Soft India)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
GOM Audio (HKLM-x32\...\GomAudio) (Version: 2.2.2.0 - Gretech Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.61.5325 - GOM & Company)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0112.135 - Mio Technology)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 22.0.2 - OBS Project)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verze 8.63 (HKLM-x32\...\Skype_is1) (Version: 8.63 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 (HKLM-x32\...\{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}) (Version: 1.0 - )
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.0.3 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{0BAA0A93-3AD3-4B19-9105-4C8C3FA92A83}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VDownloader 4.4.2350 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VisualSubSync (remove only) (HKLM-x32\...\VisualSubSync) (Version: - )
WhatsApp (HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\WhatsApp) (Version: 0.3.2386 - WhatsApp)
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1951.1.0_x86__kgqvnymyfvs32 [2021-02-08] (king.com)
Dailymotion -> C:\Program Files\WindowsApps\DailymotionSA.Dailymotion_10.2101.5.0_x64__6dqnvyezrysvy [2021-01-19] (Dailymotion)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-11] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-27] (Instagram)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-02-04] (LENOVO INC.)
Live TV -> C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716 [2017-03-10] (FilmOn TV Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
MSN Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-10] (Microsoft Corporation) [MS Ad]
MSN Gurmánský svět -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-10] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Zdraví a fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-10] (Microsoft Corporation) [MS Ad]
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2017-03-10] (CYBERLINK COM CORPORATION)
Skyscanner -> C:\Program Files\WindowsApps\Skyscanner.Skyscanner_1.4.2.0_neutral__623c9he0pwcym [2017-03-10] (Skyscanner)
The Weather Channel for Lenovo -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforLenovo_2015.1013.1.0_x64__t3yemqpq4kp7p [2017-03-10] (The Weather Channel.)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-02-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-02-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5-x32: [FMDesktopMenu] -> {83AE6768-28C3-4057-A4A0-21AADA4B88E3} => C:\Program Files (x86)\LG Soft India\forteManager\bin\ContextMenu.dll [2008-12-12] () [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-02-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_dkncgicdohgfdncecojfiapgebmlnaoc\Seznam.cz.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
ShortcutWithArgument: C:\Users\milanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Seznam.cz.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
==================== Loaded Modules (Whitelisted) =============
2015-01-08 19:35 - 2011-05-17 22:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
2019-02-21 20:00 - 2019-02-21 20:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2017-01-30 16:27 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files\VDownloader;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\milanek\OneDrive\Fotky\Sri Lanka 2017\P1000302.JPG
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "forteManager.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "SplitCam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{48ABC6EA-172C-4FE7-8400-E6310697F26F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{BF962758-092B-423F-A4CC-2972DC9472FC}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{C932AE42-DCC9-4F60-AA60-B5A78D5BEF43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{5E9F0DF7-17CB-4A4F-89CB-277C39C1BCC1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{7D928A5D-0D26-4202-8FED-AD5BA83473E0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{7280CFB2-FCE3-40C2-9391-731B1CD99BF1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{E154C401-E193-4CE4-8797-9ECC5F2F3CA4}] => (Allow) C:\Users\milanek\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{7EA5905C-F9AA-4373-8B1F-9C3B9290A2A4}] => (Allow) C:\Users\milanek\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{2A67BE44-7BDA-41E1-B0DB-D21DFD85625F}C:\users\milanek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\milanek\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{695CEB33-5197-41D7-9380-4C3F877973E7}C:\users\milanek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\milanek\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C5AFC5D4-E2C8-4C00-B9A3-358EE7C72D23}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E224C8F-79F5-467E-A31B-899B234597AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E8A3213-925E-4635-B6B3-ED52B5EF718B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{069A1A03-4335-47A7-BB43-C4ED0E7979BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{62022249-DEFE-4824-BA4E-B61470F15B31}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50525786-EC4A-4E6A-B9B4-62414CFEB604}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84EBFBA5-C2FE-4C3B-8723-DF04E32FBA21}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
22-01-2021 04:26:28 Naplánovaný kontrolní bod
31-01-2021 08:09:16 Naplánovaný kontrolní bod
09-02-2021 13:24:54 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/12/2021 04:33:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8160,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 06:08:27 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8592,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:52:37 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2540,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:42:22 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7912,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:13:23 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2368,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:07:45 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Windows\System32\svchost.exe, identifikátor PID: 3128, identifikátor PID ProfSvc: 1448.
Error: (02/12/2021 04:07:45 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\AVG\TuneUp\TuneupSvc.exe, identifikátor PID: 3728, identifikátor PID ProfSvc: 1448.
Error: (02/11/2021 09:20:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5592,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
System errors:
=============
Error: (02/12/2021 07:41:49 AM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 04:37:49 AM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 04:10:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {784E29F4-5EBE-4279-9948-1E8FE941646D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 04:09:46 AM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 04:08:01 AM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/11/2021 08:41:39 PM) (Source: GeneStor) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/11/2021 08:40:33 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/11/2021 08:40:33 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
=================
Date: 2020-11-27 14:39:09.176
Description:
Prohled�v�n� Antivirov� ochrana v programu Windows Defender bylo zastaveno p�ed dokon�en�m.
ID prohled�v�n�: {BBEA87C9-FFD7-4894-BC7F-4C4B3FBD14CD}
Typ prohled�v�n�: Antimalwarov� program
Parametry prohled�v�n�: Rychl� prohled�v�n�
U�ivatel: NT AUTHORITY\SYSTEM
CodeIntegrity:
=================
Date: 2021-02-12 14:42:27.107
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 14:42:27.088
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 14:42:27.061
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 14:42:27.042
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 14:42:26.880
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-11 20:44:11.335
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-11 20:44:11.112
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-11 20:44:11.087
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: LENOVO O07KT49AUS 12/18/2014
Motherboard: LENOVO Aptio CRB
Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 79%
Total physical RAM: 3988.55 MB
Available physical RAM: 823.06 MB
Total Virtual: 8084.55 MB
Available Virtual: 4752.86 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:713.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DVD_VIDEO_RECORDER) (CDROM) (Total:2.2 GB) (Free:0 GB) UDF
Drive e: (eSysRescueLiveCD) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS
Drive g: (eSysRescueLiveCD) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS
Drive h: (eSysRescueLiveCD) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS
\\?\Volume{9e7852fe-95f4-440b-9e09-3a652e86bdbe}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.7 GB) NTFS
\\?\Volume{2ee00a71-e0d1-46e6-9501-36bdaa21942d}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:14.03 GB) NTFS
\\?\Volume{89da29b1-426d-48b0-a4de-bcd82e018745}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9F437DC7)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Emotet
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Emotet
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Emotet
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 12.02.21
Čas skenování: 18:05
Logovací soubor: 794cab76-6d54-11eb-a1b1-b8aeed2f334d.json
-Informace o softwaru-
Verze: 4.3.0.98
Verze komponentů: 1.0.1173
Aktualizovat verzi balíku komponent: 1.0.37023
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 18363.1316)
CPU: x64
Systém souborů: NTFS
Uživatel: Balů\milanek
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 385036
Zjištěné hrozby: 5
Hrozby umístěné do karantény: 5
Uplynulý čas: 8 min, 38 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 5
PUP.Optional.InstallCore, HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\CSASTATS\ic, V karanténě, 112, 586068, 1.0.37023, , ame, , ,
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder0, V karanténě, 571, 186209, 1.0.37023, , ame, , ,
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder1, V karanténě, 571, 186209, 1.0.37023, , ame, , ,
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder2, V karanténě, 571, 186209, 1.0.37023, , ame, , ,
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder3, V karanténě, 571, 186209, 1.0.37023, , ame, , ,
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
WMI: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 12.02.21
Čas skenování: 18:05
Logovací soubor: 794cab76-6d54-11eb-a1b1-b8aeed2f334d.json
-Informace o softwaru-
Verze: 4.3.0.98
Verze komponentů: 1.0.1173
Aktualizovat verzi balíku komponent: 1.0.37023
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 18363.1316)
CPU: x64
Systém souborů: NTFS
Uživatel: Balů\milanek
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 385036
Zjištěné hrozby: 5
Hrozby umístěné do karantény: 5
Uplynulý čas: 8 min, 38 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 5
PUP.Optional.InstallCore, HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\CSASTATS\ic, V karanténě, 112, 586068, 1.0.37023, , ame, , ,
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder0, V karanténě, 571, 186209, 1.0.37023, , ame, , ,
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder1, V karanténě, 571, 186209, 1.0.37023, , ame, , ,
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder2, V karanténě, 571, 186209, 1.0.37023, , ame, , ,
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder3, V karanténě, 571, 186209, 1.0.37023, , ame, , ,
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
WMI: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Emotet
Nalezené položky smažte (dejte do karantény), restartujte a dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Emotet
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2021
Ran by milanek (administrator) on BALU (LENOVO 90C2001DCK) (12-02-2021 19:19:26)
Running from C:\Users\milanek\Desktop
Loaded Profiles: milanek
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
() [File not signed] C:\Windows\SysWOW64\UMonit64.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupUI.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [185648 2021-02-11] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [2614832 2020-12-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc -> Raptr, Inc)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) [File not signed]
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series XPS: C:\WINDOWS\system32\CNMXLMBX.DLL [393728 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk [2015-09-26]
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe () [File not signed]
BootExecute: autocheck autochk * icarus_rvrt.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A86697D-48A3-4B4C-B719-F20C41EE5068} - System32\Tasks\AVG\AVG TuneUp Update BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [2812664 2020-12-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log" --path "C:\ProgramData\AVG\Icarus\Logs" --guid 151264e0-81fe-421f-9250-e280370df22b
Task: {12DF0AD2-AB76-49FF-A783-8AAC3BDAE50C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {31B37CEF-D396-4257-B7E3-0DA1F284CED5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4CE58772-AA9F-46A8-B1A2-A547DD98557C} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [5495432 2020-11-25] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {54641D57-7D4D-405A-99A8-3E35EAEA58B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
Task: {588C834B-5B50-4945-91FD-914D3F9D9DBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
Task: {5EFB9E7C-DB13-40AD-A42A-E2EA25194714} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {66791A04-F3E5-4369-B4D8-EC89D01D56C7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-08-17] (LENOVO -> Lenovo)
Task: {66A81B1B-B6F1-47FF-A691-53CFE8B20E45} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {8568E347-8F68-4993-895B-EA0167FEFCA9} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {93705B35-D9E5-4137-8F8D-5F795BF56B5F} - System32\Tasks\InstallShield Update Service => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [File not signed]
Task: {9850F859-93E0-4D2A-9CC2-71A8F5F5B603} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A0C25534-7296-4F85-AEE1-A7F2D09386D7} - System32\Tasks\{91C2BEF2-DF0A-475B-A5C1-B6DA94654FFF} => "c:\program files (x86)\google\chrome\application\chrome.exe" https://ui.skype.com/ui/0/7.39.0.102/cs ... rogressBar
Task: {C85A3B9A-FEE8-45C4-9FD2-EFC59880D9F5} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {CAEB823F-A40E-4F64-8E16-B17355090BFD} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [53248 2013-10-25] () [File not signed]
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D8BECF53-A5BF-4497-82D0-6A3B30142CBA} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{af639643-1296-4a44-a76c-e6794e959101}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{cfa2a185-1263-4480-99a2-f80ab525d9e8}: [DhcpNameServer] 192.168.42.129
Edge:
=======
DownloadDir: C:\Users\milanek\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> hxxp://www.seznam.cz/
Edge DefaultProfile: Default
Edge Profile: C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-29]
Edge HomePage: Default -> hxxp://www.seznam.cz/
Edge StartupUrls: Default -> "hxxp://www.seznam.cz/"
Edge DefaultSearchURL: Default -> hxxps://www.google.cz/search?q={searchTerms}&ie ... utEncoding?}
Edge Extension: (Seznam doplněk - Email) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-08-20]
Edge Extension: (Seznam doplněk - Esko-) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2020-08-20]
Edge Extension: (appear.in screen sharing) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bodncoafpihbhpfljcaofnebjkaiaiga [2020-08-20]
Edge Extension: (Titulky++) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nkaajhpmfeljpnmmpiodgfkcpnadghaa [2020-08-20]
Edge Extension: (Seznam doplněk - Esko) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-08-20]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google Inc -> Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default [2021-02-12]
CHR Notifications: Default -> hxxps://blastnotificationx.com; hxxps://paleosnadno.cz; hxxps://www.alza.cz; hxxps://www.netflix.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR NewTab: Default -> Not-active:"chrome-extension://blmojkbhnkkphngknkmgccmlenfaelkd/speeddial/html/newTab.html"
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxps://suggest.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Extension: (Prezentace) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dokumenty) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (Seznam doplněk - Email) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-04-06]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-29]
CHR Extension: (appear.in screen sharing) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodncoafpihbhpfljcaofnebjkaiaiga [2017-12-06]
CHR Extension: (Seznam.cz) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkncgicdohgfdncecojfiapgebmlnaoc [2017-01-31]
CHR Extension: (Adobe Acrobat) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-15]
CHR Extension: (Tabulky) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-12]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-12]
CHR Extension: (Skype) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Titulky++) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkaajhpmfeljpnmmpiodgfkcpnadghaa [2021-01-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-04-06]
CHR Extension: (Gmail) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [12976336 2020-12-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2371760 2021-02-11] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2371760 2021-02-11] (ESET, spol. s r.o. -> ESET)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-25] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [158512 2021-02-11] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15288 2020-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [195976 2021-02-11] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [116488 2021-02-11] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-12] (Malwarebytes Corporation -> Malwarebytes)
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [103656 2013-10-21] (Genesys Logic,INC. -> GenesysLogic)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [1134208 2009-08-05] (Creative Labs Inc -> Creative Technology Ltd.)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2008-12-12] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2008-12-12] () [File not signed]
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
R3 SplitCamAudio; C:\WINDOWS\system32\drivers\SplitCamAudio.sys [33904 2017-08-11] (Microsoft Windows Hardware Compatibility Publisher -> SplitCam Co.)
R3 splitcam_hd_driver; C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys [38000 2017-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-25] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-12 19:19 - 2021-02-12 19:22 - 000019731 _____ C:\Users\milanek\Desktop\FRST.txt
2021-02-12 19:18 - 2021-02-12 19:18 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-12 19:18 - 2021-02-12 19:18 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-12 19:17 - 2021-02-12 19:17 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-12 18:20 - 2021-02-12 18:20 - 000000000 ____D C:\AdwCleaner
2021-02-12 18:18 - 2021-02-12 18:18 - 000002420 _____ C:\Users\milanek\Desktop\malware log2.txt
2021-02-12 18:17 - 2021-02-12 18:17 - 000002490 _____ C:\Users\milanek\Desktop\Malware log.txt
2021-02-12 18:05 - 2021-02-12 19:24 - 000000000 ____D C:\Users\milanek\AppData\LocalLow\IGDump
2021-02-12 18:04 - 2021-02-12 18:04 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-12 18:04 - 2021-02-12 18:04 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-12 18:04 - 2021-02-12 18:04 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-12 18:04 - 2021-02-12 18:04 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-12 18:04 - 2021-02-12 18:04 - 000000000 ____D C:\Users\milanek\AppData\Local\mbam
2021-02-12 18:04 - 2021-02-12 18:03 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-12 18:04 - 2021-02-12 18:03 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-12 18:03 - 2021-02-12 18:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-12 18:03 - 2021-02-12 18:03 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-12 18:01 - 2021-02-12 18:01 - 002086424 _____ (Malwarebytes) C:\Users\milanek\Desktop\MBSetup.exe
2021-02-12 16:34 - 2021-02-12 19:21 - 000000000 ____D C:\FRST
2021-02-12 16:33 - 2021-02-12 16:33 - 002297344 _____ (Farbar) C:\Users\milanek\Desktop\FRST64.exe
2021-02-12 16:16 - 2021-02-12 16:16 - 000000000 ____D C:\Users\milanek\Desktop\rufus_files
2021-02-12 16:12 - 2021-02-12 16:14 - 736100352 _____ C:\Users\milanek\Desktop\eset_sysrescue_live_enu (2).iso
2021-02-12 16:08 - 2021-02-12 16:26 - 000000270 __RSH C:\ProgramData\ntuser.pol
2021-02-12 16:07 - 2021-02-12 16:07 - 001156152 _____ (Akeo Consulting) C:\Users\milanek\Desktop\rufus-3.13.exe
2021-02-12 16:02 - 2021-02-12 16:04 - 736100352 _____ C:\Users\milanek\Desktop\eset_sysrescue_live_enu (1).iso
2021-02-12 15:57 - 2021-02-12 15:59 - 736100352 _____ C:\Users\milanek\Desktop\eset_sysrescue_live_enu.iso
2021-02-09 09:08 - 2021-02-09 09:08 - 001243284 _____ C:\WINDOWS\Minidump\020921-42859-01.dmp
2021-02-01 07:27 - 2021-02-01 07:27 - 001154276 _____ C:\WINDOWS\Minidump\020121-36484-01.dmp
2021-01-31 07:51 - 2021-02-09 09:08 - 716259020 _____ C:\WINDOWS\MEMORY.DMP
2021-01-31 07:51 - 2021-01-31 08:01 - 001217220 _____ C:\WINDOWS\Minidump\013121-37906-01.dmp
2021-01-19 08:20 - 2021-01-19 08:20 - 000263286 _____ C:\Users\milanek\Desktop\Jízdenka.pdf
2021-01-14 06:14 - 2021-01-14 06:26 - 000303376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-13 20:56 - 2021-01-13 20:56 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 20:55 - 2021-01-13 20:55 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 20:55 - 2021-01-13 20:55 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 20:55 - 2021-01-13 20:55 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 20:55 - 2021-01-13 20:55 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 20:55 - 2021-01-13 20:55 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 20:55 - 2021-01-13 20:55 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 20:55 - 2021-01-13 20:55 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 20:55 - 2021-01-13 20:55 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 20:55 - 2021-01-13 20:55 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 20:54 - 2021-01-13 20:54 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 20:54 - 2021-01-13 20:54 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 20:54 - 2021-01-13 20:54 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 20:54 - 2021-01-13 20:54 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 20:54 - 2021-01-13 20:54 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 20:54 - 2021-01-13 20:54 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 20:54 - 2021-01-13 20:54 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 20:53 - 2021-01-13 20:53 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 20:53 - 2021-01-13 20:53 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-13 20:52 - 2021-01-13 20:52 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 20:52 - 2021-01-13 20:52 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 20:52 - 2021-01-13 20:52 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 20:52 - 2021-01-13 20:52 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 20:52 - 2021-01-13 20:52 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 20:51 - 2021-01-13 20:51 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 20:51 - 2021-01-13 20:51 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 20:51 - 2021-01-13 20:51 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 20:51 - 2021-01-13 20:51 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 20:50 - 2021-01-13 20:50 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 20:50 - 2021-01-13 20:50 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 20:49 - 2021-01-13 20:49 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 20:49 - 2021-01-13 20:49 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 20:49 - 2021-01-13 20:49 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 20:49 - 2021-01-13 20:49 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 20:49 - 2021-01-13 20:49 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-12 19:25 - 2020-08-20 07:33 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 19:25 - 2020-08-20 07:33 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-12 19:21 - 2020-08-19 18:55 - 000004194 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5FCAE6BA-5F98-43BD-B032-CD0FD2E26723}
2021-02-12 19:17 - 2020-08-19 18:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-12 19:17 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-12 19:16 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-12 19:15 - 2018-07-18 20:00 - 000000000 ____D C:\ProgramData\Avg
2021-02-12 18:04 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-12 16:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-02-12 16:08 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-02-12 15:34 - 2020-08-19 18:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-11 21:15 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-11 21:15 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-11 20:47 - 2020-08-20 07:32 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 20:47 - 2020-08-20 07:32 - 000003348 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-11 20:40 - 2020-08-19 18:19 - 000000000 ____D C:\Users\milanek
2021-02-11 19:21 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-11 19:21 - 2018-04-12 15:26 - 000116488 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2021-02-11 19:21 - 2017-11-30 19:42 - 000195976 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2021-02-11 19:21 - 2017-11-30 19:42 - 000158512 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2021-02-10 08:10 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-10 08:09 - 2015-08-06 11:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 08:04 - 2015-08-06 11:22 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-09 09:13 - 2020-08-19 18:34 - 001693640 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-09 09:13 - 2019-03-19 12:55 - 000716944 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-09 09:13 - 2019-03-19 12:55 - 000145024 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-09 09:09 - 2020-08-31 08:46 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-09 00:49 - 2015-08-08 19:49 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-09 00:49 - 2015-08-04 08:11 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-08 22:24 - 2020-08-19 18:55 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1040683045-3520781050-4236757564-1001
2021-02-08 22:24 - 2020-08-19 18:19 - 000002417 _____ C:\Users\milanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-08 22:24 - 2015-08-04 08:50 - 000000000 ___RD C:\Users\milanek\OneDrive
2021-02-08 13:03 - 2019-11-16 11:23 - 000000000 ____D C:\Users\milanek\Downloads\Filmy
2021-02-08 10:34 - 2015-08-06 15:52 - 000000000 ____D C:\Users\milanek\AppData\Roaming\uTorrent
2021-02-05 06:43 - 2020-08-19 18:55 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:43 - 2020-08-19 18:55 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-29 10:14 - 2017-10-27 18:30 - 000000000 _____ C:\end
2021-01-29 10:12 - 2020-07-26 09:18 - 000000612 _____ C:\nsispromotion_log.txt
2021-01-28 07:32 - 2017-11-30 20:32 - 000000000 ____D C:\Users\milanek\AppData\Local\Packages
2021-01-27 21:28 - 2020-07-12 00:03 - 000768569 ____N C:\WINDOWS\Minidump\012721-42968-01.dmp
2021-01-14 12:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-14 06:28 - 2016-04-27 07:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-14 06:28 - 2015-09-16 11:28 - 000000000 ___RD C:\Users\milanek\3D Objects
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-14 06:19 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-14 06:19 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 20:49 - 2020-08-19 18:17 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 20:42 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
==================== Files in the root of some directories ========
2015-08-26 07:24 - 2015-08-26 07:24 - 000007602 _____ () C:\Users\milanek\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2021
Ran by milanek (12-02-2021 19:29:08)
Running from C:\Users\milanek\Desktop
Windows 10 Home Version 1909 18363.1316 (X64) (2020-08-19 17:56:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1040683045-3520781050-4236757564-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1040683045-3520781050-4236757564-503 - Limited - Disabled)
Guest (S-1-5-21-1040683045-3520781050-4236757564-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1040683045-3520781050-4236757564-1003 - Limited - Enabled)
milanek (S-1-5-21-1040683045-3520781050-4236757564-1001 - Administrator - Enabled) => C:\Users\milanek
WDAGUtilityAccount (S-1-5-21-1040683045-3520781050-4236757564-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Disabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 20.1.2191.714 - AVG)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: - )
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.224 - DivX, LLC)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
DTS+AC3 ÇĘĹÍ (HKLM-x32\...\DtsFilter) (Version: - )
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 13.2.18.0 - ESET, spol. s r.o.)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
forteManager (HKLM-x32\...\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}) (Version: 3.15 - LG Soft India)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
GOM Audio (HKLM-x32\...\GomAudio) (Version: 2.2.2.0 - Gretech Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.61.5325 - GOM & Company)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0112.135 - Mio Technology)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 22.0.2 - OBS Project)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verze 8.63 (HKLM-x32\...\Skype_is1) (Version: 8.63 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 (HKLM-x32\...\{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}) (Version: 1.0 - )
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.0.3 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{0BAA0A93-3AD3-4B19-9105-4C8C3FA92A83}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VDownloader 4.4.2350 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VisualSubSync (remove only) (HKLM-x32\...\VisualSubSync) (Version: - )
WhatsApp (HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\WhatsApp) (Version: 0.3.2386 - WhatsApp)
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1951.1.0_x86__kgqvnymyfvs32 [2021-02-08] (king.com)
Dailymotion -> C:\Program Files\WindowsApps\DailymotionSA.Dailymotion_10.2101.5.0_x64__6dqnvyezrysvy [2021-01-19] (Dailymotion)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-11] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-27] (Instagram)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-02-04] (LENOVO INC.)
Live TV -> C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716 [2017-03-10] (FilmOn TV Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
MSN Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-10] (Microsoft Corporation) [MS Ad]
MSN Gurmánský svět -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-10] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Zdraví a fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-10] (Microsoft Corporation) [MS Ad]
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2017-03-10] (CYBERLINK COM CORPORATION)
Skyscanner -> C:\Program Files\WindowsApps\Skyscanner.Skyscanner_1.4.2.0_neutral__623c9he0pwcym [2017-03-10] (Skyscanner)
The Weather Channel for Lenovo -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforLenovo_2015.1013.1.0_x64__t3yemqpq4kp7p [2017-03-10] (The Weather Channel.)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-02-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-02-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5-x32: [FMDesktopMenu] -> {83AE6768-28C3-4057-A4A0-21AADA4B88E3} => C:\Program Files (x86)\LG Soft India\forteManager\bin\ContextMenu.dll [2008-12-12] () [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-02-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_dkncgicdohgfdncecojfiapgebmlnaoc\Seznam.cz.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
ShortcutWithArgument: C:\Users\milanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Seznam.cz.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
==================== Loaded Modules (Whitelisted) =============
2015-01-08 19:35 - 2011-05-17 22:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2017-01-30 16:27 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files\VDownloader;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\milanek\OneDrive\Fotky\Sri Lanka 2017\P1000302.JPG
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "forteManager.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "SplitCam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{48ABC6EA-172C-4FE7-8400-E6310697F26F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{BF962758-092B-423F-A4CC-2972DC9472FC}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{C932AE42-DCC9-4F60-AA60-B5A78D5BEF43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{5E9F0DF7-17CB-4A4F-89CB-277C39C1BCC1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{7D928A5D-0D26-4202-8FED-AD5BA83473E0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{7280CFB2-FCE3-40C2-9391-731B1CD99BF1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{E154C401-E193-4CE4-8797-9ECC5F2F3CA4}] => (Allow) C:\Users\milanek\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{7EA5905C-F9AA-4373-8B1F-9C3B9290A2A4}] => (Allow) C:\Users\milanek\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{2A67BE44-7BDA-41E1-B0DB-D21DFD85625F}C:\users\milanek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\milanek\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{695CEB33-5197-41D7-9380-4C3F877973E7}C:\users\milanek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\milanek\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C5AFC5D4-E2C8-4C00-B9A3-358EE7C72D23}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E224C8F-79F5-467E-A31B-899B234597AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E8A3213-925E-4635-B6B3-ED52B5EF718B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{069A1A03-4335-47A7-BB43-C4ED0E7979BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{62022249-DEFE-4824-BA4E-B61470F15B31}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50525786-EC4A-4E6A-B9B4-62414CFEB604}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84EBFBA5-C2FE-4C3B-8723-DF04E32FBA21}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
22-01-2021 04:26:28 Naplánovaný kontrolní bod
31-01-2021 08:09:16 Naplánovaný kontrolní bod
09-02-2021 13:24:54 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/12/2021 07:25:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4388,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 06:25:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8312,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:33:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8160,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 06:08:27 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8592,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:52:37 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2540,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:42:22 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7912,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:13:23 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2368,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:07:45 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Windows\System32\svchost.exe, identifikátor PID: 3128, identifikátor PID ProfSvc: 1448.
System errors:
=============
Error: (02/12/2021 07:22:27 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:19:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {784E29F4-5EBE-4279-9948-1E8FE941646D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:18:12 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:16:56 PM) (Source: GeneStor) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/12/2021 07:15:23 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:15:23 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:15:23 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:15:22 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
=================
Date: 2020-11-27 14:39:09.176
Description:
Prohled�v�n� Antivirov� ochrana v programu Windows Defender bylo zastaveno p�ed dokon�en�m.
ID prohled�v�n�: {BBEA87C9-FFD7-4894-BC7F-4C4B3FBD14CD}
Typ prohled�v�n�: Antimalwarov� program
Parametry prohled�v�n�: Rychl� prohled�v�n�
U�ivatel: NT AUTHORITY\SYSTEM
CodeIntegrity:
=================
Date: 2021-02-12 19:20:47.405
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:44.095
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:44.073
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:43.752
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:43.724
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:27.163
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:27.141
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:27.082
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: LENOVO O07KT49AUS 12/18/2014
Motherboard: LENOVO Aptio CRB
Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 76%
Total physical RAM: 3988.55 MB
Available physical RAM: 935.07 MB
Total Virtual: 8084.55 MB
Available Virtual: 4994.91 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:712.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DVD_VIDEO_RECORDER) (CDROM) (Total:2.2 GB) (Free:0 GB) UDF
\\?\Volume{9e7852fe-95f4-440b-9e09-3a652e86bdbe}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.7 GB) NTFS
\\?\Volume{2ee00a71-e0d1-46e6-9501-36bdaa21942d}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:14.03 GB) NTFS
\\?\Volume{89da29b1-426d-48b0-a4de-bcd82e018745}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9F437DC7)
Partition: GPT.
==================== End of Addition.txt =======================
Ran by milanek (administrator) on BALU (LENOVO 90C2001DCK) (12-02-2021 19:19:26)
Running from C:\Users\milanek\Desktop
Loaded Profiles: milanek
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Windows\jmesoft\JME_LOAD.exe
() [File not signed] C:\Windows\jmesoft\Service.exe
() [File not signed] C:\Windows\SysWOW64\UMonit64.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\TuneUp\TuneupUI.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe [185648 2021-02-11] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\AVG\TuneUp\TuneupUI.exe [2614832 2020-12-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc -> Raptr, Inc)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) [File not signed]
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series XPS: C:\WINDOWS\system32\CNMXLMBX.DLL [393728 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.150\Installer\chrmstp.exe [2021-02-09] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk [2015-09-26]
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe () [File not signed]
BootExecute: autocheck autochk * icarus_rvrt.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A86697D-48A3-4B4C-B719-F20C41EE5068} - System32\Tasks\AVG\AVG TuneUp Update BugReport => C:\Program Files\AVG\TuneUp\AvBugReport.exe [2812664 2020-12-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) -> --send "dumps|report" --silent --product 74 --programpath "C:\Program Files\AVG\TuneUp\Setup\.." --configpath "C:\Program Files\AVG\TuneUp\Setup" --path "C:\ProgramData\AVG\TuneUp\log" --path "C:\ProgramData\AVG\Icarus\Logs" --guid 151264e0-81fe-421f-9250-e280370df22b
Task: {12DF0AD2-AB76-49FF-A783-8AAC3BDAE50C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {31B37CEF-D396-4257-B7E3-0DA1F284CED5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4CE58772-AA9F-46A8-B1A2-A547DD98557C} - System32\Tasks\AVG\AVG TuneUp Update => C:\Program Files\Common Files\AVG\Icarus\avg-tu\icarus.exe [5495432 2020-11-25] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {54641D57-7D4D-405A-99A8-3E35EAEA58B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
Task: {588C834B-5B50-4945-91FD-914D3F9D9DBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
Task: {5EFB9E7C-DB13-40AD-A42A-E2EA25194714} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {66791A04-F3E5-4369-B4D8-EC89D01D56C7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-08-17] (LENOVO -> Lenovo)
Task: {66A81B1B-B6F1-47FF-A691-53CFE8B20E45} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {8568E347-8F68-4993-895B-EA0167FEFCA9} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {93705B35-D9E5-4137-8F8D-5F795BF56B5F} - System32\Tasks\InstallShield Update Service => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [File not signed]
Task: {9850F859-93E0-4D2A-9CC2-71A8F5F5B603} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {A0C25534-7296-4F85-AEE1-A7F2D09386D7} - System32\Tasks\{91C2BEF2-DF0A-475B-A5C1-B6DA94654FFF} => "c:\program files (x86)\google\chrome\application\chrome.exe" https://ui.skype.com/ui/0/7.39.0.102/cs ... rogressBar
Task: {C85A3B9A-FEE8-45C4-9FD2-EFC59880D9F5} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {CAEB823F-A40E-4F64-8E16-B17355090BFD} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [53248 2013-10-25] () [File not signed]
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D8BECF53-A5BF-4497-82D0-6A3B30142CBA} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{af639643-1296-4a44-a76c-e6794e959101}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{cfa2a185-1263-4480-99a2-f80ab525d9e8}: [DhcpNameServer] 192.168.42.129
Edge:
=======
DownloadDir: C:\Users\milanek\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> hxxp://www.seznam.cz/
Edge DefaultProfile: Default
Edge Profile: C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-29]
Edge HomePage: Default -> hxxp://www.seznam.cz/
Edge StartupUrls: Default -> "hxxp://www.seznam.cz/"
Edge DefaultSearchURL: Default -> hxxps://www.google.cz/search?q={searchTerms}&ie ... utEncoding?}
Edge Extension: (Seznam doplněk - Email) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-08-20]
Edge Extension: (Seznam doplněk - Esko-) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2020-08-20]
Edge Extension: (appear.in screen sharing) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bodncoafpihbhpfljcaofnebjkaiaiga [2020-08-20]
Edge Extension: (Titulky++) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nkaajhpmfeljpnmmpiodgfkcpnadghaa [2020-08-20]
Edge Extension: (Seznam doplněk - Esko) - C:\Users\milanek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-08-20]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google Inc -> Google)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default [2021-02-12]
CHR Notifications: Default -> hxxps://blastnotificationx.com; hxxps://paleosnadno.cz; hxxps://www.alza.cz; hxxps://www.netflix.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR NewTab: Default -> Not-active:"chrome-extension://blmojkbhnkkphngknkmgccmlenfaelkd/speeddial/html/newTab.html"
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxps://suggest.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Extension: (Prezentace) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Dokumenty) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Disk Google) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (Seznam doplněk - Email) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-04-06]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-10-08]
CHR Extension: (YouTube) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-29]
CHR Extension: (appear.in screen sharing) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodncoafpihbhpfljcaofnebjkaiaiga [2017-12-06]
CHR Extension: (Seznam.cz) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkncgicdohgfdncecojfiapgebmlnaoc [2017-01-31]
CHR Extension: (Adobe Acrobat) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-15]
CHR Extension: (Tabulky) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-12]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-12]
CHR Extension: (Skype) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-01]
CHR Extension: (Titulky++) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkaajhpmfeljpnmmpiodgfkcpnadghaa [2021-01-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-04-06]
CHR Extension: (Gmail) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 CleanupPSvc; C:\Program Files\AVG\TuneUp\TuneupSvc.exe [12976336 2020-12-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2371760 2021-02-11] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2371760 2021-02-11] (ESET, spol. s r.o. -> ESET)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-25] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [158512 2021-02-11] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15288 2020-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [195976 2021-02-11] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [116488 2021-02-11] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-12] (Malwarebytes Corporation -> Malwarebytes)
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [103656 2013-10-21] (Genesys Logic,INC. -> GenesysLogic)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [1134208 2009-08-05] (Creative Labs Inc -> Creative Technology Ltd.)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2008-12-12] () [File not signed]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2008-12-12] () [File not signed]
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
R3 SplitCamAudio; C:\WINDOWS\system32\drivers\SplitCamAudio.sys [33904 2017-08-11] (Microsoft Windows Hardware Compatibility Publisher -> SplitCam Co.)
R3 splitcam_hd_driver; C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys [38000 2017-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-25] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-12 19:19 - 2021-02-12 19:22 - 000019731 _____ C:\Users\milanek\Desktop\FRST.txt
2021-02-12 19:18 - 2021-02-12 19:18 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-12 19:18 - 2021-02-12 19:18 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-12 19:17 - 2021-02-12 19:17 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-12 18:20 - 2021-02-12 18:20 - 000000000 ____D C:\AdwCleaner
2021-02-12 18:18 - 2021-02-12 18:18 - 000002420 _____ C:\Users\milanek\Desktop\malware log2.txt
2021-02-12 18:17 - 2021-02-12 18:17 - 000002490 _____ C:\Users\milanek\Desktop\Malware log.txt
2021-02-12 18:05 - 2021-02-12 19:24 - 000000000 ____D C:\Users\milanek\AppData\LocalLow\IGDump
2021-02-12 18:04 - 2021-02-12 18:04 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-12 18:04 - 2021-02-12 18:04 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-12 18:04 - 2021-02-12 18:04 - 000002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-12 18:04 - 2021-02-12 18:04 - 000002032 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-12 18:04 - 2021-02-12 18:04 - 000000000 ____D C:\Users\milanek\AppData\Local\mbam
2021-02-12 18:04 - 2021-02-12 18:03 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-12 18:04 - 2021-02-12 18:03 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-12 18:03 - 2021-02-12 18:03 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-12 18:03 - 2021-02-12 18:03 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-12 18:01 - 2021-02-12 18:01 - 002086424 _____ (Malwarebytes) C:\Users\milanek\Desktop\MBSetup.exe
2021-02-12 16:34 - 2021-02-12 19:21 - 000000000 ____D C:\FRST
2021-02-12 16:33 - 2021-02-12 16:33 - 002297344 _____ (Farbar) C:\Users\milanek\Desktop\FRST64.exe
2021-02-12 16:16 - 2021-02-12 16:16 - 000000000 ____D C:\Users\milanek\Desktop\rufus_files
2021-02-12 16:12 - 2021-02-12 16:14 - 736100352 _____ C:\Users\milanek\Desktop\eset_sysrescue_live_enu (2).iso
2021-02-12 16:08 - 2021-02-12 16:26 - 000000270 __RSH C:\ProgramData\ntuser.pol
2021-02-12 16:07 - 2021-02-12 16:07 - 001156152 _____ (Akeo Consulting) C:\Users\milanek\Desktop\rufus-3.13.exe
2021-02-12 16:02 - 2021-02-12 16:04 - 736100352 _____ C:\Users\milanek\Desktop\eset_sysrescue_live_enu (1).iso
2021-02-12 15:57 - 2021-02-12 15:59 - 736100352 _____ C:\Users\milanek\Desktop\eset_sysrescue_live_enu.iso
2021-02-09 09:08 - 2021-02-09 09:08 - 001243284 _____ C:\WINDOWS\Minidump\020921-42859-01.dmp
2021-02-01 07:27 - 2021-02-01 07:27 - 001154276 _____ C:\WINDOWS\Minidump\020121-36484-01.dmp
2021-01-31 07:51 - 2021-02-09 09:08 - 716259020 _____ C:\WINDOWS\MEMORY.DMP
2021-01-31 07:51 - 2021-01-31 08:01 - 001217220 _____ C:\WINDOWS\Minidump\013121-37906-01.dmp
2021-01-19 08:20 - 2021-01-19 08:20 - 000263286 _____ C:\Users\milanek\Desktop\Jízdenka.pdf
2021-01-14 06:14 - 2021-01-14 06:26 - 000303376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-13 20:56 - 2021-01-13 20:56 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 20:55 - 2021-01-13 20:55 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 20:55 - 2021-01-13 20:55 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 20:55 - 2021-01-13 20:55 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 20:55 - 2021-01-13 20:55 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 20:55 - 2021-01-13 20:55 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 20:55 - 2021-01-13 20:55 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 20:55 - 2021-01-13 20:55 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 20:55 - 2021-01-13 20:55 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 20:55 - 2021-01-13 20:55 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 20:54 - 2021-01-13 20:54 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 20:54 - 2021-01-13 20:54 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 20:54 - 2021-01-13 20:54 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 20:54 - 2021-01-13 20:54 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 20:54 - 2021-01-13 20:54 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 20:54 - 2021-01-13 20:54 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 20:54 - 2021-01-13 20:54 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 20:53 - 2021-01-13 20:53 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 20:53 - 2021-01-13 20:53 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-13 20:53 - 2021-01-13 20:53 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-13 20:52 - 2021-01-13 20:52 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 20:52 - 2021-01-13 20:52 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 20:52 - 2021-01-13 20:52 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 20:52 - 2021-01-13 20:52 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 20:52 - 2021-01-13 20:52 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 20:51 - 2021-01-13 20:51 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 20:51 - 2021-01-13 20:51 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 20:51 - 2021-01-13 20:51 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 20:51 - 2021-01-13 20:51 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 20:50 - 2021-01-13 20:50 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 20:50 - 2021-01-13 20:50 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 20:49 - 2021-01-13 20:49 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 20:49 - 2021-01-13 20:49 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 20:49 - 2021-01-13 20:49 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 20:49 - 2021-01-13 20:49 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 20:49 - 2021-01-13 20:49 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-12 19:25 - 2020-08-20 07:33 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 19:25 - 2020-08-20 07:33 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-12 19:21 - 2020-08-19 18:55 - 000004194 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5FCAE6BA-5F98-43BD-B032-CD0FD2E26723}
2021-02-12 19:17 - 2020-08-19 18:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-12 19:17 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-12 19:16 - 2019-03-19 05:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-12 19:15 - 2018-07-18 20:00 - 000000000 ____D C:\ProgramData\Avg
2021-02-12 18:04 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-12 16:08 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-02-12 16:08 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-02-12 15:34 - 2020-08-19 18:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-11 21:15 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-11 21:15 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-11 20:47 - 2020-08-20 07:32 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 20:47 - 2020-08-20 07:32 - 000003348 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-11 20:40 - 2020-08-19 18:19 - 000000000 ____D C:\Users\milanek
2021-02-11 19:21 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-11 19:21 - 2018-04-12 15:26 - 000116488 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2021-02-11 19:21 - 2017-11-30 19:42 - 000195976 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2021-02-11 19:21 - 2017-11-30 19:42 - 000158512 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2021-02-10 08:10 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-10 08:09 - 2015-08-06 11:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-10 08:04 - 2015-08-06 11:22 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-09 09:13 - 2020-08-19 18:34 - 001693640 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-09 09:13 - 2019-03-19 12:55 - 000716944 _____ C:\WINDOWS\system32\perfh005.dat
2021-02-09 09:13 - 2019-03-19 12:55 - 000145024 _____ C:\WINDOWS\system32\perfc005.dat
2021-02-09 09:09 - 2020-08-31 08:46 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-09 00:49 - 2015-08-08 19:49 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-09 00:49 - 2015-08-04 08:11 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-08 22:24 - 2020-08-19 18:55 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1040683045-3520781050-4236757564-1001
2021-02-08 22:24 - 2020-08-19 18:19 - 000002417 _____ C:\Users\milanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-08 22:24 - 2015-08-04 08:50 - 000000000 ___RD C:\Users\milanek\OneDrive
2021-02-08 13:03 - 2019-11-16 11:23 - 000000000 ____D C:\Users\milanek\Downloads\Filmy
2021-02-08 10:34 - 2015-08-06 15:52 - 000000000 ____D C:\Users\milanek\AppData\Roaming\uTorrent
2021-02-05 06:43 - 2020-08-19 18:55 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:43 - 2020-08-19 18:55 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-29 10:14 - 2017-10-27 18:30 - 000000000 _____ C:\end
2021-01-29 10:12 - 2020-07-26 09:18 - 000000612 _____ C:\nsispromotion_log.txt
2021-01-28 07:32 - 2017-11-30 20:32 - 000000000 ____D C:\Users\milanek\AppData\Local\Packages
2021-01-27 21:28 - 2020-07-12 00:03 - 000768569 ____N C:\WINDOWS\Minidump\012721-42968-01.dmp
2021-01-14 12:04 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-14 06:28 - 2016-04-27 07:56 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-14 06:28 - 2015-09-16 11:28 - 000000000 ___RD C:\Users\milanek\3D Objects
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-14 06:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-14 06:21 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-14 06:20 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-14 06:19 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-14 06:19 - 2019-03-19 12:58 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-14 06:19 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 20:49 - 2020-08-19 18:17 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 20:42 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
==================== Files in the root of some directories ========
2015-08-26 07:24 - 2015-08-26 07:24 - 000007602 _____ () C:\Users\milanek\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2021
Ran by milanek (12-02-2021 19:29:08)
Running from C:\Users\milanek\Desktop
Windows 10 Home Version 1909 18363.1316 (X64) (2020-08-19 17:56:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1040683045-3520781050-4236757564-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1040683045-3520781050-4236757564-503 - Limited - Disabled)
Guest (S-1-5-21-1040683045-3520781050-4236757564-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1040683045-3520781050-4236757564-1003 - Limited - Enabled)
milanek (S-1-5-21-1040683045-3520781050-4236757564-1001 - Administrator - Enabled) => C:\Users\milanek
WDAGUtilityAccount (S-1-5-21-1040683045-3520781050-4236757564-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Disabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
AVG TuneUp (HKLM\...\AVG TuneUp) (Version: 20.1.2191.714 - AVG)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: - )
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{546FF45D-2467-4950-AAFB-0A06ACBB6B2C}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.224 - DivX, LLC)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
DTS+AC3 ÇĘĹÍ (HKLM-x32\...\DtsFilter) (Version: - )
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 13.2.18.0 - ESET, spol. s r.o.)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
forteManager (HKLM-x32\...\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}) (Version: 3.15 - LG Soft India)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
GOM Audio (HKLM-x32\...\GomAudio) (Version: 2.2.2.0 - Gretech Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.61.5325 - GOM & Company)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.150 - Google LLC)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0112.135 - Mio Technology)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 22.0.2 - OBS Project)
OpenOffice 4.1.3 (HKLM-x32\...\{7308600A-5231-459C-A3E2-A637F842CACA}) (Version: 4.13.9783 - Apache Software Foundation)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype verze 8.63 (HKLM-x32\...\Skype_is1) (Version: 8.63 - Skype Technologies S.A.)
Sound Blaster X-Fi Surround 5.1 (HKLM-x32\...\{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}) (Version: 1.0 - )
UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.0.3 - Lenovo)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{0BAA0A93-3AD3-4B19-9105-4C8C3FA92A83}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VDownloader 4.4.2350 (HKLM\...\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1) (Version: - Vitzo Limited)
VisualSubSync (remove only) (HKLM-x32\...\VisualSubSync) (Version: - )
WhatsApp (HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\WhatsApp) (Version: 0.3.2386 - WhatsApp)
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1951.1.0_x86__kgqvnymyfvs32 [2021-02-08] (king.com)
Dailymotion -> C:\Program Files\WindowsApps\DailymotionSA.Dailymotion_10.2101.5.0_x64__6dqnvyezrysvy [2021-01-19] (Dailymotion)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-11] (Microsoft Corporation)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-02-27] (Instagram)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-02-04] (LENOVO INC.)
Live TV -> C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716 [2017-03-10] (FilmOn TV Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
MSN Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-10] (Microsoft Corporation) [MS Ad]
MSN Gurmánský svět -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-10] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Zdraví a fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-03-10] (Microsoft Corporation) [MS Ad]
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2017-03-10] (CYBERLINK COM CORPORATION)
Skyscanner -> C:\Program Files\WindowsApps\Skyscanner.Skyscanner_1.4.2.0_neutral__623c9he0pwcym [2017-03-10] (Skyscanner)
The Weather Channel for Lenovo -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforLenovo_2015.1013.1.0_x64__t3yemqpq4kp7p [2017-03-10] (The Weather Channel.)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2019-08-01] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-02-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-02-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5-x32: [FMDesktopMenu] -> {83AE6768-28C3-4057-A4A0-21AADA4B88E3} => C:\Program Files (x86)\LG Soft India\forteManager\bin\ContextMenu.dll [2008-12-12] () [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2021-02-11] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\milanek\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_dkncgicdohgfdncecojfiapgebmlnaoc\Seznam.cz.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
ShortcutWithArgument: C:\Users\milanek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Seznam.cz.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=dkncgicdohgfdncecojfiapgebmlnaoc
==================== Loaded Modules (Whitelisted) =============
2015-01-08 19:35 - 2011-05-17 22:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (Canon Inc. -> CANON INC.)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2017-01-30 16:27 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files\VDownloader;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\milanek\OneDrive\Fotky\Sri Lanka 2017\P1000302.JPG
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "forteManager.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_LENOVO_MICPKEY"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "UpdateP2GoShortCut"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\...\StartupApproved\Run: => "SplitCam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{48ABC6EA-172C-4FE7-8400-E6310697F26F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{BF962758-092B-423F-A4CC-2972DC9472FC}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (chen jun hao -> Free Time) [File not signed]
FirewallRules: [{C932AE42-DCC9-4F60-AA60-B5A78D5BEF43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{5E9F0DF7-17CB-4A4F-89CB-277C39C1BCC1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{7D928A5D-0D26-4202-8FED-AD5BA83473E0}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{7280CFB2-FCE3-40C2-9391-731B1CD99BF1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc -> Raptr, Inc)
FirewallRules: [{E154C401-E193-4CE4-8797-9ECC5F2F3CA4}] => (Allow) C:\Users\milanek\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{7EA5905C-F9AA-4373-8B1F-9C3B9290A2A4}] => (Allow) C:\Users\milanek\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{2A67BE44-7BDA-41E1-B0DB-D21DFD85625F}C:\users\milanek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\milanek\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{695CEB33-5197-41D7-9380-4C3F877973E7}C:\users\milanek\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\milanek\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C5AFC5D4-E2C8-4C00-B9A3-358EE7C72D23}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E224C8F-79F5-467E-A31B-899B234597AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E8A3213-925E-4635-B6B3-ED52B5EF718B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{069A1A03-4335-47A7-BB43-C4ED0E7979BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{62022249-DEFE-4824-BA4E-B61470F15B31}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{50525786-EC4A-4E6A-B9B4-62414CFEB604}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84EBFBA5-C2FE-4C3B-8723-DF04E32FBA21}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
22-01-2021 04:26:28 Naplánovaný kontrolní bod
31-01-2021 08:09:16 Naplánovaný kontrolní bod
09-02-2021 13:24:54 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/12/2021 07:25:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4388,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 06:25:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8312,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:33:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8160,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 06:08:27 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8592,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:52:37 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2540,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:42:22 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7912,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:13:23 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2368,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (02/12/2021 04:07:45 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Windows\System32\svchost.exe, identifikátor PID: 3128, identifikátor PID ProfSvc: 1448.
System errors:
=============
Error: (02/12/2021 07:22:27 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:19:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {784E29F4-5EBE-4279-9948-1E8FE941646D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:18:12 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:16:56 PM) (Source: GeneStor) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/12/2021 07:15:23 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:15:23 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:15:23 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/12/2021 07:15:22 PM) (Source: DCOM) (EventID: 10010) (User: BALU)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
=================
Date: 2020-11-27 14:39:09.176
Description:
Prohled�v�n� Antivirov� ochrana v programu Windows Defender bylo zastaveno p�ed dokon�en�m.
ID prohled�v�n�: {BBEA87C9-FFD7-4894-BC7F-4C4B3FBD14CD}
Typ prohled�v�n�: Antimalwarov� program
Parametry prohled�v�n�: Rychl� prohled�v�n�
U�ivatel: NT AUTHORITY\SYSTEM
CodeIntegrity:
=================
Date: 2021-02-12 19:20:47.405
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:44.095
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:44.073
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:43.752
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:43.724
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:27.163
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:27.141
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-02-12 19:20:27.082
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET NOD32 Antivirus\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: LENOVO O07KT49AUS 12/18/2014
Motherboard: LENOVO Aptio CRB
Processor: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Percentage of memory in use: 76%
Total physical RAM: 3988.55 MB
Available physical RAM: 935.07 MB
Total Virtual: 8084.55 MB
Available Virtual: 4994.91 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:712.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DVD_VIDEO_RECORDER) (CDROM) (Total:2.2 GB) (Free:0 GB) UDF
\\?\Volume{9e7852fe-95f4-440b-9e09-3a652e86bdbe}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.7 GB) NTFS
\\?\Volume{2ee00a71-e0d1-46e6-9501-36bdaa21942d}\ (PBR_DRV) (Fixed) (Total:24.41 GB) (Free:14.03 GB) NTFS
\\?\Volume{89da29b1-426d-48b0-a4de-bcd82e018745}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9F437DC7)
Partition: GPT.
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Emotet
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {31B37CEF-D396-4257-B7E3-0DA1F284CED5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {54641D57-7D4D-405A-99A8-3E35EAEA58B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
Task: {588C834B-5B50-4945-91FD-914D3F9D9DBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} URL =
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Emotet
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2021
Ran by milanek (12-02-2021 20:14:57) Run:1
Running from C:\Users\milanek\Desktop
Loaded Profiles: milanek
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {31B37CEF-D396-4257-B7E3-0DA1F284CED5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {54641D57-7D4D-405A-99A8-3E35EAEA58B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
Task: {588C834B-5B50-4945-91FD-914D3F9D9DBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} URL =
EmptyTemp:
End
*****************
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B37CEF-D396-4257-B7E3-0DA1F284CED5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B37CEF-D396-4257-B7E3-0DA1F284CED5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54641D57-7D4D-405A-99A8-3E35EAEA58B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54641D57-7D4D-405A-99A8-3E35EAEA58B5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{588C834B-5B50-4945-91FD-914D3F9D9DBD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{588C834B-5B50-4945-91FD-914D3F9D9DBD}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 152792943 B
Java, Flash, Steam htmlcache => 1920 B
Windows/system/drivers => 4861440 B
Edge => 3368945 B
Chrome => 741498886 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 179264 B
NetworkService => 179264 B
milanek => 70652570 B
RecycleBin => 974771482 B
EmptyTemp: => 1.8 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:20:29 ====
Ran by milanek (12-02-2021 20:14:57) Run:1
Running from C:\Users\milanek\Desktop
Loaded Profiles: milanek
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {31B37CEF-D396-4257-B7E3-0DA1F284CED5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {54641D57-7D4D-405A-99A8-3E35EAEA58B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
Task: {588C834B-5B50-4945-91FD-914D3F9D9DBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-04] (Google Inc -> Google Inc.)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1040683045-3520781050-4236757564-1001 -> {D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} URL =
EmptyTemp:
End
*****************
Processes closed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B37CEF-D396-4257-B7E3-0DA1F284CED5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B37CEF-D396-4257-B7E3-0DA1F284CED5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54641D57-7D4D-405A-99A8-3E35EAEA58B5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54641D57-7D4D-405A-99A8-3E35EAEA58B5}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{588C834B-5B50-4945-91FD-914D3F9D9DBD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{588C834B-5B50-4945-91FD-914D3F9D9DBD}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKU\S-1-5-21-1040683045-3520781050-4236757564-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7F36B65-F1FA-4B5F-9544-6E3C083CB33A} => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 152792943 B
Java, Flash, Steam htmlcache => 1920 B
Windows/system/drivers => 4861440 B
Edge => 3368945 B
Chrome => 741498886 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 179264 B
NetworkService => 179264 B
milanek => 70652570 B
RecycleBin => 974771482 B
EmptyTemp: => 1.8 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:20:29 ====
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Emotet
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Emotet
Tak to já bohužel nepoznám. Já jsem problém neměl. Jenže banka mě zablokovala účet, z důvodu napadení mého PC virem Emotet. Takže se pokusím obnovit a uvidíme.
A vy jste tam ten Emotet našel?
A vy jste tam ten Emotet našel?
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Emotet
Musel bych vědět, v kterém souboru, či registry klíči byl. PC jsem kompletně vyčistil, ale pokud se někde skrýval před skenem, mohl by tam zůstat. Je to speciální bankovní troják.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Emotet
Tak to fakt nevím. Myslíte, že by v tomto případě pomohla služba neslape.cz?
-
Rudy
- Site Admin
- Příspěvky: 118254
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Emotet
Služba nešlape provede jen to, co jsem vám zde prováděl já. Má sice více možností, než my (např. má právně ošetřen vzdálený přístup do PC - my nikoliv) a navíc si jí zaplatíte. Můžete ale ještě provést sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co eventuálně najde.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?