Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola logu po xmrig

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Urbam
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 08 čer 2021 20:26

Kontrola logu po xmrig

#1 Příspěvek od Urbam »

Dobrý den prosím o kontrolu logu.
nainstaloval jsem xmrig, a chtěl těžit. po pár dnech mi PC nevidí WIFI síť od O2, i když jiná zařízení se k wifi připojí. PC vidí i třeba když spustím hotspot z telefonu. Na internet je PC připojene přes kabel. nějaké další problémy (zpomalení apod) se nezdá.
Projel jsem Kaspersky antivirem a snažil jsem se vyčistit.
Jediné co se změnilo byla instalace xmrig, tak jestli něco neudělal on.
prosím o kontrolu děkuji

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-06-2021
Ran by ordinace_2 (administrator) on PC-HLAVNI (ATComputers ALZA) (09-06-2021 10:55:49)
Running from C:\Users\ordinace_2\Desktop
Loaded Profiles: ordinace_2 & MSSQL$DATA
Platform: Windows 10 Pro Version 20H2 19042.1023 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <27>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Ing. Karel Rubáš, HoboSoft® -> HoboSoft® Ing. Karel Rubáš) D:\hobosoft\Stomatolog\Bin\Stomat.bin
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_48973fc6c96c696a\RstMwService.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.DATA\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SIRONA Dental Systems GmbH) [File not signed] C:\Program Files\Sirona\SIDEXIS4\OptionsManager3G.exe
(SIRONA Dental Systems GmbH) [File not signed] C:\Program Files\Sirona\SIDEXIS4\Sidexis4.exe
(Sirona Dental Systems GmbH) [File not signed] C:\Program Files\Sirona\SIDEXIS4\XG\NGPIMan.exe
(Sirona Dental, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Schick Technologies\Shared Files\MarconiService.exe
(Sirona Dental, Inc.) [File not signed] C:\Program Files (x86)\Schick Technologies\Shared Files\MarconiMonitor.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Value Added Tehnologies Co.,Ltd) [File not signed] C:\EasyDent4\File Server\FileServer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [FileServer] => C:\EasyDent4\File Server\FileBackUp.exe [36864 2007-03-12] (Value Added Technologies Co.,Ltd) [File not signed]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-05-05] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-03-10] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296352 2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\ProgramData\Autodesk\Genuine Service\x64\GenuineService.exe [2913648 2021-05-10] (Autodesk, Inc. -> Autodesk)
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\MountPoints2: {11298201-a8bd-11eb-8eed-c38db3d2b80d} - "G:\HiSuiteDownLoader.exe" 
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-05-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-05-28] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Monitor.lnk [2021-01-28]
ShortcutTarget: Wireless Monitor.lnk -> C:\Program Files (x86)\Schick Technologies\Shared Files\MarconiMonitor.exe (Sirona Dental, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CF5E128-68CF-4E63-BD79-318DFB66A2DA} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [89840 2014-10-19] (Hewlett-Packard Company -> Hewlett Packard)
Task: {2459DC5E-A2B3-45BC-B169-1E58E627DC1A} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {24E65DB6-FB51-49A6-A2A2-AAFA430309F1} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {25DA87CD-C4A8-416A-858A-C364C4DDD7E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2BAEAB6D-83C9-43F9-A285-2D52FF9D7808} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {661FAF78-FC45-440E-B99B-94C11DF770C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-16] (Google LLC -> Google LLC)
Task: {678C843C-A0EA-4911-9449-DA9200FFC4EC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {7F339252-B2E1-49E2-BD7B-B21C38ECEF06} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {AB0D4E7E-B353-4850-98F6-B41326A97BE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-16] (Google LLC -> Google LLC)
Task: {F4714F2A-5BFD-4CF0-AEFF-789C56669DA3} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe [622168 2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{783d6656-b6d5-4145-b63a-99cafed18757}: [NameServer] 10.0.1.138

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-09]
Edge Extension: (Outlook) - C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-16]
Edge Extension: (Word) - C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-16]
Edge Extension: (Excel) - C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-16]
Edge Extension: (PowerPoint) - C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-16]
Edge HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-05-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-05-05] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR Profile: C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default [2021-06-09]
CHR Extension: (Prezentace) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16]
CHR Extension: (Ochrana Kaspersky) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-06-09]
CHR Extension: (Podepisovací komponenta Signer) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\alldahcdhngmcjagmefklhhecboiigni [2021-02-03]
CHR Extension: (Dokumenty) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16]
CHR Extension: (Disk Google) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16]
CHR Extension: (YouTube) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16]
CHR Extension: (Adobe Acrobat) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-16]
CHR Extension: (Tabulky) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-31]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-05-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-10] (HP Inc. -> HP Inc.)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [357272 2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$DATA; C:\Program Files\Microsoft SQL Server\MSSQL12.DATA\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$DATA; C:\Program Files\Microsoft SQL Server\MSSQL12.DATA\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\NisSrv.exe [2644760 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MsMpEng.exe [136656 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2021-06-08] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657696 2021-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1439456 2021-05-08] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [253736 2021-06-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [263888 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [309104 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [115744 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [224880 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425208 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
U2 sqlserveragent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-09 10:55 - 2021-06-09 10:56 - 000027669 _____ C:\Users\ordinace_2\Desktop\FRST.txt
2021-06-09 10:55 - 2021-06-09 10:56 - 000000000 ____D C:\FRST
2021-06-09 10:54 - 2021-06-09 09:44 - 002300416 _____ (Farbar) C:\Users\ordinace_2\Desktop\FRST64.exe
2021-06-09 09:57 - 2021-06-09 09:57 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\Kaspersky Lab
2021-06-09 09:44 - 2021-06-09 09:44 - 002300416 _____ (Farbar) C:\Users\ordinace_2\Downloads\FRST64.exe
2021-06-09 09:43 - 2021-06-09 09:43 - 000309104 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-06-09 09:42 - 2021-06-09 09:42 - 000263888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-06-09 09:42 - 2021-06-09 09:42 - 000224880 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2021-06-09 09:42 - 2021-06-09 09:42 - 000115744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2021-06-09 09:42 - 2021-06-09 09:42 - 000003392 _____ C:\Windows\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-06-09 09:42 - 2021-06-09 09:42 - 000003192 _____ C:\Windows\system32\Tasks\kpm_tray.exe
2021-06-09 09:42 - 2021-06-09 09:42 - 000001234 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2021-06-09 09:42 - 2021-06-09 09:42 - 000001170 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-06-09 09:42 - 2021-06-09 09:42 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2021-06-09 09:42 - 2021-06-09 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-06-09 09:42 - 2021-06-09 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-06-09 09:42 - 2021-06-09 09:42 - 000000000 ____D C:\Program Files\Common Files\AV
2021-06-09 09:41 - 2021-06-09 09:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-06-09 09:41 - 2021-06-09 09:42 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-06-09 09:41 - 2021-06-09 09:41 - 000002173 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2021-06-09 09:41 - 2021-06-09 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2021-06-09 09:41 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2021-06-09 09:41 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2021-06-09 09:41 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2021-06-09 09:39 - 2021-06-09 09:39 - 002765696 _____ (Kaspersky) C:\Users\ordinace_2\Downloads\kav21.3.10.391cs_25685.exe
2021-06-08 22:42 - 2021-06-09 09:55 - 118751232 _____ C:\Windows\system32\config\SOFTWARE
2021-06-08 22:39 - 2021-06-08 22:42 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-06-08 15:56 - 2021-06-08 15:56 - 002270385 _____ C:\Users\ordinace_2\Downloads\Majner.Fr.47.pdf
2021-06-08 15:54 - 2021-06-08 15:55 - 002270385 _____ C:\Users\ordinace_2\Documents\Majner.Fr.47.pdf
2021-06-08 15:10 - 2021-06-08 15:10 - 000037291 _____ C:\Users\ordinace_2\Downloads\stáhnout.htm
2021-06-08 15:09 - 2021-06-09 10:56 - 000109342 _____ C:\Windows\ZAM.krnl.trace
2021-06-08 15:09 - 2021-06-08 15:09 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2021-06-08 15:09 - 2021-06-08 15:09 - 000003556 _____ C:\Windows\system32\Tasks\AMHelper
2021-06-08 15:09 - 2021-06-08 15:09 - 000002676 _____ C:\Windows\system32\Tasks\AMSkipUAC
2021-06-08 15:09 - 2021-06-08 15:09 - 000001340 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2021-06-08 15:09 - 2021-06-08 15:09 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\Zemana
2021-06-08 15:09 - 2021-06-08 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2021-06-08 15:09 - 2021-06-08 15:09 - 000000000 ____D C:\Program Files (x86)\Zemana
2021-06-08 15:08 - 2021-06-08 15:24 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\AMSDK
2021-06-08 15:08 - 2021-06-08 15:08 - 013922376 _____ (Zemana Ltd. ) C:\Users\ordinace_2\Downloads\AntiMalware_Setup.exe
2021-06-08 11:55 - 2021-06-08 11:55 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-06-08 11:55 - 2021-06-08 11:55 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-06-08 11:55 - 2021-06-08 11:55 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-06-08 11:55 - 2021-06-08 11:55 - 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2021-06-08 11:55 - 2021-06-08 11:55 - 001823792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-06-08 11:55 - 2021-06-08 11:55 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-06-08 11:55 - 2021-06-08 11:55 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-06-08 11:55 - 2021-06-08 11:55 - 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-06-08 11:55 - 2021-06-08 11:55 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-06-08 11:55 - 2021-06-08 11:55 - 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-06-08 11:55 - 2021-06-08 11:55 - 000451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-06-08 11:55 - 2021-06-08 11:55 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-06-08 11:55 - 2021-06-08 11:55 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-06-08 11:55 - 2021-06-08 11:55 - 000097280 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-06-08 11:55 - 2021-06-08 11:55 - 000011327 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-06-08 11:54 - 2021-06-08 11:54 - 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-06-08 11:54 - 2021-06-08 11:54 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-06-08 11:54 - 2021-06-08 11:54 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-06-08 11:21 - 2021-06-08 11:21 - 000000000 ____D C:\Users\ordinace_2\Documents\FeedbackHub
2021-06-07 13:52 - 2021-06-07 13:52 - 000536385 _____ C:\Users\ordinace_2\Documents\Zrušení_smlouvy1200124794 podepsaná.pdf
2021-06-07 13:52 - 2021-06-07 13:52 - 000514857 _____ C:\Users\ordinace_2\Documents\změna správce ps podepsaná.pdf
2021-06-07 13:51 - 2021-06-07 13:51 - 000442325 _____ C:\Users\ordinace_2\Documents\změna správce ps.pdf
2021-06-07 13:50 - 2021-06-07 13:50 - 000463851 _____ C:\Users\ordinace_2\Documents\Zrušení_smlouvy1200124794.pdf
2021-06-07 09:32 - 2021-06-07 09:32 - 000000036 _____ C:\Windows\SysWOW64\id.dat
2021-06-04 13:53 - 2021-06-04 14:24 - 000000000 ____D C:\ProgramData\bitmonero
2021-06-04 13:53 - 2021-06-04 13:53 - 000000000 ____D C:\Users\ordinace_2\Documents\Monero
2021-06-04 13:53 - 2021-06-04 13:53 - 000000000 ____D C:\ProgramData\.shared-ringdb
2021-06-04 13:52 - 2021-06-07 07:49 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\monero-wallet-gui
2021-06-04 13:40 - 2021-06-04 13:40 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\Ledger Live
2021-06-04 13:40 - 2021-06-04 13:40 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\ledger-live-desktop-updater
2021-06-04 12:34 - 2021-06-04 12:34 - 000000000 ____D C:\Users\ordinace_2\Downloads\Nová složka
2021-06-04 12:34 - 2021-06-04 12:34 - 000000000 ____D C:\Users\ordinace_2\Downloads\hk
2021-06-04 11:43 - 2021-06-04 11:43 - 000335602 _____ C:\Users\ordinace_2\Documents\VoZP kompenzace sestry.pdf
2021-06-03 16:49 - 2021-06-03 19:50 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\MultiDoge
2021-06-03 16:46 - 2021-06-03 16:46 - 000164640 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2021-06-03 16:46 - 2021-06-03 16:46 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\Sun
2021-06-03 16:46 - 2021-06-03 16:46 - 000000000 ____D C:\Users\ordinace_2\AppData\LocalLow\Sun
2021-06-03 16:46 - 2021-06-03 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-06-03 16:46 - 2021-06-03 16:46 - 000000000 ____D C:\Program Files (x86)\Java
2021-06-03 16:18 - 2021-06-04 09:48 - 000000000 ____D C:\Users\ordinace_2\Documents\Doge
2021-05-28 07:58 - 2021-05-28 07:58 - 000065160 _____ (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2021-05-28 07:58 - 2021-05-28 07:58 - 000035992 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 001687040 _____ C:\Windows\system32\libcrypto.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-05-12 14:14 - 2021-05-12 14:14 - 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-05-12 14:14 - 2021-05-12 14:14 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 000153600 _____ C:\Windows\system32\uwfcfgmgmt.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-05-12 14:14 - 2021-05-12 14:14 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-05-11 07:55 - 2021-05-11 07:55 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-09 10:54 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-09 10:41 - 2020-09-29 11:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-06-09 10:08 - 2021-03-10 17:39 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-06-09 10:03 - 2020-09-29 11:36 - 001976050 _____ C:\Windows\system32\PerfStringBackup.INI
2021-06-09 10:03 - 2020-05-26 10:29 - 000815972 _____ C:\Windows\system32\perfh005.dat
2021-06-09 10:03 - 2020-05-26 10:29 - 000184358 _____ C:\Windows\system32\perfc005.dat
2021-06-09 10:03 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-06-09 09:56 - 2021-03-10 17:50 - 000000000 ___RD C:\Users\ordinace_2\Creative Cloud Files
2021-06-09 09:56 - 2021-01-16 16:46 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-06-09 09:56 - 2021-01-16 10:20 - 000000000 __SHD C:\Users\ordinace_2\IntelGraphicsProfiles
2021-06-09 09:56 - 2020-09-29 11:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-09 09:56 - 2020-09-29 11:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-06-09 09:56 - 2020-09-29 11:30 - 000000000 ____D C:\Intel
2021-06-09 09:55 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-06-09 09:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-06-09 09:41 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-06-09 09:38 - 2021-03-10 17:38 - 000000000 ____D C:\Program Files\Adobe
2021-06-09 02:27 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-06-08 16:34 - 2020-09-29 11:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-08 15:58 - 2021-03-10 17:56 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-06-08 15:58 - 2021-03-10 17:56 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-06-08 12:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2021-06-08 12:03 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-06-08 12:01 - 2020-09-29 11:30 - 000490264 _____ C:\Windows\system32\FNTCACHE.DAT
2021-06-08 12:00 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-06-08 11:57 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-06-08 11:47 - 2021-01-16 12:27 - 000000000 ___HD C:\$WinREAgent
2021-06-08 11:23 - 2021-03-10 17:38 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-06-07 10:36 - 2021-04-06 13:02 - 000000000 ____D C:\Program Files (x86)\Autodesk
2021-06-07 10:36 - 2021-04-06 12:51 - 000000000 ____D C:\ProgramData\Autodesk
2021-06-07 10:36 - 2021-04-06 12:50 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\Autodesk
2021-06-07 10:34 - 2021-04-06 12:53 - 000000000 ____D C:\Program Files\Autodesk
2021-06-07 10:33 - 2021-04-06 12:51 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\Autodesk Installer
2021-06-07 10:31 - 2021-04-06 12:51 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\Autodesk
2021-06-07 10:22 - 2021-01-28 16:52 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\D3DSCache
2021-06-05 21:27 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-05 17:23 - 2020-09-29 11:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-06-05 14:23 - 2021-01-16 17:59 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-05 14:23 - 2021-01-16 17:59 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-29 07:29 - 2021-01-16 10:22 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1930677817-3247307296-2436609557-1001
2021-05-29 07:29 - 2021-01-16 10:22 - 000000000 ___RD C:\Users\ordinace_2\OneDrive
2021-05-29 07:29 - 2021-01-16 10:19 - 000002387 _____ C:\Users\ordinace_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-27 01:59 - 2021-01-16 15:40 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-27 01:59 - 2021-01-16 15:40 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-12 18:22 - 2019-12-07 11:51 - 000000000 ____D C:\Windows\system32\OpenSSH
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\DiagTrack
2021-05-12 18:21 - 2021-01-16 10:19 - 000000000 ____D C:\Users\ordinace_2
2021-05-12 14:16 - 2019-12-07 11:54 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-05-12 14:07 - 2021-01-16 17:56 - 000000000 ____D C:\Windows\system32\MRT
2021-05-12 14:05 - 2021-04-06 12:53 - 000000000 ____D C:\Program Files\dotnet
2021-05-12 14:05 - 2021-01-16 17:56 - 132732536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-05-12 14:05 - 2020-09-29 11:34 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-11 07:54 - 2021-04-14 09:12 - 000000000 ____D C:\Windows\system32\Tasks\HP

==================== Files in the root of some directories ========

2021-03-10 17:57 - 2021-03-10 17:57 - 000000000 _____ () C:\Users\ordinace_2\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu po xmrig

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Urbam
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 08 čer 2021 20:26

Re: Kontrola logu po xmrig

#3 Příspěvek od Urbam »

dobrýden,
děkuji za odpověd.
tady vypis, zdá se že nic.

Kód: Vybrat vše

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-09-2021
# Duration: 00:00:05
# OS:       Windows 10 Pro
# Scanned:  31965
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu po xmrig

#4 Příspěvek od Rudy »

Toto je OK. Přidejte ještě log Addition, je na ploše v souboru addition.txt a dočistíme ručně.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Urbam
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 08 čer 2021 20:26

Re: Kontrola logu po xmrig

#5 Příspěvek od Urbam »

dobrý den,
dostal jsem se k tomu až dnes, tady výpis

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-06-2021
Ran by ordinace_2 (09-06-2021 10:56:51)
Running from C:\Users\ordinace_2\Desktop
Windows 10 Pro Version 20H2 19042.1023 (X64) (2020-09-29 11:05:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1930677817-3247307296-2436609557-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1930677817-3247307296-2436609557-503 - Limited - Disabled)
Guest (S-1-5-21-1930677817-3247307296-2436609557-501 - Limited - Enabled)
ordinace_2 (S-1-5-21-1930677817-3247307296-2436609557-1001 - Administrator - Enabled) => C:\Users\ordinace_2
WDAGUtilityAccount (S-1-5-21-1930677817-3247307296-2436609557-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.5.550 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
AEC-DATA pro ArCon (Designer ploch) - LB 11-2020 (HKLM-x32\...\AEC-DATA pro ArCon (Designer ploch) - LB 11-2020_is1) (Version: 2020.11 - SOFTconsult spol. s.r.o.)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version:  - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version:  - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version:  - Microsoft)
AutoCAD Open in Desktop (HKLM\...\{1C66A0B0-784E-4777-97B3-93F843D1C8CF}) (Version: 1.0.20.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{9C2E49CB-F671-47EC-8093-CC1A8749A92A}) (Version: 3.2.1 - Autodesk)
Autodesk Genuine Service (HKLM\...\{1C5DB7B1-CE18-438C-B071-3AD6B8ADA5A0}) (Version: 4.4.0.85 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{B9F5BDED-021C-4926-8518-4FA7114B7040}) (Version: 12.3.3.1803 - Autodesk)
Dentsply Sirona Sidexis 4 (HKLM\...\{430E1156-6996-42D9-AF5F-A0ACB11AB430}) (Version: 4.3.0.0 - Sirona Dental Systems GmbH)
EasyDent V4 (Multi-Language) (HKLM-x32\...\{A8A75EB1-1364-4C0F-9DD2-49C2FF1A2865}) (Version: 4.1.5.9 - Vatech)
Excel (HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.77 - Google LLC)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 15.0.15309.1258 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLJProMFPM127M128 (HKLM-x32\...\{B5409C23-DE0C-4B48-8C8A-50AE38694955}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
HPLJUTM127_128 (HKLM-x32\...\{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}) (Version: 008.000.0001 - HP) Hidden
hppM125LaserJetService (HKLM-x32\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{7504A7B0-003E-4875-A454-B627E127E9D9}) (Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (HKLM-x32\...\{10D7EBAF-A550-48CD-8511-7D947184EE44}) (Version: 080.046.00112 - Hewlett-Packard) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{b666e502-9089-483b-9816-0774ccc9cb61}) (Version: 10.1.18295.8201 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1937.12.0.1312 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7985 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.57.263.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{cca61e5e-7498-4d07-925c-194b016c272e}) (Version: 1.57.263.0 - Intel Corporation) Hidden
Java 8 Update 291 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kaspersky Password Manager (HKLM-x32\...\{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab) Hidden
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{B2F7333E-6C8D-4994-AAC4-FEC8EBBF9611}) (Version: 9.0.2.767 - Kaspersky Lab)
Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: 21.3.10.391 - Kaspersky)
Messenger 97.11.116 (HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 97.11.116 - Facebook, Inc.)
Microsoft .NET Core Runtime - 3.1.15 (x64) (HKLM-x32\...\{dd692d58-33e1-46f9-94e4-bfa34502d743}) (Version: 3.1.15.30014 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.15 - Shared Framework (HKLM-x32\...\{6d409965-38ab-45c2-b232-f99e51100815}) (Version: 3.1.15.21215 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.41 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{537203CB-708E-43A3-BA16-3D5C14A587BB}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiDoge 0.1.7 (HKLM-x32\...\MultiDoge 0.1.7) (Version: 0.1.7 - )
OpenOffice 4.1.7 (HKLM-x32\...\{E3E3C1D4-6886-4EDB-9F12-335641465055}) (Version: 4.17.9800 - Apache Software Foundation)
Outlook (HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8702.1 - Realtek Semiconductor Corp.)
Schick WiFi Driver (HKLM-x32\...\{2942A71C-EDBD-4351-8A0C-C0985A3627FF}) (Version: 5.5.981.6176 - Sirona Dental, Inc.)
Signer for browser 1.0 (HKLM-x32\...\{FA2B17BD-D866-4793-B1DC-56B2EE0A4851}_is1) (Version:  - Asseco Central Europe, a.s.)
Sirona XIOS XG Dynamic Sharpen Slider 1.2 (HKLM-x32\...\{96A04C69-5425-4910-AFCD-51E0D7ED8840}) (Version: 1.2.0.0 - Sirona Dental Systems GmbH)
Sirona XIOS XG Select / Supreme 1.2 (HKLM-x32\...\{56F01108-A577-43D2-909A-6C22F744BB9F}) (Version: 1.2.0.0 - Sirona Dental Systems GmbH)
Speciální aplikace Autodesk (HKLM-x32\...\{46EA8955-D629-4B3E-AAF0-D136031D7C95}) (Version: 3.2.1 - Autodesk)
SQL Server 2014 Client Tools (HKLM\...\{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Client Tools (HKLM\...\{B5ECFA5C-AC4F-45A4-A12E-A76ABDD9CCBA}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{75A54138-3B98-4705-92E4-F619825B121F}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (HKLM\...\{839EF29A-3055-43DC-ADCE-8E84893798D5}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Stomatolog verze 2.4 sestavení 9/0 (HKLM-x32\...\Stomatolog_is1) (Version: 2.4.9/0 - HoboSoft)
Sweet Home 3D version 6.5 (HKLM\...\Sweet Home 3D_is1) (Version: 6.5 - eTeks)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.18.5 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WhatsApp (HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\WhatsApp) (Version: 2.2110.12 - WhatsApp)
WiFi Configuration Utility (HKLM-x32\...\{E7D4BC6A-4A84-4F29-AE23-89670C7DE3B7}) (Version: 5.5.981.6176 - Sirona Dental)
Word (HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zemana AntiMalware verze 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)
Zoom (HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\ZoomUMX) (Version: 5.5.4 (13142.0301) - Zoom Video Communications, Inc.)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-03-10] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-03-10] (Adobe Systems Incorporated)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-10] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-05] (Microsoft Studios) [MS Ad]
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-05-10] (INTEL CORP) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0 [2021-05-30] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-093C144BF6B3} -> [Creative Cloud Files] => C:\Users\ordinace_2\Creative Cloud Files [2021-03-10 17:50]
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> D:\Autodesk\AutoCAD 2022\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> D:\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> D:\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Autodesk\AutoCAD 2022\cs-CZ\acadficn.dll => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\shellex.dll [2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ordinace_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\ordinace_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\ordinace_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\ordinace_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============

2016-03-11 11:44 - 2016-03-11 11:44 - 001443840 _____ () [File not signed] [File is in use] C:\Program Files\Sirona\SIDEXIS4\CefSharp.Core.dll
2018-05-30 13:58 - 2018-05-30 13:58 - 003264000 _____ () [File not signed] [File is in use] C:\Program Files\Sirona\SIDEXIS4\SOUP\ManagedDcmtkWrapper2\ManagedDcmtkWrapper2.dll
2017-04-06 11:21 - 2017-04-06 11:21 - 000076288 _____ () [File not signed] [File is in use] C:\Program Files\Sirona\SIDEXIS4\SOUP\NGFilterWrapper\NGFilterWrapper.dll
2015-03-17 02:34 - 2015-03-17 02:34 - 000010240 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\cs_cz\acrotray.cze
2016-03-11 11:44 - 2016-03-11 11:44 - 069952512 _____ () [File not signed] C:\Program Files\Sirona\SIDEXIS4\libcef.dll
2013-01-08 15:29 - 2013-01-08 15:29 - 000086092 _____ () [File not signed] C:\Program Files\Sirona\SIDEXIS4\XG\NGXml.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000016384 _____ () [File not signed] D:\hobosoft\Stomatolog\Bin\Cavo3usr.DLL
2021-01-26 09:24 - 2015-11-24 09:25 - 001190400 _____ () [File not signed] D:\hobosoft\Stomatolog\Bin\CertDataExtractorDynWrapper.DLL
2021-01-26 09:24 - 2008-05-26 12:09 - 001988096 _____ () [File not signed] D:\hobosoft\Stomatolog\Bin\FabPaint.DLL
2021-01-26 09:24 - 2016-05-04 18:49 - 000269824 _____ () [File not signed] D:\hobosoft\Stomatolog\Bin\JBHTTPsDynWrapper.DLL
2021-01-26 09:24 - 2016-05-04 20:25 - 000011776 _____ () [File not signed] D:\hobosoft\Stomatolog\Bin\JBMD5DynWrapper.DLL
2021-01-26 09:24 - 2018-11-20 14:41 - 000048128 _____ () [File not signed] D:\hobosoft\Stomatolog\Bin\TB.DLL
2021-01-26 09:24 - 2004-11-11 08:31 - 000057856 _____ () [File not signed] D:\hobosoft\Stomatolog\Bin\UNZDLL.DLL
2021-01-26 09:24 - 2004-11-11 08:04 - 000068096 _____ () [File not signed] D:\hobosoft\Stomatolog\Bin\ZIPDLL.DLL
2021-02-02 07:49 - 2021-02-02 07:49 - 000021504 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\cs_cz\Acrobat Elements\ContextMenuShim64.cze
2013-01-08 15:29 - 2013-01-08 15:29 - 001953866 _____ (BCGSoft Ltd) [File not signed] C:\Program Files\Sirona\SIDEXIS4\XG\BCGCBPRO651.dll
2021-01-26 09:24 - 2013-03-12 02:08 - 000126976 _____ (Computer Associates International) [File not signed] D:\hobosoft\Stomatolog\Bin\_DBFCDX.RDD
2021-01-26 09:24 - 2016-12-01 11:14 - 000223232 _____ (Computer Associates International) [File not signed] D:\hobosoft\Stomatolog\Bin\VO28ORUN.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000557056 _____ (Computer Associates International) [File not signed] D:\hobosoft\Stomatolog\Bin\VO28RUN.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000006144 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAIM3DBM.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000105472 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\CATO3CNT.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000017920 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\CATO3DAT.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000026112 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\CATO3MSK.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000025600 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\CATO3NBR.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000027136 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\CATO3SBR.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000091136 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\CATO3TBR.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000018944 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\CATO3TIM.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 001492480 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\VO28GUI.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000302592 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\VO28INET.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000153088 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\VO28OLE.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000371712 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\VO28RDD.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000257536 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\VO28REP.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000286720 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\VO28SQL.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000151040 _____ (Computer Associates International, Inc.) [File not signed] D:\hobosoft\Stomatolog\Bin\VO28SYS.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000058368 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3CQM.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000019968 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3DBA.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000018432 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3DBC.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000019968 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3MEM.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000015872 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3RCC.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000022016 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3RES.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000298496 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3RET.dll
2021-01-26 09:24 - 2016-12-01 11:14 - 000012288 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3WBM.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000015360 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3WQM.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000034816 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3WRM.DLL
2021-01-26 09:24 - 2016-12-01 11:14 - 000017408 _____ (Computer Associates Intl.) [File not signed] D:\hobosoft\Stomatolog\Bin\CAQR3WUT.DLL
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000041472 _____ (Hewlett-Packard Company) [File not signed] [File is in use] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000073728 _____ (Hewlett-Packard Company) [File not signed] [File is in use] C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 001222656 _____ (Hewlett-Packard Company) [File not signed] [File is in use] C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000034816 _____ (HP) [File not signed] [File is in use] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
2021-01-16 18:03 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2003-03-18 23:23 - 2003-03-18 23:23 - 000024576 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\1029\mdmui.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll
2015-12-24 14:16 - 2015-12-24 14:16 - 000086070 _____ (Open Source Software community project) [File not signed] C:\Program Files (x86)\Schick Technologies\Shared Files\pthreadVC2.dll
2015-12-24 14:16 - 2015-12-24 14:16 - 000184832 _____ (SCM Microsystems) [File not signed] C:\Program Files (x86)\Schick Technologies\Shared Files\SCM_NFC.DLL
2018-07-18 04:35 - 2018-07-18 04:35 - 001568768 _____ (Sirona Dental Systems GmbH) [File not signed] [File is in use] C:\Program Files\Sirona\SIDEXIS4\OwsCore.Tools.CppCliLib.dll
2018-07-18 04:35 - 2018-07-18 04:35 - 000407552 _____ (Sirona Dental Systems GmbH) [File not signed] [File is in use] C:\Program Files\Sirona\SIDEXIS4\Sirona.Aten.RenderEngineDX.dll
2018-07-18 04:35 - 2018-07-18 04:35 - 000056832 _____ (Sirona Dental Systems GmbH) [File not signed] C:\Program Files\Sirona\SIDEXIS4\OwsCore.Tools.CppLib.dll
2021-01-26 09:24 - 2018-02-13 06:42 - 001371136 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\hobosoft\Stomatolog\Bin\LIBEAY32.dll
2021-01-26 09:24 - 2018-02-13 06:42 - 000337920 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] D:\hobosoft\Stomatolog\Bin\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\ssv.dll [2021-06-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;D:\SQL_Server\SQL_Server\Client SDK\ODBC\110\Tools\Binn\;D:\SQL_Server\SQL_Serverx86\120\Tools\Binn\;D:\SQL_Server\SQL_Server\120\Tools\Binn\;D:\SQL_Server\SQL_Server\120\DTS\Binn\;D:\SQL_Server\SQL_Serverx86\120\Tools\Binn\ManagementStudio\;D:\SQL_Server\SQL_Serverx86\120\DTS\Binn\;C:\Program Files\dotnet\
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-80-281799896-3941622561-3476407516-3152736070-1295630018\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 10.0.1.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKLM\...\StartupApproved\Run32: => "StatusAlerts"
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F4ADFBC5-89AA-45E3-9803-4B180326047F}C:\easydent4\file server\fileserver.exe] => (Allow) C:\easydent4\file server\fileserver.exe (Value Added Tehnologies Co.,Ltd) [File not signed]
FirewallRules: [UDP Query User{50CFDE59-81FE-45AD-BD7D-939558FB5A66}C:\easydent4\file server\fileserver.exe] => (Allow) C:\easydent4\file server\fileserver.exe (Value Added Tehnologies Co.,Ltd) [File not signed]
FirewallRules: [{F9A5380F-8D41-4BC8-AC05-550122B2C4AC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1872CB59-A33C-4B0B-BBDF-134CD6D648E6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B45E2885-1E51-4743-8064-DA4B4E21E931}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{11F75B2B-101A-4AA5-83C3-0BF7F497A5F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{74D8A3B4-F5D2-41C5-91F0-FA9923C132E2}] => (Allow) C:\Program Files (x86)\Schick Technologies\Shared Files\MarconiService.exe (Sirona Dental, Inc.) [File not signed] [File is in use]
FirewallRules: [{3E707E49-4202-459D-A826-728140BE7AE6}] => (Allow) C:\Users\ordinace_2\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C4969329-CC4D-4A61-87CE-112771B86780}] => (Allow) C:\Users\ordinace_2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{14D15668-E7E6-407C-9ACD-F8A246718E32}] => (Allow) C:\Users\ordinace_2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{C3E47EF0-D6F8-4459-8B5B-F0306C2684EC}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\SendAFax.exe (VistaName -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{C534801D-8C85-4477-BC4E-44F5F6B82BCE}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe (VistaName -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{6F486503-8398-48FB-999F-0A3504448C75}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\FaxPrinterUtility.exe (VistaName -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{FA713740-C80A-4C75-89FA-1ACCA2FCA0B9}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\FaxApplications.exe (VistaName -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{28A353BA-9308-4E97-B477-9B0456C75B64}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe (VistaName -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{C5CF1EC4-7C4A-4721-A421-15BAA17D0D09}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\EWSProxy.exe (VistaName -> Hewlett-Packard Co.) [File not signed]
FirewallRules: [{95E5DDFA-DFE6-445B-BF9C-57BCCEB35EC2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5A620C09-C9A4-4627-A225-9F401181E3F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D16A80A5-00D6-401A-830D-31E030C73E69}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{440BDD21-0606-4E88-8E3A-827DA9674AA9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{837419E4-70DB-4260-8D07-77AA9C09B6F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FFB59E5E-BDF0-453C-A2CA-C6C8C057FA45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0369E6D2-BB46-49F7-997A-ADFAA42CB603}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5C9139A6-8815-4E55-9C88-A26CB0EC6552}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1239FC2-C1AC-49CF-A13B-8F0B20F54315}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F5D38927-68DF-41EA-99D0-03B9474A3E98}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A364663D-BC71-47A2-A4D0-CC776D7A1EF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AC790345-CF43-4BC5-AD9D-1839281AA0E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{379137A6-1C00-4341-864A-EFAA17EE0B29}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{3227B04C-2C0A-47C8-B005-84386E088356}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe => No File
FirewallRules: [UDP Query User{5A60CD14-A494-454F-956E-0951CDD04897}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe => No File
FirewallRules: [TCP Query User{6214C2B6-9FBF-44BB-9D76-8BE62A0F9416}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe => No File
FirewallRules: [UDP Query User{0F473C78-675C-4058-B6E0-EB80BA42D942}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe => No File
FirewallRules: [TCP Query User{45C16F69-E550-4642-9F78-CBD4FE105135}C:\program files\monero gui wallet\monerod.exe] => (Allow) C:\program files\monero gui wallet\monerod.exe => No File
FirewallRules: [UDP Query User{23DD08B3-4457-4AF3-AE5A-00661F7B6482}C:\program files\monero gui wallet\monerod.exe] => (Allow) C:\program files\monero gui wallet\monerod.exe => No File
FirewallRules: [TCP Query User{657DB825-C141-4FF9-AAA2-316CF3A7C053}C:\easydent4\file server\fileserver.exe] => (Allow) C:\easydent4\file server\fileserver.exe (Value Added Tehnologies Co.,Ltd) [File not signed]
FirewallRules: [UDP Query User{ECC4E8B7-5E27-4AB9-9E47-6E1EBEA6DD39}C:\easydent4\file server\fileserver.exe] => (Allow) C:\easydent4\file server\fileserver.exe (Value Added Tehnologies Co.,Ltd) [File not signed]

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: MTP
Description: MTP
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/08/2021 11:21:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (06/08/2021 11:21:45 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (06/08/2021 08:03:42 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: TwainServer.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ObjectDisposedException
   na System.Threading.WaitHandle.WaitOneNative(System.Runtime.InteropServices.SafeHandle, UInt32, Boolean, Boolean)
   na System.Threading.WaitHandle.InternalWaitOne(System.Runtime.InteropServices.SafeHandle, Int64, Boolean, Boolean)
   na System.Threading.WaitHandle.WaitOne(Int32, Boolean)
   na System.Threading.WaitHandle.WaitOne()
   na log4net.Appender.FileAppender+InterProcessLock.AcquireLock()
   na log4net.Appender.FileAppender+LockingStream.AcquireLock()
   na log4net.Appender.FileAppender.WriteFooter()
   na log4net.Appender.TextWriterAppender.WriteFooterAndCloseWriter()
   na log4net.Appender.FileAppender.Reset()
   na log4net.Appender.TextWriterAppender.OnClose()
   na log4net.Appender.AppenderSkeleton.Close()
   na log4net.Appender.AppenderSkeleton.Finalize()

Error: (06/07/2021 11:52:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program monero-wallet-gui.exe verze 0.0.0.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3db0

Čas spuštění: 01d75937f9947a75

Čas ukončení: 17

Cesta k aplikaci: C:\Program Files\Monero GUI Wallet\monero-wallet-gui.exe

ID hlášení: 4d8ee9e6-1d5b-400c-8982-9551f129ffb4

Úplný název balíčku s chybou: 

ID aplikace relativní podle balíčku s chybou: 

Typ zablokování: Unknown

Error: (06/07/2021 09:37:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2020.20120.4004.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3f94

Čas spuštění: 01d75b65004c9242

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: d7f98dc8-c7e2-4b9d-afdd-03cec948edc1

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (06/07/2021 09:08:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: monerod.exe, verze: 0.0.0.0, časové razítko: 0x606c9995
Název chybujícího modulu: msvcrt.dll, verze: 7.0.19041.546, časové razítko: 0x564f9f39
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000005d2f1
ID chybujícího procesu: 0x3508
Čas spuštění chybující aplikace: 0x01d75b60e099df4d
Cesta k chybující aplikaci: C:\Program Files\Monero GUI Wallet\monerod.exe
Cesta k chybujícímu modulu: C:\Windows\System32\msvcrt.dll
ID zprávy: 37762746-f30a-4828-82f9-83805ad1d6bc
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (06/07/2021 08:04:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2020.20120.4004.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2b58

Čas spuštění: 01d7589114011f61

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: 61c6c820-cacd-4da6-8e0a-b1d21671c872

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (06/06/2021 01:55:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na DATA (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (06/09/2021 10:00:34 AM) (Source: DCOM) (EventID: 10010) (User: PC-HLAVNI)
Description: Server {2F810ED9-5723-4BF8-B9E6-B51BE7263F50} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/09/2021 09:55:49 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Služba inteligentního přenosu na pozadí skončila s následující chybou specifickou pro službu: 
%%2147943515 = Probíhá vypnutí systému.

Error: (06/09/2021 09:55:49 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: Službu BITS se nezdařilo spustit. Chyba 2147943515.

Error: (06/09/2021 09:55:47 AM) (Source: DCOM) (EventID: 10010) (User: PC-HLAVNI)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/09/2021 09:55:47 AM) (Source: DCOM) (EventID: 10010) (User: PC-HLAVNI)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/09/2021 09:55:47 AM) (Source: DCOM) (EventID: 10010) (User: PC-HLAVNI)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/09/2021 09:51:51 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Start s touto chybou: 
Byl překročen maximální počet tajných údajů, které lze uložit v jednom systému.

Error: (06/09/2021 09:51:47 AM) (Source: DCOM) (EventID: 10000) (User: PC-HLAVNI)
Description: Nelze spustit server DCOM: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. Došlo k chybě: 
2147942405
při provádění příkazu: 
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Windows Defender:
================
Date: 2021-06-08 17:58:21
Description: 
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D3C43116-FC0C-418A-84D4-011FBAA66A64}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-06-08 14:08:35
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=App:XMRigMiner&threatid=268622&enterprise=0
Název: App:XMRigMiner
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\0e0a7320-94ec-11ea-a64d-17be303ea466\bins\16.0\xmrig-6.8.1\xmrig.exe; file:_C:\Users\ordinace_2\Downloads\xmrig-6.12.2\xmrig.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: PC-HLAVNI\ordinace_2
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.341.301.0, AS: 1.341.301.0, NIS: 1.341.301.0
Verze modulu: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-08 14:08:35
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/FusionCore&threatid=229442&enterprise=0
Název: PUA:Win32/FusionCore
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_D:\Dokumenty\Dokumenty\Documents\Documents\GOMPLAYERGLOBALSETUP.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Uživatel
Uživatel: PC-HLAVNI\ordinace_2
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.341.301.0, AS: 1.341.301.0, NIS: 1.341.301.0
Verze modulu: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-08 14:08:35
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/CoinMiner&threatid=227033&enterprise=0
Název: PUA:Win32/CoinMiner
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\27315fe0-3b03-11eb-b105-8d43d5bd63be\dlls\15.0\MP.Excavator.dll
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: PC-HLAVNI\ordinace_2
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.341.301.0, AS: 1.341.301.0, NIS: 1.341.301.0
Verze modulu: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-08 14:08:35
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0
Název: PUA:Win32/Presenoker
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_D:\Dokumenty\Dokumenty\Downloads\monero-gui-install-win-x64-v0.17.2.2.exe; file:_C:\Program Files\Monero GUI Wallet\monero-blockchain-ancestry.exe; file:_C:\Program Files\Monero GUI Wallet\monero-blockchain-depth.exe; file:_C:\Program Files\Monero GUI Wallet\monero-blockchain-export.exe; file:_C:\Program Files\Monero GUI Wallet\monero-blockchain-prune-known-spent-data.exe; file:_C:\Program Files\Monero GUI Wallet\monero-blockchain-prune.exe; file:_C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\27315fe0-3b03-11eb-b105-8d43d5bd63be\dlls\15.1\MP.Excavator.dll; file:_C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\27315fe0-3b03-11eb-b105-8d43d5bd63be\dlls\15.2\MP.Excavator.dll; file:_C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\27315fe0-3b03-11eb-b105-8d43d5bd63be\dlls\15.4\MP.Excavator.dll; file:_D:\Dokumenty\Dokumenty\Downloads\monero-gui-install-win-x64-v0.17.2.2.exe->(inno#000010); file:_D:\Dokumenty\Dokumenty\Download
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: PC-HLAVNI\ordinace_2
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.341.301.0, AS: 1.341.301.0, NIS: 1.341.301.0
Verze modulu: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-05 00:14:42
Description: 
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 
Předchozí verze bezpečnostních informací: 1.341.54.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa. 

Date: 2021-06-05 00:14:42
Description: 
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 
Předchozí verze bezpečnostních informací: 1.341.54.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.18200.4
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa. 

Date: 2021-06-04 13:05:54
Description: 
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.341.8.0
Předchozí verze bezpečnostních informací: 1.339.1962.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy. 

Date: 2021-06-04 13:05:54
Description: 
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.341.8.0
Předchozí verze bezpečnostních informací: 1.339.1962.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy. 

Date: 2021-06-04 13:05:54
Description: 
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.18200.4
Předchozí verze modulu: 1.1.18100.6
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy. 

CodeIntegrity:
===============
Date: 2021-06-09 10:44:05
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\sqlncli11.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-06-09 10:44:05
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe) attempted to load \Device\HarddiskVolume3\Windows\SysWOW64\msodbcsql11.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1605 07/17/2020
Motherboard: ASUSTeK COMPUTER INC. PRIME H310M-R R2.0
Processor: Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 16263.01 MB
Available physical RAM: 9748.01 MB
Total Virtual: 28551.01 MB
Available Virtual: 21644.52 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:222.8 GB) (Free:21.06 GB) NTFS
Drive d: (DATA) (Fixed) (Total:1863.01 GB) (Free:1692.62 GB) NTFS
Drive f: (Zaloha_USB) (Fixed) (Total:931.5 GB) (Free:913.46 GB) NTFS
Drive g: (HiSuite) (CDROM) (Total:0 GB) (Free:0 GB) CDFS

\\?\Volume{20690060-10d8-44cc-a0ef-cd7b4c4d00fc}\ (Recovery tools) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{13817e69-1b8d-4b87-ab46-2011a081a982}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: DD4315EF)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A2ECFD63)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=42)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: A2ECFD64)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=42)

==========================================================
Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu po xmrig

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> D:\Autodesk\AutoCAD 2022\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> D:\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> D:\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Autodesk\AutoCAD 2022\cs-CZ\acadficn.dll => No File
FirewallRules: [{C4969329-CC4D-4A61-87CE-112771B86780}] => (Allow) C:\Users\ordinace_2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{14D15668-E7E6-407C-9ACD-F8A246718E32}] => (Allow) C:\Users\ordinace_2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{3227B04C-2C0A-47C8-B005-84386E088356}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe => No File
FirewallRules: [UDP Query User{5A60CD14-A494-454F-956E-0951CDD04897}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe => No File
FirewallRules: [TCP Query User{6214C2B6-9FBF-44BB-9D76-8BE62A0F9416}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe => No File
FirewallRules: [UDP Query User{0F473C78-675C-4058-B6E0-EB80BA42D942}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe => No File
FirewallRules: [TCP Query User{45C16F69-E550-4642-9F78-CBD4FE105135}C:\program files\monero gui wallet\monerod.exe] => (Allow) C:\program files\monero gui wallet\monerod.exe => No File
FirewallRules: [UDP Query User{23DD08B3-4457-4AF3-AE5A-00661F7B6482}C:\program files\monero gui wallet\monerod.exe] => (Allow) C:\program files\monero gui wallet\monerod.exe => No File
C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\0e0a7320-94ec-11ea-a64d-17be303ea466\bins\16.0\xmrig-6.8.1\xmrig.exe
C:\Users\ordinace_2\Downloads\xmrig-6.12.2\xmrig.exe
D:\Dokumenty\Dokumenty\Documents\Documents\GOMPLAYERGLOBALSETUP.exe
C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\27315fe0-3b03-11eb-b105-8d43d5bd63be\dlls\15.0\MP.Excavator.dll
D:\Dokumenty\Dokumenty\Downloads\monero-gui-install-win-x64-v0.17.2.2.exe¨
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\MountPoints2: {11298201-a8bd-11eb-8eed-c38db3d2b80d} - "G:\HiSuiteDownLoader.exe"
Task: {661FAF78-FC45-440E-B99B-94C11DF770C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-16] (Google LLC -> Google LLC)
Task: {2459DC5E-A2B3-45BC-B169-1E58E627DC1A} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {24E65DB6-FB51-49A6-A2A2-AAFA430309F1} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U2 sqlserveragent; no ImagePath
C:\Program Files (x86)\Zemana

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Urbam
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 08 čer 2021 20:26

Re: Kontrola logu po xmrig

#7 Příspěvek od Urbam »

Dobrý den tady ten log po fixu:

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-06-2021
Ran by ordinace_2 (10-06-2021 11:46:18) Run:1
Running from C:\Users\ordinace_2\Desktop
Loaded Profiles: ordinace_2 & MSSQL$DATA
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> D:\Autodesk\AutoCAD 2022\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> D:\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> D:\Autodesk\AutoCAD 2022\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> D:\Autodesk\AutoCAD 2022\cs-CZ\acadficn.dll => No File
FirewallRules: [{C4969329-CC4D-4A61-87CE-112771B86780}] => (Allow) C:\Users\ordinace_2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{14D15668-E7E6-407C-9ACD-F8A246718E32}] => (Allow) C:\Users\ordinace_2\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{3227B04C-2C0A-47C8-B005-84386E088356}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe => No File
FirewallRules: [UDP Query User{5A60CD14-A494-454F-956E-0951CDD04897}C:\program files\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files\dogecoin\dogecoin-qt.exe => No File
FirewallRules: [TCP Query User{6214C2B6-9FBF-44BB-9D76-8BE62A0F9416}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe => No File
FirewallRules: [UDP Query User{0F473C78-675C-4058-B6E0-EB80BA42D942}C:\program files\monero gui wallet\monero-wallet-gui.exe] => (Allow) C:\program files\monero gui wallet\monero-wallet-gui.exe => No File
FirewallRules: [TCP Query User{45C16F69-E550-4642-9F78-CBD4FE105135}C:\program files\monero gui wallet\monerod.exe] => (Allow) C:\program files\monero gui wallet\monerod.exe => No File
FirewallRules: [UDP Query User{23DD08B3-4457-4AF3-AE5A-00661F7B6482}C:\program files\monero gui wallet\monerod.exe] => (Allow) C:\program files\monero gui wallet\monerod.exe => No File
C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\0e0a7320-94ec-11ea-a64d-17be303ea466\bins\16.0\xmrig-6.8.1\xmrig.exe
C:\Users\ordinace_2\Downloads\xmrig-6.12.2\xmrig.exe
D:\Dokumenty\Dokumenty\Documents\Documents\GOMPLAYERGLOBALSETUP.exe
C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\27315fe0-3b03-11eb-b105-8d43d5bd63be\dlls\15.0\MP.Excavator.dll
D:\Dokumenty\Dokumenty\Downloads\monero-gui-install-win-x64-v0.17.2.2.exe¨
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\MountPoints2: {11298201-a8bd-11eb-8eed-c38db3d2b80d} - "G:\HiSuiteDownLoader.exe"
Task: {661FAF78-FC45-440E-B99B-94C11DF770C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-16] (Google LLC -> Google LLC)
Task: {2459DC5E-A2B3-45BC-B169-1E58E627DC1A} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {24E65DB6-FB51-49A6-A2A2-AAFA430309F1} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U2 sqlserveragent; no ImagePath
C:\Program Files (x86)\Zemana

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8} => removed successfully
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3} => removed successfully
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5} => removed successfully
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C4969329-CC4D-4A61-87CE-112771B86780}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14D15668-E7E6-407C-9ACD-F8A246718E32}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3227B04C-2C0A-47C8-B005-84386E088356}C:\program files\dogecoin\dogecoin-qt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5A60CD14-A494-454F-956E-0951CDD04897}C:\program files\dogecoin\dogecoin-qt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6214C2B6-9FBF-44BB-9D76-8BE62A0F9416}C:\program files\monero gui wallet\monero-wallet-gui.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0F473C78-675C-4058-B6E0-EB80BA42D942}C:\program files\monero gui wallet\monero-wallet-gui.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{45C16F69-E550-4642-9F78-CBD4FE105135}C:\program files\monero gui wallet\monerod.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{23DD08B3-4457-4AF3-AE5A-00661F7B6482}C:\program files\monero gui wallet\monerod.exe" => removed successfully
"C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\0e0a7320-94ec-11ea-a64d-17be303ea466\bins\16.0\xmrig-6.8.1\xmrig.exe" => not found
"C:\Users\ordinace_2\Downloads\xmrig-6.12.2\xmrig.exe" => not found
D:\Dokumenty\Dokumenty\Documents\Documents\GOMPLAYERGLOBALSETUP.exe => moved successfully
"C:\Users\ordinace_2\AppData\Local\Programs\NiceHash Miner\miner_plugins\27315fe0-3b03-11eb-b105-8d43d5bd63be\dlls\15.0\MP.Excavator.dll" => not found
"D:\Dokumenty\Dokumenty\Downloads\monero-gui-install-win-x64-v0.17.2.2.exe¨" => not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11298201-a8bd-11eb-8eed-c38db3d2b80d} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{661FAF78-FC45-440E-B99B-94C11DF770C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{661FAF78-FC45-440E-B99B-94C11DF770C5}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2459DC5E-A2B3-45BC-B169-1E58E627DC1A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2459DC5E-A2B3-45BC-B169-1E58E627DC1A}" => removed successfully
C:\Windows\System32\Tasks\AMHelper => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AMHelper" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24E65DB6-FB51-49A6-A2A2-AAFA430309F1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24E65DB6-FB51-49A6-A2A2-AAFA430309F1}" => removed successfully
C:\Windows\System32\Tasks\AMSkipUAC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AMSkipUAC" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\sqlserveragent => removed successfully
sqlserveragent => service removed successfully
C:\Program Files (x86)\Zemana => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16002635 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 381456821 B
Edge => 999315 B
Chrome => 447739758 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 80544680 B
NetworkService => 80957718 B
ordinace_2 => 2010075033 B
MSSQL$DATA => 2010075033 B

RecycleBin => 0 B
EmptyTemp: => 4.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:49:43 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu po xmrig

#8 Příspěvek od Rudy »

Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Urbam
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 08 čer 2021 20:26

Re: Kontrola logu po xmrig

#9 Příspěvek od Urbam »

ok děkuji, tady ještě log po další kontrole
nicméně problém s wifi stále trvá, tak to bude asi spíš "sítový" problém, než že by to udělal vir, co myslíte?
Po síti to tu máme trochu složitější a do toho se sám pouštět moc nechci.
Jinak děkuji za pomoc;)

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-06-2021
Ran by ordinace_2 (administrator) on PC-HLAVNI (ATComputers ALZA) (10-06-2021 12:00:34)
Running from C:\Users\ordinace_2\Desktop
Loaded Profiles: ordinace_2 & MSSQL$DATA
Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_48973fc6c96c696a\RstMwService.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\TPMProvisioningService.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.DATA\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe <2>
(Sirona Dental, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\Schick Technologies\Shared Files\MarconiService.exe
(Sirona Dental, Inc.) [File not signed] C:\Program Files (x86)\Schick Technologies\Shared Files\MarconiMonitor.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Value Added Tehnologies Co.,Ltd) [File not signed] C:\EasyDent4\File Server\FileServer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [FileServer] => C:\EasyDent4\File Server\FileBackUp.exe [36864 2007-03-12] (Value Added Technologies Co.,Ltd) [File not signed]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-05-05] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-03-10] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296352 2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\ProgramData\Autodesk\Genuine Service\x64\GenuineService.exe [2913648 2021-05-10] (Autodesk, Inc. -> Autodesk)
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\...\Policies\Explorer: [] 
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.77\Installer\chrmstp.exe [2021-05-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-05-28] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Monitor.lnk [2021-01-28]
ShortcutTarget: Wireless Monitor.lnk -> C:\Program Files (x86)\Schick Technologies\Shared Files\MarconiMonitor.exe (Sirona Dental, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CF5E128-68CF-4E63-BD79-318DFB66A2DA} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [89840 2014-10-19] (Hewlett-Packard Company -> Hewlett Packard)
Task: {25DA87CD-C4A8-416A-858A-C364C4DDD7E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {2BAEAB6D-83C9-43F9-A285-2D52FF9D7808} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {678C843C-A0EA-4911-9449-DA9200FFC4EC} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {7F339252-B2E1-49E2-BD7B-B21C38ECEF06} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {AB0D4E7E-B353-4850-98F6-B41326A97BE3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-16] (Google LLC -> Google LLC)
Task: {F4714F2A-5BFD-4CF0-AEFF-789C56669DA3} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_tray.exe [622168 2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1930677817-3247307296-2436609557-1001] => domino.dent.cz:3128
Tcpip\..\Interfaces\{783d6656-b6d5-4145-b63a-99cafed18757}: [NameServer] 10.0.1.138

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-10]
Edge Extension: (Ochrana Kaspersky) - C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-06-09]
Edge Extension: (Outlook) - C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-01-16]
Edge Extension: (Word) - C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-01-16]
Edge Extension: (Excel) - C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-01-16]
Edge Extension: (PowerPoint) - C:\Users\ordinace_2\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-01-16]
Edge HKU\S-1-5-21-1930677817-3247307296-2436609557-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-05-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-05-05] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR Profile: C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default [2021-06-10]
CHR Extension: (Prezentace) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-16]
CHR Extension: (Ochrana Kaspersky) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-06-09]
CHR Extension: (Podepisovací komponenta Signer) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\alldahcdhngmcjagmefklhhecboiigni [2021-02-03]
CHR Extension: (Dokumenty) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-16]
CHR Extension: (Disk Google) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-16]
CHR Extension: (YouTube) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-16]
CHR Extension: (Adobe Acrobat) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-16]
CHR Extension: (Tabulky) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\ordinace_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-31]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-05-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [File not signed]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-10] (HP Inc. -> HP Inc.)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [357272 2021-04-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$DATA; C:\Program Files\Microsoft SQL Server\MSSQL12.DATA\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$DATA; C:\Program Files\Microsoft SQL Server\MSSQL12.DATA\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\NisSrv.exe [2644760 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MsMpEng.exe [136656 2021-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2021-06-08] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657696 2021-05-08] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1439456 2021-05-08] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [253736 2021-06-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [263888 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [309104 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [115744 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [224880 2021-06-09] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 RsFx0300; C:\Windows\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3717120 2019-12-07] (Microsoft Windows -> Realtek Semiconductor Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49560 2021-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425208 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-06-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-10 12:00 - 2021-06-10 12:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2021-06-10 11:46 - 2021-06-10 11:49 - 000011185 _____ C:\Users\ordinace_2\Desktop\Fixlog.txt
2021-06-10 11:45 - 2021-06-10 11:45 - 000000000 ____D C:\Users\ordinace_2\Desktop\FRST-OlderVersion
2021-06-10 10:27 - 2021-06-10 10:27 - 001376370 _____ C:\Users\ordinace_2\Documents\Noskova.změna.VoZP.pdf
2021-06-10 10:26 - 2021-06-10 10:26 - 001025491 _____ C:\Users\ordinace_2\Documents\Pavelcova.Mat.vysvědčeni..pdf
2021-06-10 10:22 - 2021-06-10 10:22 - 001690307 _____ C:\Users\ordinace_2\Documents\Jana.Bůžkova.Vzdělání..pdf
2021-06-10 07:58 - 2021-06-10 07:58 - 000286443 _____ C:\Users\ordinace_2\Downloads\p70000699956.pdf
2021-06-09 17:24 - 2021-06-09 17:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-06-09 17:24 - 2021-06-09 17:24 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-06-09 17:24 - 2021-06-09 17:24 - 000011353 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-06-09 15:51 - 2021-06-09 15:52 - 000000000 ____D C:\AdwCleaner
2021-06-09 15:51 - 2021-06-09 15:51 - 008534696 _____ (Malwarebytes) C:\Users\ordinace_2\Downloads\adwcleaner_8.2.exe
2021-06-09 14:52 - 2021-06-09 14:52 - 000593800 _____ C:\Users\ordinace_2\Downloads\fulltext1.php.pdf
2021-06-09 10:56 - 2021-06-09 10:57 - 000062919 _____ C:\Users\ordinace_2\Desktop\Addition.txt
2021-06-09 10:55 - 2021-06-10 12:00 - 000024564 _____ C:\Users\ordinace_2\Desktop\FRST.txt
2021-06-09 10:55 - 2021-06-10 12:00 - 000000000 ____D C:\FRST
2021-06-09 10:54 - 2021-06-10 11:45 - 002300416 _____ (Farbar) C:\Users\ordinace_2\Desktop\FRST64.exe
2021-06-09 09:57 - 2021-06-09 09:57 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\Kaspersky Lab
2021-06-09 09:44 - 2021-06-09 09:44 - 002300416 _____ (Farbar) C:\Users\ordinace_2\Downloads\FRST64.exe
2021-06-09 09:43 - 2021-06-09 09:43 - 000309104 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-06-09 09:42 - 2021-06-09 09:42 - 000263888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-06-09 09:42 - 2021-06-09 09:42 - 000224880 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2021-06-09 09:42 - 2021-06-09 09:42 - 000115744 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2021-06-09 09:42 - 2021-06-09 09:42 - 000003392 _____ C:\Windows\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-06-09 09:42 - 2021-06-09 09:42 - 000003192 _____ C:\Windows\system32\Tasks\kpm_tray.exe
2021-06-09 09:42 - 2021-06-09 09:42 - 000001234 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2021-06-09 09:42 - 2021-06-09 09:42 - 000001170 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-06-09 09:42 - 2021-06-09 09:42 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab
2021-06-09 09:42 - 2021-06-09 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-06-09 09:42 - 2021-06-09 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-06-09 09:42 - 2021-06-09 09:42 - 000000000 ____D C:\Program Files\Common Files\AV
2021-06-09 09:41 - 2021-06-09 09:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-06-09 09:41 - 2021-06-09 09:42 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-06-09 09:41 - 2021-06-09 09:41 - 000002173 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2021-06-09 09:41 - 2021-06-09 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2021-06-09 09:41 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2021-06-09 09:41 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2021-06-09 09:41 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2021-06-09 09:39 - 2021-06-09 09:39 - 002765696 _____ (Kaspersky) C:\Users\ordinace_2\Downloads\kav21.3.10.391cs_25685.exe
2021-06-08 22:42 - 2021-06-10 11:59 - 119013376 _____ C:\Windows\system32\config\SOFTWARE
2021-06-08 22:39 - 2021-06-08 22:42 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-06-08 15:56 - 2021-06-08 15:56 - 002270385 _____ C:\Users\ordinace_2\Downloads\Majner.Fr.47.pdf
2021-06-08 15:54 - 2021-06-08 15:55 - 002270385 _____ C:\Users\ordinace_2\Documents\Majner.Fr.47.pdf
2021-06-08 15:10 - 2021-06-08 15:10 - 000037291 _____ C:\Users\ordinace_2\Downloads\stáhnout.htm
2021-06-08 15:09 - 2021-06-10 12:01 - 000058092 _____ C:\Windows\ZAM.krnl.trace
2021-06-08 15:09 - 2021-06-08 15:09 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2021-06-08 15:09 - 2021-06-08 15:09 - 000001340 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2021-06-08 15:09 - 2021-06-08 15:09 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\Zemana
2021-06-08 15:09 - 2021-06-08 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2021-06-08 15:08 - 2021-06-08 15:24 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\AMSDK
2021-06-08 15:08 - 2021-06-08 15:08 - 013922376 _____ (Zemana Ltd. ) C:\Users\ordinace_2\Downloads\AntiMalware_Setup.exe
2021-06-08 11:55 - 2021-06-08 11:55 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-06-08 11:55 - 2021-06-08 11:55 - 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2021-06-08 11:55 - 2021-06-08 11:55 - 001823792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-06-08 11:55 - 2021-06-08 11:55 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-06-08 11:55 - 2021-06-08 11:55 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-06-08 11:55 - 2021-06-08 11:55 - 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-06-08 11:55 - 2021-06-08 11:55 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-06-08 11:55 - 2021-06-08 11:55 - 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-06-08 11:55 - 2021-06-08 11:55 - 000451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-06-08 11:55 - 2021-06-08 11:55 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-06-08 11:55 - 2021-06-08 11:55 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-06-08 11:55 - 2021-06-08 11:55 - 000097280 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-06-08 11:54 - 2021-06-08 11:54 - 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-06-08 11:54 - 2021-06-08 11:54 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-06-08 11:54 - 2021-06-08 11:54 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-06-08 11:21 - 2021-06-08 11:21 - 000000000 ____D C:\Users\ordinace_2\Documents\FeedbackHub
2021-06-07 13:52 - 2021-06-07 13:52 - 000536385 _____ C:\Users\ordinace_2\Documents\Zrušení_smlouvy1200124794 podepsaná.pdf
2021-06-07 13:52 - 2021-06-07 13:52 - 000514857 _____ C:\Users\ordinace_2\Documents\změna správce ps podepsaná.pdf
2021-06-07 13:51 - 2021-06-07 13:51 - 000442325 _____ C:\Users\ordinace_2\Documents\změna správce ps.pdf
2021-06-07 13:50 - 2021-06-07 13:50 - 000463851 _____ C:\Users\ordinace_2\Documents\Zrušení_smlouvy1200124794.pdf
2021-06-07 09:32 - 2021-06-07 09:32 - 000000036 _____ C:\Windows\SysWOW64\id.dat
2021-06-04 13:53 - 2021-06-04 14:24 - 000000000 ____D C:\ProgramData\bitmonero
2021-06-04 13:53 - 2021-06-04 13:53 - 000000000 ____D C:\Users\ordinace_2\Documents\Monero
2021-06-04 13:53 - 2021-06-04 13:53 - 000000000 ____D C:\ProgramData\.shared-ringdb
2021-06-04 13:52 - 2021-06-07 07:49 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\monero-wallet-gui
2021-06-04 13:40 - 2021-06-04 13:40 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\Ledger Live
2021-06-04 13:40 - 2021-06-04 13:40 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\ledger-live-desktop-updater
2021-06-04 12:34 - 2021-06-04 12:34 - 000000000 ____D C:\Users\ordinace_2\Downloads\Nová složka
2021-06-04 12:34 - 2021-06-04 12:34 - 000000000 ____D C:\Users\ordinace_2\Downloads\hk
2021-06-04 11:43 - 2021-06-04 11:43 - 000335602 _____ C:\Users\ordinace_2\Documents\VoZP kompenzace sestry.pdf
2021-06-03 16:49 - 2021-06-03 19:50 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\MultiDoge
2021-06-03 16:46 - 2021-06-03 16:46 - 000164640 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2021-06-03 16:46 - 2021-06-03 16:46 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\Sun
2021-06-03 16:46 - 2021-06-03 16:46 - 000000000 ____D C:\Users\ordinace_2\AppData\LocalLow\Sun
2021-06-03 16:46 - 2021-06-03 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-06-03 16:46 - 2021-06-03 16:46 - 000000000 ____D C:\Program Files (x86)\Java
2021-06-03 16:18 - 2021-06-04 09:48 - 000000000 ____D C:\Users\ordinace_2\Documents\Doge
2021-05-28 07:58 - 2021-05-28 07:58 - 000065160 _____ (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2021-05-28 07:58 - 2021-05-28 07:58 - 000035992 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 001687040 _____ C:\Windows\system32\libcrypto.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 001163776 _____ C:\Windows\system32\MBR2GPT.EXE
2021-05-12 14:14 - 2021-05-12 14:14 - 000700928 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-05-12 14:14 - 2021-05-12 14:14 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 000153600 _____ C:\Windows\system32\uwfcfgmgmt.dll
2021-05-12 14:14 - 2021-05-12 14:14 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-05-12 14:14 - 2021-05-12 14:14 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-05-11 07:55 - 2021-05-11 07:55 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-06-10 12:00 - 2021-03-10 17:50 - 000000000 ___RD C:\Users\ordinace_2\Creative Cloud Files
2021-06-10 12:00 - 2021-01-16 10:20 - 000000000 __SHD C:\Users\ordinace_2\IntelGraphicsProfiles
2021-06-10 11:59 - 2021-01-16 16:46 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-06-10 11:59 - 2020-09-29 11:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-10 11:59 - 2020-09-29 11:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-06-10 11:59 - 2020-09-29 11:30 - 000000000 ____D C:\Intel
2021-06-10 11:59 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-10 11:59 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-06-10 11:53 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-06-10 11:46 - 2021-02-23 10:16 - 000000000 ____D C:\Users\ordinace_2\AppData\LocalLow\Temp
2021-06-10 08:54 - 2020-09-29 11:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-06-10 08:03 - 2021-03-10 17:39 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-06-09 18:04 - 2020-09-29 11:36 - 001976050 _____ C:\Windows\system32\PerfStringBackup.INI
2021-06-09 18:04 - 2020-05-26 10:29 - 000815972 _____ C:\Windows\system32\perfh005.dat
2021-06-09 18:04 - 2020-05-26 10:29 - 000184358 _____ C:\Windows\system32\perfc005.dat
2021-06-09 18:04 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-06-09 17:58 - 2020-09-29 11:30 - 000490264 _____ C:\Windows\system32\FNTCACHE.DAT
2021-06-09 17:57 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-09 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-06-09 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-06-09 17:57 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-06-09 17:25 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-06-09 17:20 - 2021-01-16 12:27 - 000000000 ___HD C:\$WinREAgent
2021-06-09 17:18 - 2021-01-16 17:56 - 000000000 ____D C:\Windows\system32\MRT
2021-06-09 17:16 - 2021-04-06 12:53 - 000000000 ____D C:\Program Files\dotnet
2021-06-09 17:16 - 2021-01-16 17:56 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-06-09 17:16 - 2020-09-29 11:34 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-09 16:20 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-09 12:14 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2021-06-09 09:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-06-09 09:41 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-06-09 09:38 - 2021-03-10 17:38 - 000000000 ____D C:\Program Files\Adobe
2021-06-08 16:34 - 2020-09-29 11:35 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-08 15:58 - 2021-03-10 17:56 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-06-08 15:58 - 2021-03-10 17:56 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-06-08 12:03 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-06-08 12:00 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-06-08 11:23 - 2021-03-10 17:38 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-06-07 10:36 - 2021-04-06 13:02 - 000000000 ____D C:\Program Files (x86)\Autodesk
2021-06-07 10:36 - 2021-04-06 12:51 - 000000000 ____D C:\ProgramData\Autodesk
2021-06-07 10:36 - 2021-04-06 12:50 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\Autodesk
2021-06-07 10:34 - 2021-04-06 12:53 - 000000000 ____D C:\Program Files\Autodesk
2021-06-07 10:33 - 2021-04-06 12:51 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\Autodesk Installer
2021-06-07 10:31 - 2021-04-06 12:51 - 000000000 ____D C:\Users\ordinace_2\AppData\Roaming\Autodesk
2021-06-07 10:22 - 2021-01-28 16:52 - 000000000 ____D C:\Users\ordinace_2\AppData\Local\D3DSCache
2021-06-05 17:23 - 2020-09-29 11:30 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-06-05 14:23 - 2021-01-16 17:59 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-05 14:23 - 2021-01-16 17:59 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-29 07:29 - 2021-01-16 10:22 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1930677817-3247307296-2436609557-1001
2021-05-29 07:29 - 2021-01-16 10:22 - 000000000 ___RD C:\Users\ordinace_2\OneDrive
2021-05-29 07:29 - 2021-01-16 10:19 - 000002387 _____ C:\Users\ordinace_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-27 01:59 - 2021-01-16 15:40 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-27 01:59 - 2021-01-16 15:40 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-12 18:22 - 2019-12-07 11:51 - 000000000 ____D C:\Windows\system32\OpenSSH
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-05-12 18:22 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\DiagTrack
2021-05-12 18:21 - 2021-01-16 10:19 - 000000000 ____D C:\Users\ordinace_2
2021-05-12 14:16 - 2019-12-07 11:54 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-05-11 07:54 - 2021-04-14 09:12 - 000000000 ____D C:\Windows\system32\Tasks\HP

==================== Files in the root of some directories ========

2021-03-10 17:57 - 2021-03-10 17:57 - 000000000 _____ () C:\Users\ordinace_2\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu po xmrig

#10 Příspěvek od Rudy »

Log je OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Urbam
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 08 čer 2021 20:26

Re: Kontrola logu po xmrig

#11 Příspěvek od Urbam »

ok děkuji, tady teda prosím LOCK

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu po xmrig

#12 Příspěvek od Rudy »

Nemáte zač! :closed: :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno