Zdravím,
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
Ran by Ráďa (administrator) on LAPTOP-E9UCTG8C (LENOVO 81LK) (02-12-2021 12:01:30)
Running from C:\Users\Ráďa\Desktop
Loaded Profiles: Ráďa
Platform: Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_7ecc5be6ca7b3b0d\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a9a2dde7124f013f\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d7403bad0b41f2bd\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d7403bad0b41f2bd\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Lavasoft Software Canada Inc. -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Lavasoft Software Canada Inc. -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
(Lavasoft Software Canada Inc. -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.exe <4>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.x86.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe <3>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.15.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.6.124.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_4\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfeeDashboard\McSecDashboardService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_04baa46c48be5bb8\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(slvlrehs) [File not signed] C:\Windows\SysWOW64\slvlrehs.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1076728 2020-03-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\Run: [btweb] => "C:\Users\Ráďa\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9250224 2021-11-28] (Lavasoft Software Canada Inc. -> Lavasoft)
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\Run: [MicrosoftEdgeAutoLaunch_AA352DC6F94BFC6074FE36853F214A71] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\MountPoints2: {719fe5f4-ea31-11eb-aa9b-283926afd328} - "D:\setup.exe"
HKLM\...\Windows x64\Print Processors\MIMFPR0H: C:\Windows\System32\spool\prtprocs\x64\MIMFPR0H.DLL [23552 2021-02-15] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-20] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00F65863-CCC6-4DEC-9E9D-46E5EA8F6341} - System32\Tasks\Opera scheduled Autoupdate 1616507709 => C:\Users\Ráďa\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {00F791ED-92E0-438E-B1FC-34636302ECA1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {12AE38FD-97C4-4C48-AF65-74BC7085D130} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {223E12D8-9BDA-4A86-A250-D8DAD2FCE8E9} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {2F701EA0-AF1E-4947-A60D-20669B6D6C97} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2f4e74a3-c62e-4043-a18d-a10f0c91c332 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {331B08F3-7C28-4C88-906F-8AD571EA79DC} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3C5E2529-3939-4DC5-96A2-57E6D8BAF07A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3D1078E7-3011-4435-9DA8-6EE88D0A137E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [63728 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {428CE090-C0A3-4F19-B745-80E582A756A6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5555A849-95E2-464A-A65D-9323A9B86E4F} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-08] (McAfee, LLC -> McAfee, LLC)
Task: {57892931-506F-4F7A-91F0-6550E55CF195} - System32\Tasks\Opera scheduled assistant Autoupdate 1616507715 => C:\Users\Ráďa\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Ráďa\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {6AFBC079-B591-4301-BDA5-2B699AA1C5E5} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {6C2009A0-76EA-4452-A59C-01127EA57170} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d384ec0b-eccb-46ed-9fed-d04ca5b78608 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {6C3ECCB7-7F4C-4A45-8E87-51734A2C026F} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4695104 2021-10-01] (McAfee, LLC -> McAfee, LLC)
Task: {6FD3033C-C61E-4D42-9028-6687191B662D} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {8C1A33D6-6CD3-49D0-9723-156608C48D9C} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8CFBAC51-CD2F-48DF-A3BC-0DD26462B636} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {9282F08E-BDEA-4465-BE22-608B94769EE0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1075528 2020-05-14] (McAfee, LLC -> McAfee, LLC)
Task: {93791481-0E9E-494B-95C3-F45FD0D3DF83} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {955ACF9B-BE46-4A10-B3EF-1CC306EA8716} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-28] (Google LLC -> Google LLC)
Task: {96E92090-C190-41B5-A5B8-40F1C30CD846} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9ABB3987-041E-4969-A304-287DA8D55499} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {9EE91448-4863-4B44-93BA-84762CC524FD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9FDF0960-FB2F-40F5-AA80-941F389D66EF} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0CD9343-287C-4665-9DE9-81D74CDC9802} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\770e7b39-13d9-43a3-b310-5724dd47c379 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {A0F7955F-0F94-47EB-940A-77A01836890D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4F53066-1450-4A6E-BEE2-A14009014BFA} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {B816CE10-546D-4D17-B40A-B377C93E95C6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\06ef9afb-24c2-4f4d-938c-4c5a06f41afa => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {C7E6B993-7445-4B75-8693-7E4A310CB7B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D0D2ACBC-F9DD-46C9-8DC0-67DCB2B311C3} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {D3387447-F274-4A76-86FE-A9A675F35AC4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\cbbf789f-3743-4d66-888d-e9cb99b58806 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {E1D7F3BC-2C97-4770-8516-D3E4EF97EC21} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E9199862-5590-4B01-BB40-D2E5D75BB9F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-06-28] (Google LLC -> Google LLC)
Task: {EB2F378A-AE7A-43B7-902F-8BFFE5AA5453} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ECE5E992-ACB6-4C75-8B02-0CC2C3CB236A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EDBA9D31-85B7-43F8-95A5-925FF3A72881} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {EE5FC23E-0361-442F-B191-20B63486D216} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1075528 2020-05-14] (McAfee, LLC -> McAfee, LLC)
Task: {F1F65D61-3813-4534-88BD-EDB205EBEAC2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3C4EECA-A02A-4CB8-829B-3C42005BA104} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F63BB018-AFA1-413F-B216-F7401EC9C5D2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F7AD7600-22FD-4215-BD7E-D81E8926B663} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.110\DADUpdater.exe [4119992 2021-10-07] (McAfee, LLC -> McAfee, LLC)
Task: {F987A84D-E536-40EE-B842-667134619A0F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{3ada2b82-5650-4c5b-bab6-65f52b1bc486}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{adf5110a-e4ed-4949-8ba1-6938c2de14c3}: [NameServer] 217.77.165.81,217.77.165.211
Tcpip\..\Interfaces\{fc97602f-da30-452a-befe-1db30205feb7}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ráďa\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-02]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-11-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-06-08] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-06-08] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default [2021-12-02]
CHR Notifications: Default -> hxxps://www.facebook.com; hxxps://www.freefilm.to; hxxps://www.netflix.com; hxxps://www.sledujfilmy.online; hxxps://www.youtube.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E211CZ714G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Prezentace) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-28]
CHR Extension: (Ekvalizér pro Chrome browser) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\abikfbojmghmfjdjlbagiamkinbmbaic [2021-08-20]
CHR Extension: (Dokumenty) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-28]
CHR Extension: (Disk Google) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-28]
CHR Extension: (Adblock na Youtube™) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-09-28]
CHR Extension: (Tabulky) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-28]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-11-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-01]
CHR Extension: (FormApps Extension) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2020-08-14]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-14]
CHR Extension: (Equalizer for YouTube™) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggiagogblgafoilijjdhcmflgekfmja [2021-10-03]
CHR Extension: (Gmail) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Equalizer) - C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbfmfcemmgekginckbkcndkdiiancm [2021-07-31]
CHR Profile: C:\Users\Ráďa\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
Opera:
=======
OPR Profile: C:\Users\Ráďa\AppData\Roaming\Opera Software\Opera Stable [2021-10-15]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Ráďa\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-10-03]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Ráďa\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-30]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 DCIService; C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe [3413424 2021-11-28] (Lavasoft Software Canada Inc. -> )
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-01] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [359808 2019-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-11-09] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_4\McApExe.exe [768256 2020-06-08] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [460704 2019-08-14] (McAfee, LLC. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.6.124.0\\McCSPServiceHost.exe [2726312 2020-05-28] (McAfee, LLC -> McAfee, LLC)
R3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1257520 2021-05-03] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-03-27] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-03-27] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-03-27] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1742272 2020-05-15] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4212808 2020-05-27] (McAfee, LLC -> McAfee, LLC)
R2 uajgexwcfwpcon; c:\windows\SysWOW64\slvlrehs.exe [327680 2021-01-13] (slvlrehs) [File not signed]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [22960 2021-11-28] (Lavasoft Software Canada Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_04baa46c48be5bb8\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_04baa46c48be5bb8\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2021-11-28] (Bitdefender SRL -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75704 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218960 2020-05-25] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [528824 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [382392 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2020-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521648 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1000880 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [595592 2020-05-01] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108168 2020-05-01] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116664 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2020-04-09] (McAfee, Inc. -> McAfee, LLC)
S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-02 12:01 - 2021-12-02 12:02 - 000032337 _____ C:\Users\Ráďa\Desktop\FRST.txt
2021-12-02 11:43 - 2021-12-02 12:00 - 002311680 _____ (Farbar) C:\Users\Ráďa\Desktop\FRST64.exe
2021-12-02 11:40 - 2021-12-02 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-11-28 14:48 - 2021-11-28 14:48 - 000367096 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2021-11-28 14:40 - 2021-11-28 14:40 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-11-28 14:40 - 2021-11-28 14:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-11-28 14:40 - 2021-11-28 14:40 - 000000000 ____D C:\Program Files\iTunes
2021-11-28 14:27 - 2021-11-28 14:27 - 000000000 ____D C:\Users\Ráďa\AppData\Local\Apple Inc
2021-11-28 14:26 - 2021-11-28 17:25 - 000000000 ____D C:\Users\Ráďa\AppData\Roaming\Apple Computer
2021-11-28 14:26 - 2021-11-28 14:26 - 000000000 ____D C:\Users\Ráďa\AppData\Local\Apple Computer
2021-11-28 14:25 - 2021-11-28 14:25 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2021-11-28 14:25 - 2021-11-28 14:25 - 000000000 ____D C:\Users\Ráďa\AppData\Local\Apple
2021-11-28 14:25 - 2021-11-28 14:25 - 000000000 ____D C:\Program Files\Common Files\Apple
2021-11-28 14:25 - 2021-11-28 14:25 - 000000000 ____D C:\Program Files\Bonjour
2021-11-28 14:25 - 2021-11-28 14:25 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-11-28 14:25 - 2021-11-28 14:25 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2021-11-22 19:17 - 2021-11-22 19:18 - 001404844 _____ C:\WINDOWS\Minidump\112221-9265-01.dmp
2021-11-16 08:00 - 2021-11-16 08:00 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-16 08:00 - 2021-11-16 08:00 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-16 08:00 - 2021-11-16 08:00 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-16 08:00 - 2021-11-16 08:00 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-16 07:55 - 2021-11-16 07:55 - 000000000 ___HD C:\$WinREAgent
2021-11-02 21:02 - 2021-12-02 11:44 - 000001592 _____ C:\WINDOWS\storelibdebug.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-12-02 12:01 - 2021-07-25 11:45 - 000000000 ____D C:\FRST
2021-12-02 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-02 11:38 - 2019-12-24 22:25 - 000000000 ____D C:\ProgramData\NVIDIA
2021-12-02 11:37 - 2020-06-28 15:12 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-02 11:36 - 2020-06-28 03:57 - 000000000 __SHD C:\Users\Ráďa\IntelGraphicsProfiles
2021-12-02 11:36 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-12-02 11:35 - 2021-04-07 23:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-02 11:35 - 2021-04-07 23:18 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-02 11:35 - 2020-06-30 02:17 - 000000000 ____D C:\WINDOWS\TempInst
2021-12-02 11:35 - 2019-12-24 22:24 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2021-12-02 11:35 - 2019-12-24 22:23 - 000000000 ___HD C:\Intel
2021-12-02 11:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-12-02 11:35 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-02 00:41 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-12-02 00:33 - 2021-04-07 23:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-29 20:46 - 2021-04-07 23:23 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:46 - 2021-04-07 23:23 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:46 - 2021-04-07 23:23 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:46 - 2021-04-07 23:23 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:46 - 2021-04-07 23:23 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:46 - 2021-04-07 23:23 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:46 - 2021-04-07 23:23 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:46 - 2021-04-07 23:23 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:46 - 2019-12-24 22:24 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-11-29 20:46 - 2019-12-24 22:24 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-11-29 20:45 - 2021-04-07 23:23 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:45 - 2021-04-07 23:23 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-11-29 20:45 - 2019-12-24 22:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-11-29 18:25 - 2021-04-07 23:25 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-29 18:25 - 2019-12-07 15:41 - 000684862 _____ C:\WINDOWS\system32\perfh005.dat
2021-11-29 18:25 - 2019-12-07 15:41 - 000137626 _____ C:\WINDOWS\system32\perfc005.dat
2021-11-28 21:40 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-28 21:40 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-28 14:41 - 2021-04-07 23:19 - 000000000 ____D C:\Users\Ráďa
2021-11-28 14:26 - 2021-10-29 14:06 - 000000000 ____D C:\ProgramData\Apple Computer
2021-11-28 14:25 - 2021-10-29 14:06 - 000000000 ____D C:\ProgramData\Apple
2021-11-28 14:24 - 2021-10-15 13:35 - 000000000 ____D C:\Users\Ráďa\Desktop\Filmy
2021-11-28 14:17 - 2021-11-01 22:19 - 000000000 ____D C:\Users\Ráďa\AppData\Local\CrashDumps
2021-11-25 20:12 - 2020-07-23 09:55 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-25 20:12 - 2020-07-23 09:55 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-22 19:18 - 2021-07-19 07:05 - 000000000 ____D C:\WINDOWS\Minidump
2021-11-22 19:17 - 2021-07-19 07:05 - 1273294034 _____ C:\WINDOWS\MEMORY.DMP
2021-11-20 12:11 - 2020-06-28 15:13 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-20 12:11 - 2020-06-28 15:13 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-19 18:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-18 18:39 - 2021-04-07 23:23 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-53953500-1734220588-2196418386-1001
2021-11-18 18:39 - 2021-04-07 23:19 - 000002385 _____ C:\Users\Ráďa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-18 17:03 - 2021-04-29 22:04 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d72bfc823cc914
2021-11-18 17:03 - 2021-04-07 23:23 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-18 04:48 - 2021-10-30 00:49 - 000000000 ____D C:\ProgramData\TEMP
2021-11-18 04:48 - 2020-12-09 06:12 - 000000000 ___HD C:\Program Files (x86)\Xhxdqtkhnpppn
2021-11-17 16:50 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-11-17 08:03 - 2021-04-07 23:18 - 000436144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-17 08:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-17 08:02 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-16 08:07 - 2019-12-24 22:27 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-11-16 08:02 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-16 07:54 - 2020-06-30 02:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-16 07:52 - 2020-06-30 02:33 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-14 21:20 - 2019-12-24 22:15 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-07 22:36 - 2021-03-02 23:49 - 000429952 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2021-11-07 22:36 - 2021-03-02 23:49 - 000109296 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2021-11-07 22:36 - 2021-03-02 23:49 - 000063728 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.InfInstaller.exe
2021-11-07 22:36 - 2019-12-24 22:14 - 000109296 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2021-11-06 13:58 - 2020-06-28 15:11 - 000000000 ____D C:\Users\Ráďa\AppData\Local\PlaceholderTileLogoFolder
2021-11-06 13:58 - 2020-06-28 03:57 - 000000000 ____D C:\Users\Ráďa\AppData\Local\Packages
2021-11-03 16:53 - 2021-04-07 23:23 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-11-02 21:09 - 2019-10-17 05:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ========
2021-03-23 14:50 - 2021-03-23 14:50 - 000000218 _____ () C:\Users\Ráďa\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
Ran by Ráďa (02-12-2021 12:02:48)
Running from C:\Users\Ráďa\Desktop
Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) (2021-04-07 22:23:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-53953500-1734220588-2196418386-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-53953500-1734220588-2196418386-503 - Limited - Disabled)
Guest (S-1-5-21-53953500-1734220588-2196418386-501 - Limited - Disabled)
Ráďa (S-1-5-21-53953500-1734220588-2196418386-1001 - Administrator - Enabled) => C:\Users\Ráďa
WDAGUtilityAccount (S-1-5-21-53953500-1734220588-2196418386-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AIO Monitoring (HKLM-x32\...\LajA9psev_is1) (Version: - )
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
iCloud Outlook (HKLM\...\{F35C51FC-B854-4106-89D2-50709F12A4B5}) (Version: 12.5.0.74 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
iTunes (HKLM\...\{604E49A2-AFBA-4478-B5C9-C6DE73F7C0ED}) (Version: 12.12.2.2 - Apple Inc.)
KONICA MINOLTA magicolor 1680MF (HKLM\...\KONICA MINOLTA magicolor 1680MF) (Version: - )
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R26 - McAfee, LLC)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 457.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.49 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Web Companion (HKLM-x32\...\{0f3c4289-3f03-4dd9-abdd-d4a7b9a77ac5}) (Version: 8.9.0.371 - Lavasoft)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.648 - McAfee, LLC)
Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.11.20.0_x86__kgqvnymyfvs32 [2021-11-10] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.69.1.0_x86__kgqvnymyfvs32 [2021-11-19] (king.com)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20500.501.0_x64__rz1tebttyb220 [2019-12-24] (Dolby Laboratories)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_12.5.74.0_x86__nzyj5cx40ttqa [2021-11-06] (Apple Inc.) [Startup Task]
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.15.0_x64__5grkq8ppsgwt4 [2021-11-21] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-19] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-19] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-30] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-23] (INTEL CORP) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-07-05] (Realtek Semiconductor Corp)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-27] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0 [2021-11-28] (Spotify AB) [Startup Task]
Vodafone Mobile Broadband -> C:\Program Files\WindowsApps\VodafoneGroupServices.VodafoneMobileBroadband_2.10.46.0_x64__cx08jceyq9bcp [2021-11-06] (Vodafone Group Services)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_04baa46c48be5bb8\nvshext.dll [2021-06-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-05-31 19:11 - 2020-11-03 04:08 - 000954864 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:8927A071 [426]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {E792D854-A94E-4340-93AA-3B4766742B22} URL = hxxp://www.bing.com/search?q={SearchTerms}&for ... TR&pc=LCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {E792D854-A94E-4340-93AA-3B4766742B22} URL = hxxp://www.bing.com/search?q={SearchTerms}&for ... TR&pc=LCTE
SearchScopes: HKLM-x32 -> DefaultScope {E792D854-A94E-4340-93AA-3B4766742B22} URL = hxxp://www.bing.com/search?q={SearchTerms}&for ... TR&pc=LCTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {E792D854-A94E-4340-93AA-3B4766742B22} URL = hxxp://www.bing.com/search?q={SearchTerms}&for ... TR&pc=LCTE
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-06-08] (McAfee, LLC -> McAfee, LLC)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-10-16 12:11 - 2020-10-16 12:16 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ráďa\Desktop\thumb-1920-263797.jpg
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{D827A3A7-074B-4F93-B09B-A8E41C85488D}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe => No File
FirewallRules: [TCP Query User{3AAFD6CE-8E79-432A-A1B4-3763D52BEF86}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe => No File
FirewallRules: [{D3AED3D4-9576-4FA6-853D-E72876968597}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{F5E0E98A-9AF4-4D0F-A1D4-01A5F5209963}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{54E5A1EE-C9C8-44BF-9B2D-4CE39D42D940}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{409ACC06-8F1F-4F0B-AA52-E581E3938E7F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{FB0CA141-0728-4542-8531-A4C5153B230A}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{0C92CBB8-D152-4B0C-A436-7AA2CF3573A3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{E2554BB3-D76E-46D2-AD9A-4D3C7E29CE41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1D2C8871-D9F6-4985-B619-9A8364890106}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{1205F55D-6387-4F2E-81C2-475BAAA2324B}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{169B23EA-F831-4BEC-9F3F-27F2728CBB9B}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe => No File
FirewallRules: [{420F434E-DFC1-44A0-A28E-BBA8DFDB563E}] => (Allow) C:\Users\Ráďa\AppData\Local\Programs\Opera\79.0.4143.50\opera.exe => No File
FirewallRules: [{F9AF1949-E7EC-41D9-91D9-17342022C334}] => (Allow) C:\Users\Ráďa\AppData\Local\Programs\Opera\79.0.4143.72\opera.exe => No File
FirewallRules: [{6817D079-4CCA-462D-91E5-096525882779}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E49D35F9-4D14-45F0-9E4A-5AEE09BCE902}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{12D3182E-EE77-43E4-9392-7C842C0EFE53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9B324E1E-D76B-4835-BA9E-CB3133038E5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B51FE806-95EC-4377-9E11-8B2959A924F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D66BA348-8AAC-4EFB-9EFC-8D24FFA49605}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C1581F73-71DE-42C8-8859-738A0AD30A1D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{648D108B-4C03-4AB7-AE3F-B4C400398AD4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4D362DF2-1C5C-4364-8711-C88D36A048AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CE97AF38-89DF-4020-BC18-4A6FEFFAF178}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F61C36DF-A6CB-43E5-9940-9C7BAF315847}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{485A2D5D-9402-41D1-A15E-84CBFBC4C729}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0C0BCD00-68A0-4656-9037-D1AC4552D2F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{862979CD-9A98-462A-A5FB-7C860C3040EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{26D74E8D-6C08-4B27-BB71-8FDF5B905367}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FE275891-12C2-41EB-A8CF-2E34FB05C67F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{50F95A39-ECB9-4FC0-A894-AE2E4D77138A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4D9B58AC-B055-4EA3-B5EA-8359FC1F5D81}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{41A949BC-5B1B-418F-A2EF-965DAAB8F811}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A5BC43CE-401D-4161-BFDB-ECD7F6281FDE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.173.517.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1E9B7D50-09E9-4747-9ECE-727FC466338E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BA196739-0173-4559-BD64-E3CA7100AF4A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D744619D-16CD-40DE-88AF-016C159F0492}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{14AD95DF-8CE6-4F52-BEA1-6B94A78438F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
==================== Restore Points =========================
16-11-2021 07:54:47 Instalační služba modulů systému Windows
26-11-2021 03:02:33 Naplánovaný kontrolní bod
28-11-2021 14:25:28 Installed iTunes
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/02/2021 11:37:33 AM) (Source: SecurityCenter) (EventID: 19) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu AntiVirusProduct z úložiště dat.
Error: (12/02/2021 11:37:33 AM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.
Error: (12/01/2021 04:18:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13938094
Error: (12/01/2021 04:18:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13938094
Error: (12/01/2021 04:18:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/01/2021 04:18:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13921907
Error: (12/01/2021 04:18:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13921907
Error: (12/01/2021 04:18:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (12/02/2021 11:36:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba zasílání zpráv_11e8ce byla ukončena s následující chybou:
Zařízení není připraveno.
Error: (12/02/2021 12:41:04 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-E9UCTG8C)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/29/2021 06:18:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba zasílání zpráv_be888 byla ukončena s následující chybou:
Zařízení není připraveno.
Error: (11/29/2021 05:32:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
%%2147943515 = Probíhá vypnutí systému.
Error: (11/29/2021 05:32:29 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-E9UCTG8C)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/29/2021 03:17:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba MessagingService_39476 byla ukončena s následující chybou:
Zařízení není připraveno.
Error: (11/29/2021 03:17:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (7:55:46, 29.11.2021) bylo neočekávané.
Error: (11/29/2021 03:16:59 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684Při zpracování obnovovacích dat došlo k závažné chybě.
Windows Defender:
================
Date: 2021-12-01 23:35:20
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {4130B1C8-8518-47CC-9E8A-6C30403A2B66}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-11-30 21:58:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {4A0BDF81-3AD1-4024-9FF2-EDF1E6F15ADD}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-11-28 21:35:04
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2581D24D-5E2F-481B-9B0C-B3C16DE1B3DB}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-11-28 18:07:50
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6629D293-EC71-49B7-A569-E2258C4E8A67}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-11-26 21:21:28
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F26EEFF3-E38D-4981-BB35-C43698A7A099}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2021-11-18 04:48:42
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Program:Win32/Wacapew.C!ml
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Program Files (x86)\Xhxdqtkhnpppn\slvlreh.exe; process:_pid:11048,ProcessStart:132816063471687250; process:_pid:11060,ProcessStart:132816063472453709
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\Xhxdqtkhnpppn\slvlreh.exe
Akce: Odebrat
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.353.1134.0, AS: 1.353.1134.0, NIS: 1.353.1134.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-16 08:09:45
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Program Files (x86)\Xhxdqtkhnpppn\slvlreh.exe; process:_pid:7280,ProcessStart:132815200727307130; process:_pid:8004,ProcessStart:132815200736896920
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\Xhxdqtkhnpppn\slvlreh.exe
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.353.1021.0, AS: 1.353.1021.0, NIS: 1.353.1021.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-11-03 15:51:47
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Program Files (x86)\Xhxdqtkhnpppn\slvlreh.exe; process:_pid:4188,ProcessStart:132804244413807059; process:_pid:9996,ProcessStart:132804244415577038
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\Xhxdqtkhnpppn\slvlreh.exe
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.353.344.0, AS: 1.353.344.0, NIS: 1.353.344.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4
Date: 2021-10-30 11:56:42
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Program Files (x86)\Xhxdqtkhnpppn\slvlreh.exe; process:_pid:5592,ProcessStart:132800253886866655; process:_pid:6104,ProcessStart:132800253885621406
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files (x86)\Xhxdqtkhnpppn\slvlreh.exe
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070005
Popis chyby: Přístup byl odepřen.
Verze bezpečnostních informací: AV: 1.353.83.0, AS: 1.353.83.0, NIS: 1.353.83.0
Verze modulu: AM: 1.1.18700.4, NIS: 1.1.18700.4
CodeIntegrity:
===============
Date: 2021-12-02 11:45:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO BGCN24WW 08/19/2019
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i5-9300H CPU @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 8072.24 MB
Available physical RAM: 3545.49 MB
Total Virtual: 14472.24 MB
Available Virtual: 8439.38 MB
==================== Drives ================================
Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:377.64 GB) NTFS
\\?\Volume{4eb01e78-fdae-40bd-b465-8db0081a2a2b}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.45 GB) NTFS
\\?\Volume{2d7497e6-dec8-465d-b99d-9b3cbfd1635e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 8D84B2C0)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
přeťožovaný HDD a procesor a zareklamovany chrome
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: přeťožovaný HDD a procesor a zareklamovany chrome
ahoj,
citat:
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt
citat:
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
Kód: Vybrat vše
Start
(slvlrehs) [File not signed] C:\Windows\SysWOW64\slvlrehs.exe
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\MountPoints2: {719fe5f4-ea31-11eb-aa9b-283926afd328} - "D:\setup.exe"
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\Run: [btweb] => "C:\Users\Ráďa\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9250224 2021-11-28] (Lavasoft Software Canada Inc. -> Lavasoft)
IE trusted site: HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{D827A3A7-074B-4F93-B09B-A8E41C85488D}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe => No File
FirewallRules: [TCP Query User{3AAFD6CE-8E79-432A-A1B4-3763D52BEF86}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe => No File
EmptyTemp:
Reboot:
End
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txtFRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: přeťožovaný HDD a procesor a zareklamovany chrome
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-12-2021
Ran by Ráďa (03-12-2021 09:35:53) Run:1
Running from C:\Users\Ráďa\Desktop
Loaded Profiles: Ráďa
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
(slvlrehs) [File not signed] C:\Windows\SysWOW64\slvlrehs.exe
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\MountPoints2: {719fe5f4-ea31-11eb-aa9b-283926afd328} - "D:\setup.exe"
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\Run: [btweb] => "C:\Users\Ráďa\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9250224 2021-11-28] (Lavasoft Software Canada Inc. -> Lavasoft)
IE trusted site: HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{D827A3A7-074B-4F93-B09B-A8E41C85488D}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe => No File
FirewallRules: [TCP Query User{3AAFD6CE-8E79-432A-A1B4-3763D52BEF86}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe => No File
EmptyTemp:
Reboot:
End
*****************
[2788] C:\Windows\SysWOW64\slvlrehs.exe => process closed successfully.
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{719fe5f4-ea31-11eb-aa9b-283926afd328} => removed successfully
"HKU\S-1-5-21-53953500-1734220588-2196418386-1001\Software\Microsoft\Windows\CurrentVersion\Run\\btweb" => removed successfully
"HKU\S-1-5-21-53953500-1734220588-2196418386-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D827A3A7-074B-4F93-B09B-A8E41C85488D}C:\program files (x86)\deluge\deluge.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3AAFD6CE-8E79-432A-A1B4-3763D52BEF86}C:\program files (x86)\deluge\deluge.exe" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 1835008 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 112805982 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 207565227 B
Edge => 800839 B
Chrome => 623438265 B
Firefox => 0 B
Opera => 148743304 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1698034 B
systemprofile32 => 1698034 B
LocalService => 1946004 B
NetworkService => 2489138 B
Ráďa => 63805482 B
RecycleBin => 15579360015 B
EmptyTemp: => 15.6 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:36:53 ====
Ran by Ráďa (03-12-2021 09:35:53) Run:1
Running from C:\Users\Ráďa\Desktop
Loaded Profiles: Ráďa
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
(slvlrehs) [File not signed] C:\Windows\SysWOW64\slvlrehs.exe
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\MountPoints2: {719fe5f4-ea31-11eb-aa9b-283926afd328} - "D:\setup.exe"
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\Run: [btweb] => "C:\Users\Ráďa\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [9250224 2021-11-28] (Lavasoft Software Canada Inc. -> Lavasoft)
IE trusted site: HKU\S-1-5-21-53953500-1734220588-2196418386-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{D827A3A7-074B-4F93-B09B-A8E41C85488D}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe => No File
FirewallRules: [TCP Query User{3AAFD6CE-8E79-432A-A1B4-3763D52BEF86}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe => No File
EmptyTemp:
Reboot:
End
*****************
[2788] C:\Windows\SysWOW64\slvlrehs.exe => process closed successfully.
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{719fe5f4-ea31-11eb-aa9b-283926afd328} => removed successfully
"HKU\S-1-5-21-53953500-1734220588-2196418386-1001\Software\Microsoft\Windows\CurrentVersion\Run\\btweb" => removed successfully
"HKU\S-1-5-21-53953500-1734220588-2196418386-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
HKU\S-1-5-21-53953500-1734220588-2196418386-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D827A3A7-074B-4F93-B09B-A8E41C85488D}C:\program files (x86)\deluge\deluge.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3AAFD6CE-8E79-432A-A1B4-3763D52BEF86}C:\program files (x86)\deluge\deluge.exe" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 1835008 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 112805982 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 207565227 B
Edge => 800839 B
Chrome => 623438265 B
Firefox => 0 B
Opera => 148743304 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1698034 B
systemprofile32 => 1698034 B
LocalService => 1946004 B
NetworkService => 2489138 B
Ráďa => 63805482 B
RecycleBin => 15579360015 B
EmptyTemp: => 15.6 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:36:53 ====
Re: přeťožovaný HDD a procesor a zareklamovany chrome
je po restarte PC este nejaky problem 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: přeťožovaný HDD a procesor a zareklamovany chrome
zdá se že je vše v pořadku
dík
dík
Re: přeťožovaný HDD a procesor a zareklamovany chrome
To ma tesi 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?