Dobrý den, mám problém s občasným zamrznutím počítače. Budu velmi vděčný pokud mi prohlédnete a zkontrolujete log z FRST, log z RSIT jsem nebyl schopen vytvořit protože mi nejde aplikace stáhnout. Moc děkuji a přeji krásný den.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-03-2022
Ran by richard (administrator) on LAPTOP-57KROEIM (Acer Aspire A114-32) (20-03-2022 20:24:18)
Running from C:\Users\richard\Desktop
Loaded Profiles: richard & richard123 & richardč
Platform: Microsoft Windows 10 Home Version 21H1 19043.1526 (X64) Language: Czech (Czechia) -> English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\SgbTray.exe ->) (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster) C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\SgbTemperature.exe
(C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1420.6.106.0_x64__8xx8rvfyw5nnt\app\Messenger.exe ->) (Facebook Inc) C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1420.6.106.0_x64__8xx8rvfyw5nnt\app\CrashpadHandlerWindows.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe
(explorer.exe ->) (Facebook Inc) C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1420.6.106.0_x64__8xx8rvfyw5nnt\app\Messenger.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.63.16003.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.63.16003.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(svchost.exe ->) (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster) C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\SgbTray.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WerFault.exe
(svchost.exe ->) (ORANGE VIEW LIMITED -> iTop Inc.) C:\Program Files (x86)\iTop VPN\iTopVPN.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\Run: [SmartRAM] => "C:\Program Files (x86)\IObit\Advanced SystemCare\Suo10_SmartRAM.exe" /m (No File)
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\MountPoints2: {6a615e4b-a6ac-11ec-90c9-b4a9fc16198e} - "D:\Setup.exe"
HKU\S-1-5-21-3915151740-1426692731-32443103-1002\...\RunOnce: [Application Restart #0] => C:\Program Files\Google\Chrome\Application\chrome.exe --origin-trial-disabled-features=SecurePaymentConfirmation --restore-last-session
HKU\S-1-5-21-3915151740-1426692731-32443103-1008\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\richardč\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3915151740-1426692731-32443103-1008\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\richardč\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3915151740-1426692731-32443103-1008\...\RunOnce: [Uninstall 19.043.0304.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\richardč\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64"
HKU\S-1-5-21-3915151740-1426692731-32443103-1008\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\richardč\AppData\Local\Microsoft\OneDrive\19.043.0304.0013"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\99.0.4844.51\Installer\chrmstp.exe [2022-03-04] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1D7D201C-BFB5-4310-8832-89A6838B9D43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-01] (Google LLC -> Google LLC)
Task: {2B7F6710-9186-4969-8277-C83DBCFCF67B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NoUACCheck
Task: {3AB32BB6-1DAF-41BB-A582-CC1B830BEE28} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\RtkAudUService64.exe [963056 2019-07-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {3C70FF21-6D94-4376-8BBD-71E5E748D2EE} - System32\Tasks\Oem\AcerJumpstartSwitchTask => C:\OEM\Amundsen2\AJ3\hermes.exe [65064 2020-03-16] (Acer Incorporated -> Acer)
Task: {4B10602B-C04B-4825-A84F-BF958DC983D4} - System32\Tasks\uninstaller_update => C:\Program Files (x86)\IObit\IObit Uninstaller\BigUpgrade_IU.exe /bigupgrade /3 (No File)
Task: {60EA1DDB-7AE5-4106-BB6D-67DC80C3DBDD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {91590114-5636-4E8A-9062-58C2278CF39B} - System32\Tasks\SmartGameBooster Update => C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\SgbUpdater.exe [2812928 2021-04-12] (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster)
Task: {9A946650-772A-4B94-AF8F-789EE697AB9B} - System32\Tasks\SmartGameBooster SkipUAC (richard) => C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\SgbMain.exe [5813760 2021-04-22] (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster)
Task: {AD241C34-85FA-42C6-9727-8E8CEFD5A010} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BBD586A8-7798-4467-8615-04D19F688057} - System32\Tasks\iTopVPN_Update_richard => C:\Program Files (x86)\iTop VPN\atud.exe [3039232 2022-02-26] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {CDF6C3C7-7E7F-4BF1-88A9-C64FA28DDBAF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D2EFBF72-F259-4D57-9088-65A5316CFC0A} - System32\Tasks\SmartGameBooster Startup => C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\SgbTray.exe [1817600 2021-04-12] (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster)
Task: {D7FA36F8-65A0-4260-86A6-FD7EC54B5B69} - System32\Tasks\iTopVPN_SkipUAC_richard => C:\Program Files (x86)\iTop VPN\iTopVPN.exe [6255104 2022-02-28] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {E3F97D6F-1C85-4255-9B8B-509951886388} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EADDF1BC-D855-4304-ABEA-55BDDA7355D6} - System32\Tasks\iTopVPN_Scheduler_richard => C:\Program Files (x86)\iTop VPN\iTopVPN.exe [6255104 2022-02-28] (ORANGE VIEW LIMITED -> iTop Inc.)
Task: {F1592EA4-4D71-40AA-85DF-9E1A94498B8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-01] (Google LLC -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.35.1.1 8.8.8.8
Tcpip\..\Interfaces\{7586c2d1-1119-4699-bea1-43f6a0ee561e}: [DhcpNameServer] 10.35.1.1 8.8.8.8
Tcpip\..\Interfaces\{a24ccfbd-2cc7-4cc3-b979-52078e77337f}: [DhcpNameServer] 10.35.1.1 8.8.8.8
Tcpip\..\Interfaces\{c1a0b3c2-7d9b-460f-9ec1-4ecd923b4991}: [DhcpNameServer] 10.35.1.1 8.8.8.8
Edge:
=======
DownloadDir: C:\Users\richard\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\richard\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-17]
Edge HomePage: Default -> hxxp://acer17win10.msn.com/?pc=ACTE
Edge Extension: (HTTPS Everywhere) - C:\Users\richard\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fchjpkplmbeeeaaogdbhjbgbknjobohb [2022-01-20]
Edge Extension: (UltraBlock - Privacy Protection & Adblock) - C:\Users\richard\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcohocmebkndjboepljjajkmkceooegb [2022-01-20]
Edge Extension: (CrossPilot) - C:\Users\richard\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\migomhggnppjdijnfkiimcpjgnhmnale [2022-01-20]
Edge Extension: (Kano APP) - C:\Users\richard\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nkpinkdkgeifbfadbpipebpeohmblldb [2020-07-21]
Edge Profile: C:\Users\richard\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-03-17]
Edge Profile: C:\Users\richard\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2022-01-05]
FireFox:
========
FF DefaultProfile: wl25aqzz.default
FF ProfilePath: C:\Users\richard\AppData\Roaming\Mozilla\Firefox\Profiles\wl25aqzz.default [2021-03-05]
FF user.js: detected! => C:\Users\richard\AppData\Roaming\Mozilla\Firefox\Profiles\wl25aqzz.default\user.js [2022-01-01]
FF ProfilePath: C:\Users\richard\AppData\Roaming\Mozilla\Firefox\Profiles\70a8at3i.default-release [2022-03-17]
FF user.js: detected! => C:\Users\richard\AppData\Roaming\Mozilla\Firefox\Profiles\70a8at3i.default-release\user.js [2022-01-01]
FF Notifications: Mozilla\Firefox\Profiles\70a8at3i.default-release -> hxxps://meet.google.com
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default [2022-03-20]
CHR Notifications: Default -> hxxps://allhugenews.com; hxxps://aternos.org; hxxps://cak5.givestmentdr.club; hxxps://dhoca.rtherdevelo.biz; hxxps://download-alert.com; hxxps://etailbree.pro; hxxps://hrope.pro; hxxps://install.search-aholic.com; hxxps://itabsolan.com; hxxps://jkkmh.hierarched.space; hxxps://mail.google.com; hxxps://mail.protonmail.com; hxxps://meet.google.com; hxxps://orcommiss.club; hxxps://push-cjdeije-5018.pushails.com; hxxps://recontent.casa; hxxps://rewinside.tv; hxxps://sbwyj.lukdliketobep.xyz; hxxps://triumphantplace.com; hxxps://www.prepostseo.com; hxxps://www.vivantis.cz; hxxps://www1a.michellehardin.pro; hxxps://www1a.samcunningham.pro; hxxps://www2.richardwashington.pro; hxxps://www20.eloypatrick.pro; hxxps://www32.elbaestes.pro; hxxps://www53.elbaestes.pro; hxxps://www56.eloypatrick.pro
CHR Session Restore: Default -> is enabled.
CHR Extension: (Překladač Google) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-11]
CHR Extension: (Prezentace) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-01-19]
CHR Extension: (Dokumenty) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-01-19]
CHR Extension: (Disk Google) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-19]
CHR Extension: (Social Blade) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2021-06-05] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
CHR Extension: (Foxified) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldmemdnllncchfahbcnjijheaolemfk [2022-03-02]
CHR Extension: (Tabulky) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-01-19]
CHR Extension: (HTTPS Everywhere) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-07-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-15]
CHR Extension: (PrePostSEO Tools for Chrome!) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjoomidleehpnpjdknmidmibcbehegc [2021-12-13]
CHR Extension: (UltraBlock - Privacy Protection & Adblock) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijnodnmgpgmgaajhagolfiemmmamfcgb [2021-12-30]
CHR Extension: (IObit Surfing Protection) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\imgpenhngnbnmhdkpdfnfhdpmfgmihdn [2021-11-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\richard\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-03-17]
CHR Profile: C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-03-17]
CHR Notifications: Profile 1 -> hxxps://calendar.google.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://spbey.effectinaver.top; hxxps://www42.elbaestes.pro
CHR Extension: (Prezentace) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-19]
CHR Extension: (Dokumenty) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-19]
CHR Extension: (Disk Google) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (YouTube) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-19]
CHR Extension: (Boxel Rebound 2 (Better fonts)) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\facnhebljmlfaocignnkpenlacfhmpef [2020-11-05]
CHR Extension: (Tabulky) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-07]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-11-25]
CHR Extension: (Boxel Rebound) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iginnfkhmmfhlkagcmpgofnjhanpmklb [2021-10-08]
CHR Extension: (Boxel 3D) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mjjgmlmpeaikcaajghilhnioimmaibon [2021-10-08]
CHR Extension: (Boxel Rebound 2) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mpkjelknejliamodagmfbdegeabmmbhh [2020-11-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02]
CHR Extension: (Gmail) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-03-17]
CHR Notifications: Profile 2 -> hxxps://mail.google.com; hxxps://meet.google.com
CHR Extension: (Prezentace) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-20]
CHR Extension: (Dokumenty) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-20]
CHR Extension: (Disk Google) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-20]
CHR Extension: (YouTube) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-20]
CHR Extension: (Tabulky) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-20]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-01-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-12]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-20]
CHR Extension: (Gmail) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-20]
CHR Profile: C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-03-17]
CHR Notifications: Profile 3 -> hxxps://meet.google.com
CHR Extension: (Překladač Google) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-03]
CHR Extension: (Prezentace) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-22]
CHR Extension: (Dokumenty) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-22]
CHR Extension: (Disk Google) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-22]
CHR Extension: (YouTube) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-22]
CHR Extension: (Social Blade) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2021-11-27] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
CHR Extension: (Tabulky) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-22]
CHR Extension: (HTTPS Everywhere) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2021-11-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-03]
CHR Extension: (UltraBlock - Privacy Protection & Adblock) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ijnodnmgpgmgaajhagolfiemmmamfcgb [2022-01-04]
CHR Extension: (Grammarly for Chrome) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2022-03-03]
CHR Extension: (Meet Plus for Google Meet) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lbfjgknkjfjmnjdgdhbbmmbkoddgpdoc [2022-01-04]
CHR Extension: (CrossPilot) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\migomhggnppjdijnfkiimcpjgnhmnale [2022-03-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-22]
CHR Extension: (Gmail) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-22]
CHR Profile: C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5 [2022-03-17]
CHR Extension: (Prezentace) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-10-29]
CHR Extension: (Dokumenty) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2021-10-29]
CHR Extension: (Disk Google) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-10-29]
CHR Extension: (YouTube) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-10-29]
CHR Extension: (Tabulky) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-10-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-10-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-10-29]
CHR Extension: (Gmail) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-10-29]
CHR Profile: C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6 [2022-03-17]
CHR Extension: (Prezentace) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-16]
CHR Extension: (Dokumenty) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-16]
CHR Extension: (Disk Google) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-16]
CHR Extension: (YouTube) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-16]
CHR Extension: (Tabulky) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2021-12-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-16]
CHR Extension: (Gmail) - C:\Users\richard\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-16]
CHR Profile: C:\Users\richard\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-17]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
Opera:
=======
OPR Profile: C:\Users\richard\AppData\Roaming\Opera Software\Opera Stable [2021-02-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-17] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2022-03-20] (CPUID -> CPUID)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-17] (Microsoft Windows -> Microsoft Corporation)
S3 AscFileControl; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileControl.sys [X]
S3 AscFileFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [X]
S3 AscRegistryFilter; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [X]
U4 HomeGroupProvider; no ImagePath
S3 VBAudioVMVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmvaio64_win10.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-20 20:18 - 2022-03-20 20:25 - 000029607 _____ C:\Users\richard\Desktop\FRST.txt
2022-03-20 20:18 - 2022-03-20 20:24 - 000000000 ____D C:\FRST
2022-03-20 20:14 - 2022-03-20 20:15 - 002364928 _____ (Farbar) C:\Users\richard\Desktop\FRST64.exe
2022-03-20 19:32 - 2022-03-20 19:32 - 000000000 ___HD C:\$WinREAgent
2022-03-20 19:28 - 2022-03-20 19:28 - 000003660 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-03-20 19:26 - 2022-03-20 19:26 - 000000000 ____D C:\Users\richard\AppData\Roaming\Suo10_SmartRAM
2022-03-18 12:14 - 2022-03-18 12:14 - 000000000 ____D C:\WINDOWS\Panther
2022-03-17 21:14 - 2019-02-23 02:52 - 3336745218 _____ C:\Users\richard\Desktop\Slunce, seno, jahody-(1983) FullHD.mp4
2022-03-15 00:36 - 2022-03-15 00:56 - 085573076 _____ C:\Users\richard\Downloads\Meghan Trainor - I'm a Lady (From the motion picture SMURFS! THE LOST VILLAGE).mp4
2022-03-14 19:50 - 2022-03-14 19:51 - 000000000 ___RD C:\Users\richard\Desktop\
2022-03-14 18:58 - 2022-03-14 18:58 - 000668747 _____ C:\Users\richard\Downloads\Google_Interland_Šárka Tesařová_Certificate_of_Awesomeness.pdf
2022-03-14 18:56 - 2022-03-14 18:56 - 000656597 _____ C:\Users\richard\Downloads\Google_Interland_Šarka Tesařová_Certificate_of_Alertness.pdf
2022-03-14 16:29 - 2022-03-14 16:20 - 000668830 _____ C:\Users\richard\Downloads\Google_Interland_Denis Kučera_Certificate_of_Awesomeness - Copy.pdf
2022-03-14 16:20 - 2022-03-14 16:20 - 000668830 _____ C:\Users\richard\Downloads\Google_Interland_Denis Kučera_Certificate_of_Awesomeness.pdf
2022-03-14 10:47 - 2022-03-20 20:23 - 000000000 ____D C:\Users\richard\Downloads\New folder
2022-03-14 01:34 - 2022-03-14 01:34 - 000668503 _____ C:\Users\richard\Downloads\Google_Interland_Richard Tesař_Certificate_of_Awesomeness.pdf
2022-03-14 01:33 - 2022-03-14 01:33 - 000658904 _____ C:\Users\richard\Downloads\Google_Interland_Richard Tesař_Certificate_of_Kindness.pdf
2022-03-14 01:17 - 2022-03-14 01:18 - 000657209 _____ C:\Users\richard\Downloads\Google_Interland_Richard Tesař_Certificate_of_Strongness.pdf
2022-03-14 00:10 - 2022-03-14 00:11 - 000654783 _____ C:\Users\richard\Downloads\Google_Interland_Richard Tesař_Certificate_of_Smartness.pdf
2022-03-13 23:49 - 2022-03-13 23:50 - 000656378 _____ C:\Users\richard\Downloads\Google_Interland_Richard Tesař_Certificate_of_Alertness.pdf
2022-03-12 15:32 - 2022-03-12 15:56 - 358621506 _____ C:\Users\richard\Downloads\Šmoulové-133.Šmoulata - část druhá-23m-HD-720p-I.avi
2022-03-11 16:00 - 2022-03-11 16:00 - 006966130 _____ () C:\Users\richard\Desktop\tecnical.launcher.exe
2022-03-10 02:01 - 2022-03-10 02:09 - 153729617 _____ C:\Users\richard\Downloads\Želvy Ninja 02x20 Legenda o Kuro Kabuto.mp4
2022-03-10 01:52 - 2022-03-10 02:00 - 156791703 _____ C:\Users\richard\Downloads\Želvy Ninja 02x22 Pomsta je má.mp4
2022-03-09 19:23 - 2022-03-09 19:27 - 149131596 _____ C:\Users\richard\Desktop\Kolíčky, MenT a Smusa-Bloody Trapland.mp4
2022-03-08 21:15 - 2022-03-16 21:20 - 000000058 _____ C:\Users\richard\Desktop\facebook a waze.txt
2022-03-08 15:53 - 2022-03-08 15:53 - 000000000 ____D C:\Users\richard\AppData\Roaming\DAZ 3D
2022-03-08 15:50 - 2022-03-08 15:50 - 000001965 _____ C:\Users\richard\Desktop\DazCentral (64-bit).lnk
2022-03-08 15:50 - 2022-03-08 15:50 - 000000000 ____D C:\Users\richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2022-03-08 15:49 - 2022-03-08 15:49 - 000000000 ____D C:\Program Files\DAZ 3D
2022-03-02 22:07 - 2022-03-20 20:21 - 000000000 ____D C:\Program Files (x86)\iTop VPN
2022-03-02 22:07 - 2022-03-02 22:08 - 000000000 ____D C:\Users\richard\AppData\Roaming\iTop VPN
2022-03-02 22:07 - 2022-03-02 22:07 - 000003294 _____ C:\WINDOWS\system32\Tasks\iTopVPN_Update_richard
2022-03-02 22:07 - 2022-03-02 22:07 - 000003258 _____ C:\WINDOWS\system32\Tasks\iTopVPN_Scheduler_richard
2022-03-02 22:07 - 2022-03-02 22:07 - 000003052 _____ C:\WINDOWS\system32\Tasks\iTopVPN_SkipUAC_richard
2022-03-02 22:07 - 2022-03-02 22:07 - 000001091 _____ C:\Users\Public\Desktop\iTop VPN.lnk
2022-03-02 22:07 - 2022-03-02 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop VPN
2022-03-02 21:54 - 2022-03-02 21:54 - 000000000 ____D C:\WINDOWS\system32\braille-tables
2022-03-02 21:54 - 2022-03-02 21:54 - 000000000 ____D C:\WINDOWS\brltty
2022-03-02 21:53 - 2019-10-15 13:47 - 000823680 _____ C:\WINDOWS\system32\liblouis.dll
2022-03-02 21:53 - 2019-10-15 13:47 - 000770936 _____ C:\WINDOWS\system32\brlapi.dll
2022-03-02 21:53 - 2019-10-15 13:47 - 000026248 _____ C:\WINDOWS\system32\Third Party Notices-Braille.txt
2022-03-01 17:56 - 2022-03-01 17:56 - 000000000 ____D C:\Users\richard\Desktop\New folder (2)
2022-03-01 17:54 - 2022-03-18 12:15 - 000000000 ____D C:\Users\richard\Desktop\New folder
2022-03-01 16:31 - 2022-03-14 18:59 - 000000000 ____D C:\Users\richard\Desktop\h
2022-02-26 15:20 - 2022-02-26 15:39 - 324551720 _____ C:\Users\richard\Desktop\Městečko záhad s02e11 Všechno je jinak.mkv
2022-02-26 14:27 - 2022-02-26 14:27 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2022-02-20 18:47 - 2022-02-20 18:47 - 000000000 ____D C:\Users\richard\AppData\Local\Steam
2022-02-20 18:00 - 2022-02-20 18:00 - 000000000 ____D C:\Users\richard\AppData\Roaming\WinRAR
2022-02-20 18:00 - 2022-02-20 18:00 - 000000000 ____D C:\Users\richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-02-20 18:00 - 2022-02-20 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-02-20 18:00 - 2022-02-20 18:00 - 000000000 ____D C:\Program Files\WinRAR
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-20 20:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-20 20:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-20 20:24 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-20 20:23 - 2021-11-27 15:23 - 002258408 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2022-03-20 20:23 - 2021-11-27 15:23 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2022-03-20 20:22 - 2022-01-02 01:37 - 000218576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2022-03-20 20:22 - 2021-11-27 15:23 - 000337384 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2022-03-20 20:22 - 2021-11-27 15:23 - 000198120 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2022-03-20 20:22 - 2021-11-27 15:23 - 000120296 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2022-03-20 20:22 - 2021-11-27 15:23 - 000062928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2022-03-20 20:22 - 2020-01-19 19:44 - 000000000 ____D C:\Program Files (x86)\Google
2022-03-20 20:19 - 2021-04-17 01:13 - 001521674 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-20 20:19 - 2019-12-07 15:41 - 000649638 _____ C:\WINDOWS\system32\perfh005.dat
2022-03-20 20:19 - 2019-12-07 15:41 - 000122964 _____ C:\WINDOWS\system32\perfc005.dat
2022-03-20 20:10 - 2021-07-18 17:08 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-20 20:10 - 2021-04-17 01:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-20 20:10 - 2021-04-17 01:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-03-20 20:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-20 20:10 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-03-20 19:26 - 2021-02-26 13:41 - 000000000 ____D C:\Users\richard\AppData\LocalLow\IObit
2022-03-20 19:26 - 2021-02-26 13:41 - 000000000 ____D C:\ProgramData\IObit
2022-03-17 21:47 - 2021-03-06 02:32 - 000000000 ____D C:\Users\richard\AppData\Roaming\vlc
2022-03-17 21:47 - 2021-02-26 13:42 - 000000000 ____D C:\ProgramData\ProductData
2022-03-17 15:52 - 2019-06-26 16:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-03-17 15:43 - 2020-01-04 13:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-17 15:42 - 2020-01-04 13:30 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-03-17 15:31 - 2021-04-17 01:04 - 000637928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-17 15:31 - 2019-12-07 10:03 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2022-03-17 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-17 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-17 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-03-17 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-03-17 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-03-17 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-03-17 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-03-17 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-17 15:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-17 15:30 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-17 15:29 - 2022-01-04 04:20 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-03-14 13:02 - 2020-06-11 18:10 - 000000000 ____D C:\Users\richard\AppData\Local\CrashDumps
2022-03-13 21:31 - 2019-12-29 18:08 - 000000000 ____D C:\Users\richard\AppData\Local\D3DSCache
2022-03-12 01:40 - 2020-07-21 09:34 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-11 19:02 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-03-11 18:30 - 2020-07-20 18:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-03-11 16:05 - 2021-01-03 19:54 - 000000000 ____D C:\Users\richard\AppData\Roaming\.minecraft
2022-03-11 16:00 - 2019-12-29 18:35 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2022-03-11 15:59 - 2021-08-02 13:42 - 000000000 ____D C:\Users\richard\AppData\Roaming\.technic
2022-03-09 21:52 - 2019-12-24 23:51 - 000000000 ____D C:\ProgramData\Packages
2022-03-09 21:52 - 2019-12-24 23:30 - 000000000 ____D C:\Users\richard\AppData\Local\Packages
2022-03-09 21:48 - 2019-12-29 18:14 - 000000000 ____D C:\Users\richard\AppData\Local\PlaceholderTileLogoFolder
2022-03-09 03:32 - 2021-04-25 23:43 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7331de1109692
2022-03-09 03:32 - 2021-04-17 01:18 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-08 15:52 - 2020-11-01 00:10 - 000000000 ____D C:\ProgramData\Package Cache
2022-03-04 02:31 - 2021-01-01 16:35 - 000002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-02 22:05 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-23 03:25 - 2019-12-27 15:42 - 000000000 ____D C:\Program Files\UNP
2022-02-20 15:50 - 2021-07-04 12:19 - 000000000 ___RD C:\Users\richardč\OneDrive
2022-02-20 15:50 - 2021-02-06 12:39 - 000000000 ___RD C:\Users\richard123\OneDrive
2022-02-20 15:43 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
==================== Files in the root of some directories ========
2021-11-28 02:09 - 2021-11-28 02:09 - 000000000 ____D () C:\ProgramData\BatteryOptimizer.exe
2022-01-04 16:29 - 2022-01-04 16:55 - 000000015 _____ () C:\Users\richard\AppData\Roaming\obs-virtualcam.txt
2021-03-08 20:38 - 2021-08-16 10:13 - 000004684 _____ () C:\Users\richard\AppData\Roaming\VoiceMeeterDefault.xml
2021-03-15 09:43 - 2021-10-11 20:47 - 000007650 _____ () C:\Users\richard\AppData\Local\Resmon.ResmonCfg
2021-09-03 14:02 - 2021-09-03 14:02 - 000000000 _____ () C:\Users\richard\AppData\Local\{A782520B-3E7A-48E2-961C-7590FC1DDA40}
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\WINDOWS\SysWOW64\lastpass_1337.exe [2020-06-19] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-03-2022
Ran by richard (20-03-2022 20:26:23)
Running from C:\Users\richard\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1526 (X64) (2021-04-17 00:19:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3915151740-1426692731-32443103-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3915151740-1426692731-32443103-503 - Limited - Disabled)
Guest (S-1-5-21-3915151740-1426692731-32443103-501 - Limited - Disabled)
richard (S-1-5-21-3915151740-1426692731-32443103-1001 - Administrator - Enabled) => C:\Users\richard
richard123 (S-1-5-21-3915151740-1426692731-32443103-1002 - Administrator - Enabled) => C:\Users\richard123
richardč (S-1-5-21-3915151740-1426692731-32443103-1008 - Administrator - Enabled) => C:\Users\richardč
WDAGUtilityAccount (S-1-5-21-3915151740-1426692731-32443103-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (HKLM-x32\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Acer JumpStart (HKLM-x32\...\{1E7976D1-0A54-401C-B92D-076EB532CAD6}) (Version: 3.3.19180.100 - Acer)
CodeTwo QR Code Desktop Reader & Generator (HKLM-x32\...\{AF7E31D6-980C-4788-B80C-47F1837CF44C}) (Version: 1.1.2.4 - CodeTwo)
DazCentral (64-bit) (HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\DazCentral (64-bit) 1.5.0.20) (Version: 1.5.0.20 - DAZ 3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC)
iTop VPN (HKLM-x32\...\iTop VPN_is1) (Version: 3.2.0.2655 - iTop Inc.)
Java 8 Update 301 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Java 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Java SE Development Kit 8 Update 311 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180311}) (Version: 8.0.3110.11 - Oracle Corporation)
LibreOffice 7.1.5.2 (HKLM\...\{4F0D0C39-A2CD-4908-AA4C-A1CC9BDCD71A}) (Version: 7.1.5.2 - The Document Foundation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.39 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 99.0.1150.39 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{911FBC64-4C64-4B8F-A637-B34832638C86}) (Version: 1.0.0.0 - Mojang)
paint.net (HKLM\...\{91513DD9-5D06-4ABE-AB5A-BA90F426ED5F}) (Version: 4.3.4 - dotPDN LLC)
Skype version 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Smart Game Booster 5.2 (HKLM-x32\...\Smart Game Booster_is1) (Version: 5.2.0 - Smart Game Booster)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 6.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.10.0 - win.rar GmbH)
Packages:
=========
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.927.1.0_neutral__8xx8rvfyw5nnt [2022-03-13] (Facebook Inc)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1420.6.106.0_x64__8xx8rvfyw5nnt [2022-03-09] (Facebook Inc) [Startup Task]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2021-04-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2021-04-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-24] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-05-15] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) <==== ATTENTION
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers1: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} => C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\MenuExt64.dll [2020-10-21] (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} => C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\MenuExt64.dll [2020-10-21] (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} => C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\MenuExt64.dll [2020-10-21] (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} => C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.0\MenuExt64.dll [2020-10-21] (Chengdu Zhagu Technology Co., Ltd. -> Smart Game Booster)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Prevody jednotek.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=dongagcakpkhjgfadecnilinfimffhop
ShortcutWithArgument: C:\Users\richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Twitter.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=jgeocpdicgmkeemopbanhokmhcgcflmi
ShortcutWithArgument: C:\Users\richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\richard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
ShortcutWithArgument: C:\Users\richard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Richard (scioskola.cz) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-3915151740-1426692731-32443103-1001 -> DefaultScope {28EB9962-9797-4E84-9307-4BE09E0E1FF7} URL =
SearchScopes: HKU\S-1-5-21-3915151740-1426692731-32443103-1001 -> {28EB9962-9797-4E84-9307-4BE09E0E1FF7} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~2\IObit\ADVANC~1\SURFIN~1\BROWER~1\ASCPLU~1.DLL => No File
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 08:31 - 2021-07-04 11:41 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-03-18 19:23 - 2021-07-25 18:51 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3915151740-1426692731-32443103-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3915151740-1426692731-32443103-1008\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.35.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\StartupApproved\Run: => "Zoom"
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\StartupApproved\Run: => "Advanced SystemCare"
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_9D132AD0FB65F9DCE394B556B6597B3E"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0AF83253-218F-404E-B192-5E67CC81A722}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13901.20336.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{AC3F8F08-3CAC-4A64-B60D-E89896BA40AD}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{32B05F59-920F-4D96-8722-69ACCE178DDD}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{7E3C4CA0-9D33-4F1A-B70F-95D93BCE7B1A}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{56DE2C2D-E365-41B4-8741-2916CE9C6032}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{EF7E86AA-6608-440F-8C5B-3170830792A9}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{836CF2D4-9E00-4709-AAFE-BD972B545671}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{89621754-7629-42F1-8672-92669CF09A47}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21C40335-81DD-49C5-B832-2FA7C2913213}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C60BB166-CE94-4E2B-9D4D-201EE30C37B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BEB0313A-14A8-4C3F-BFD1-E45A8424E8F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{79335B9C-494B-43A2-BE65-E63D3DD0097A}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{F331F443-B791-4A65-8D24-4426F07D7643}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [TCP Query User{93A306C4-D095-47C5-B5D7-6F82858DA5B8}C:\program files (x86)\java\jre1.8.0_301\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_301\bin\javaw.exe
FirewallRules: [UDP Query User{9F71801F-3B74-405A-8EED-C558F35CD6E8}C:\program files (x86)\java\jre1.8.0_301\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_301\bin\javaw.exe
FirewallRules: [TCP Query User{85670E8E-9738-4ECD-B9FE-F127C8B89CBA}C:\users\richard\appdata\roaming\.technic\runtimes\jre-legacy\bin\javaw.exe] => (Block) C:\users\richard\appdata\roaming\.technic\runtimes\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{F48E8182-2476-4985-9E20-58A5939FBB21}C:\users\richard\appdata\roaming\.technic\runtimes\jre-legacy\bin\javaw.exe] => (Block) C:\users\richard\appdata\roaming\.technic\runtimes\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{BE594AD4-4361-43A3-B797-51C49B1093A7}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{6D8530C7-2B72-4779-A15E-434297D59519}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [{FC51797B-1E56-40F4-B974-FA8E8A1EDBAA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{32100B1B-FF9A-4EF3-BBCB-93A6EDC688B9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{102E9D1F-6211-4F11-AA0A-755B06A91ED5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{58247303-50DC-4C57-B7B4-04E70A26D306}C:\program files\java\jre1.8.0_311\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_311\bin\javaw.exe
FirewallRules: [UDP Query User{6D8AF56B-C4C9-43CB-BA10-D93136945896}C:\program files\java\jre1.8.0_311\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_311\bin\javaw.exe
FirewallRules: [{B4948BAF-3AF7-446C-8A5B-28F4F2D9306C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BCB2C414-E2B8-431B-A5F6-39A89B809A7D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{47C9D88E-8244-4DB6-9220-9DD35E7AA162}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3E68CE57-E67C-4E15-AF86-ED0CE523EFF7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.39\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/18/2022 12:13:37 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10401.16510) TYPE: ERROR MODULE: THERMALAPI FUNC: ThermalApiMonitor_InitializeEntry FILE: thermal_api_monitor.c LINE: 1023 TIME: 19499 ms
pfnPowerRegisterEnvironmentalMonitor failed for participant : 2
Error: (03/17/2022 03:30:03 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10401.16510) TYPE: ERROR MODULE: THERMALAPI FUNC: ThermalApiMonitor_InitializeEntry FILE: thermal_api_monitor.c LINE: 1023 TIME: 32092 ms
pfnPowerRegisterEnvironmentalMonitor failed for participant : 2
Error: (03/14/2022 01:02:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 99.0.4844.51, time stamp: 0x621a5973
Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp: 0xe2f8ca76
Exception code: 0xc0000005
Fault offset: 0x0000000000030f64
Faulting process id: 0x2e20
Faulting application start time: 0x01d8379002cf45aa
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 59867fd1-ad4c-4c14-b9cd-dc8f180f9ba5
Faulting package full name:
Faulting package-relative application ID:
Error: (03/08/2022 03:52:07 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, Neplatný popisovač.
.
Operace:
Spouštění asynchronní operace
Kontext:
Aktuální stav: DoSnapshotSet
Error: (02/28/2022 07:03:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Cortana.exe version 3.2111.12605.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1ae4
Start Time: 01d8273e104ebfa9
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
Report Id: dbe69686-8898-4907-aba8-014460b9e6ad
Faulting package full name: Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (02/26/2022 02:40:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5
Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19
Exception code: 0xc000041d
Fault offset: 0x00005514
Faulting process id: 0x3320
Faulting application start time: 0x01d82b138b26617b
Faulting application path: C:\Users\richard\AppData\Local\Temp\is-TLKDI.tmp\Setup.tmp
Faulting module path: botva2.dll
Report Id: 8ba9613c-0263-46a3-9d81-0fc548f4176f
Faulting package full name:
Faulting package-relative application ID:
Error: (02/26/2022 02:39:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Setup.tmp, version: 51.1052.0.0, time stamp: 0x506a75b5
Faulting module name: botva2.dll_unloaded, version: 0.9.7.151, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x00005514
Faulting process id: 0x3320
Faulting application start time: 0x01d82b138b26617b
Faulting application path: C:\Users\richard\AppData\Local\Temp\is-TLKDI.tmp\Setup.tmp
Faulting module path: botva2.dll
Report Id: e8df10b9-a99d-4952-b9f5-2040b6e9d714
Faulting package full name:
Faulting package-relative application ID:
Error: (02/26/2022 02:36:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\richard\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe; Description = Installed DirectX; Error = 0x8004231f).
System errors:
=============
Error: (03/20/2022 08:23:49 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-57KROEIM)
Description: DCOM got error "87" attempting to start the service GamingServices with arguments "Není k dispozici" in order to run the server:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}
Error: (03/20/2022 08:23:48 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "87" attempting to start the service GamingServices with arguments "Není k dispozici" in order to run the server:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}
Error: (03/20/2022 08:23:48 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-57KROEIM)
Description: DCOM got error "87" attempting to start the service GamingServices with arguments "Není k dispozici" in order to run the server:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}
Error: (03/20/2022 08:10:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 19:37:55 on 20.03.2022 was unexpected.
Error: (03/20/2022 07:23:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:07:40 on 18.03.2022 was unexpected.
Error: (03/18/2022 10:07:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:16:32 on 18.03.2022 was unexpected.
Error: (03/17/2022 09:44:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 21:43:37 on 17.03.2022 was unexpected.
Error: (03/17/2022 09:10:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:57:47 on 17.03.2022 was unexpected.
Windows Defender:
================
Date: 2022-03-15 00:07:19
Description:
Antivirová ochrana v programu Microsoft Defender has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Name: Misleading:Win32/Lodi
Severity: Nízké
Category: Potenciálně nežádoucí software
Path: file:_C:\$Recycle.Bin\S-1-5-21-3915151740-1426692731-32443103-1001\$RCZGK9R.exe
Detection Origin: Místní počítač
Detection Type: Konkrétní
Detection Source: Ochrana v reálném čase
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.359.1928.0, AS: 1.359.1928.0, NIS: 1.359.1928.0
Engine Version: AM: 1.1.18900.3, NIS: 1.1.18900.3
Date: 2022-03-14 07:48:19
Description:
Antivirová ochrana v programu Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalwarový program
Scan Parameters: Rychlé prohledávání
Date: 2022-03-13 07:48:21
Description:
Antivirová ochrana v programu Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalwarový program
Scan Parameters: Rychlé prohledávání
Date: 2022-03-12 15:53:15
Description:
Antivirová ochrana v programu Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalwarový program
Scan Parameters: Rychlé prohledávání
Date: 2022-03-11 07:48:22
Description:
Antivirová ochrana v programu Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalwarový program
Scan Parameters: Rychlé prohledávání
CodeIntegrity:
===============
Date: 2021-10-15 23:14:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-10-15 23:13:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-06-20 17:18:52
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\TotalAV\SAVAPI\elam_ppl\AMSAgent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Insyde Corp. V1.15 01/30/2019
Motherboard: GLK Bulbasaur_GL_S
Processor: Intel(R) Celeron(R) N4000 CPU @ 1.10GHz
Percentage of memory in use: 91%
Total physical RAM: 3918.67 MB
Available physical RAM: 339.52 MB
Total Virtual: 7837.34 MB
Available Virtual: 3819.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:57.13 GB) (Free:5.98 GB) NTFS
\\?\Volume{23d7ed4e-5b8f-4161-bdee-8727f141af88}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.49 GB) NTFS
\\?\Volume{764eb234-9825-46c4-8c0c-c2f9b3808cc9}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 58.2 GB) (Disk ID: 5B055423)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu logu FRST
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu FRST
Zdravím!
RSIT netřeba, není s desítkami plně komaptibilní. Spusťte tuto utilitu:
RSIT netřeba, není s desítkami plně komaptibilní. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu FRST
Dobry den, přikládám požadovaný soubor. dekuji za spolupráci.
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 22.03.22
Čas skenování: 22:56
Logovací soubor: fd031c02-aa2a-11ec-9041-b4a9fc16198e.json
-Informace o softwaru-
Verze: 4.5.6.180
Verze komponentů: 1.0.1634
Aktualizovat verzi balíku komponent: 1.0.52710
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 19043.1526)
CPU: x64
Systém souborů: NTFS
Uživatel: LAPTOP-57KROEIM\richard
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 363749
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 7 min, 54 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
WMI: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Malwarebytes
www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 22.03.22
Čas skenování: 22:56
Logovací soubor: fd031c02-aa2a-11ec-9041-b4a9fc16198e.json
-Informace o softwaru-
Verze: 4.5.6.180
Verze komponentů: 1.0.1634
Aktualizovat verzi balíku komponent: 1.0.52710
Licence: Zkušební
-Systémová informace-
OS: Windows 10 (Build 19043.1526)
CPU: x64
Systém souborů: NTFS
Uživatel: LAPTOP-57KROEIM\richard
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 363749
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 7 min, 54 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
WMI: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu FRST
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\MountPoints2: {6a615e4b-a6ac-11ec-90c9-b4a9fc16198e} - "D:\Setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {1D7D201C-BFB5-4310-8832-89A6838B9D43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-01] (Google LLC -> Google LLC)
Task: {F1592EA4-4D71-40AA-85DF-9E1A94498B8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-01] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U4 HomeGroupProvider; no ImagePath
FCheck: C:\WINDOWS\SysWOW64\lastpass_1337.exe [2020-06-19] <==== ATTENTION (zero byte File/Folder)
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) <==== ATTENTION
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
SearchScopes: HKU\S-1-5-21-3915151740-1426692731-32443103-1001 -> DefaultScope {28EB9962-9797-4E84-9307-4BE09E0E1FF7} URL =
SearchScopes: HKU\S-1-5-21-3915151740-1426692731-32443103-1001 -> {28EB9962-9797-4E84-9307-4BE09E0E1FF7} URL =
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~2\IObit\ADVANC~1\SURFIN~1\BROWER~1\ASCPLU~1.DLL => No File
FirewallRules: [{B4948BAF-3AF7-446C-8A5B-28F4F2D9306C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BCB2C414-E2B8-431B-A5F6-39A89B809A7D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
C:\$Recycle.Bin\S-1-5-21-3915151740-1426692731-32443103-1001\$RCZGK9R.exe
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu FRST
Omlouvám se, že mi to tak dlouho trvalo. Hezký den
result of Farbar Recovery Scan Tool (x64) Version: 25-03-2022
Ran by richard (28-03-2022 12:15:21) Run:1
Running from C:\Users\richard\Desktop
Loaded Profiles: richard & richard123 & richardč
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\MountPoints2: {6a615e4b-a6ac-11ec-90c9-b4a9fc16198e} - "D:\Setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {1D7D201C-BFB5-4310-8832-89A6838B9D43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-01] (Google LLC -> Google LLC)
Task: {F1592EA4-4D71-40AA-85DF-9E1A94498B8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-01] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U4 HomeGroupProvider; no ImagePath
FCheck: C:\WINDOWS\SysWOW64\lastpass_1337.exe [2020-06-19] <==== ATTENTION (zero byte File/Folder)
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) <==== ATTENTION
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
SearchScopes: HKU\S-1-5-21-3915151740-1426692731-32443103-1001 -> DefaultScope {28EB9962-9797-4E84-9307-4BE09E0E1FF7} URL =
SearchScopes: HKU\S-1-5-21-3915151740-1426692731-32443103-1001 -> {28EB9962-9797-4E84-9307-4BE09E0E1FF7} URL =
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~2\IObit\ADVANC~1\SURFIN~1\BROWER~1\ASCPLU~1.DLL => No File
FirewallRules: [{B4948BAF-3AF7-446C-8A5B-28F4F2D9306C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BCB2C414-E2B8-431B-A5F6-39A89B809A7D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
C:\$Recycle.Bin\S-1-5-21-3915151740-1426692731-32443103-1001\$RCZGK9R.exe
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a615e4b-a6ac-11ec-90c9-b4a9fc16198e} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D7D201C-BFB5-4310-8832-89A6838B9D43}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D7D201C-BFB5-4310-8832-89A6838B9D43}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1592EA4-4D71-40AA-85DF-9E1A94498B8F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1592EA4-4D71-40AA-85DF-9E1A94498B8F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"HKLM\System\CurrentControlSet\Services\HomeGroupProvider" => removed successfully
HomeGroupProvider => service removed successfully
C:\WINDOWS\SysWOW64\lastpass_1337.exe => moved successfully
HKU\S-1-5-21-3915151740-1426692731-32443103-1001_Classes\ChromeHTML => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ IMFSafeBox => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObit Malware Fighter => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
HKLM\Software\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
"HKU\S-1-5-21-3915151740-1426692731-32443103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28EB9962-9797-4E84-9307-4BE09E0E1FF7} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4948BAF-3AF7-446C-8A5B-28F4F2D9306C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCB2C414-E2B8-431B-A5F6-39A89B809A7D}" => removed successfully
"C:\$Recycle.Bin\S-1-5-21-3915151740-1426692731-32443103-1001\$RCZGK9R.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45505544 B
Java, Flash, Steam htmlcache => 8238618 B
Windows/system/drivers => 25120085 B
Edge => 2479317 B
Chrome => 658894121 B
Firefox => 28073904 B
Opera => 141478 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 3491 B
systemprofile32 => 3910 B
LocalService => 8168 B
NetworkService => 276652 B
richard => 110985036 B
richard123 => 111079868 B
richardč => 111096456 B
RecycleBin => 24783373 B
EmptyTemp: => 1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:16:52 ====
result of Farbar Recovery Scan Tool (x64) Version: 25-03-2022
Ran by richard (28-03-2022 12:15:21) Run:1
Running from C:\Users\richard\Desktop
Loaded Profiles: richard & richard123 & richardč
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\MountPoints2: {6a615e4b-a6ac-11ec-90c9-b4a9fc16198e} - "D:\Setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {1D7D201C-BFB5-4310-8832-89A6838B9D43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-01] (Google LLC -> Google LLC)
Task: {F1592EA4-4D71-40AA-85DF-9E1A94498B8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-01] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U4 HomeGroupProvider; no ImagePath
FCheck: C:\WINDOWS\SysWOW64\lastpass_1337.exe [2020-06-19] <==== ATTENTION (zero byte File/Folder)
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\...\ChromeHTML: -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) <==== ATTENTION
ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => -> No File
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll -> No File
SearchScopes: HKU\S-1-5-21-3915151740-1426692731-32443103-1001 -> DefaultScope {28EB9962-9797-4E84-9307-4BE09E0E1FF7} URL =
SearchScopes: HKU\S-1-5-21-3915151740-1426692731-32443103-1001 -> {28EB9962-9797-4E84-9307-4BE09E0E1FF7} URL =
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~2\IObit\ADVANC~1\SURFIN~1\BROWER~1\ASCPLU~1.DLL => No File
FirewallRules: [{B4948BAF-3AF7-446C-8A5B-28F4F2D9306C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{BCB2C414-E2B8-431B-A5F6-39A89B809A7D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
C:\$Recycle.Bin\S-1-5-21-3915151740-1426692731-32443103-1001\$RCZGK9R.exe
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a615e4b-a6ac-11ec-90c9-b4a9fc16198e} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D7D201C-BFB5-4310-8832-89A6838B9D43}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D7D201C-BFB5-4310-8832-89A6838B9D43}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1592EA4-4D71-40AA-85DF-9E1A94498B8F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1592EA4-4D71-40AA-85DF-9E1A94498B8F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"HKLM\System\CurrentControlSet\Services\HomeGroupProvider" => removed successfully
HomeGroupProvider => service removed successfully
C:\WINDOWS\SysWOW64\lastpass_1337.exe => moved successfully
HKU\S-1-5-21-3915151740-1426692731-32443103-1001_Classes\ChromeHTML => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ IMFSafeBox => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObit Malware Fighter => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
HKLM\Software\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUninstaller => removed successfully
"HKU\S-1-5-21-3915151740-1426692731-32443103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3915151740-1426692731-32443103-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28EB9962-9797-4E84-9307-4BE09E0E1FF7} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4948BAF-3AF7-446C-8A5B-28F4F2D9306C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BCB2C414-E2B8-431B-A5F6-39A89B809A7D}" => removed successfully
"C:\$Recycle.Bin\S-1-5-21-3915151740-1426692731-32443103-1001\$RCZGK9R.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45505544 B
Java, Flash, Steam htmlcache => 8238618 B
Windows/system/drivers => 25120085 B
Edge => 2479317 B
Chrome => 658894121 B
Firefox => 28073904 B
Opera => 141478 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 3491 B
systemprofile32 => 3910 B
LocalService => 8168 B
NetworkService => 276652 B
richard => 110985036 B
richard123 => 111079868 B
richardč => 111096456 B
RecycleBin => 24783373 B
EmptyTemp: => 1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:16:52 ====
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu FRST
Také hezký den. Bylo smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu FRST
Zatím ne
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu FRST
Kolik máte volného místa na systémovém disku?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu FRST
5.59 GB
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu FRST
To je sice málo, ale nemělo by to způsobovat zamrzání PC. Zkuste přes přík řádek příkazem:
proskenovat systémové soubory. Proběhne sken a příp. oprava těchto souborů. Pak restartujte a vyzkoušejte.
+Entersfc /scannow
proskenovat systémové soubory. Proběhne sken a příp. oprava těchto souborů. Pak restartujte a vyzkoušejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu FRST
Omlouvám se, že to tak dlouho trvalo. Ale počítač se sám už nevypíná. Děkuji mockrát že jste mi pomohl. Hezký den
-
Rudy
- Site Admin
- Příspěvky: 118251
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu FRST
Hezký den i vám a nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?