Dotaz malware?

[Purchan]

Dobrý den,

existuje nějaký takový typ malwaru, který jako nějaká vojska zničí jakýkoliv antivirový program či anti-malware? A rozjebe vám data že vám nejdou programy a miznou vám soubory?

Mám totiž silné podezření, že mi nějaký malware dehonestuje celý PC všiml jsem si toho před pár dny.
Zmizli mi programy, aplikace se samí znovu musí instalovat viz. office, který místo zapnutí zahlási jakousi chybu pak se to znovu instaluje a pak zapne, zkoušel jsem to odinstalovat, ale ani to nešlo, tak jsem to odinstaloval ručně a pak to pro změnu nejde nainstalovat znovu hlásí to chyba při instalaci office.

Před pár dny mi antimalware hlásil jakýsi malware při běžné kontroly, ale malware byl smazán a myslel jsem, že mám hotovo.

Jenomže, když si stáhnu antivir, tak mi zahlásí že je třeba restartovat PC restartuju ho, a rázem antivir hlási že je rozbitý.
Nepamatuju si přesně, ty různé chybové hlášky programů ale pokaždý to bylo něco, nyní to nejnovější mám 30.denní trial verzi Kaspersky Internet Security tak stáhnu zahlásí to, pro všechny funkce je třeba restartovat PC, tak jsem ho restartoval a ejhle zahlásí to. Ochrana je ohrožena. Některé současti jsou poškozené. Jakto?

Třeba u malwarebytes, to bylo tak, že to nešlo zapnout, zahlásilo to nějakou chybu unable to service nebo tak nějak, nešlo to odinstalovat, pak se mi to nějak podařilo dát pryč, tak jsem zkusil reinstall fungovalo to normálně, zase restart počítače a zase jak by to někdo podělal ten program.

Potom jsem si stáhl antivir defender, zahlásilo mi to že se musí dát pryč ten malwarebytes vyžadovalo to restart, po restartu se to nepodařilo odinstalovat, a antivir nešel zapnout (další)

2.Dny zpátky mi to pravidelně hlásalo, Ochrana před viry je vypnutá defender windows, restartu PC pro znovu aktivaci to jsem udělal cca 7x a pořád dokola po 2-5 minutách ochrana před viry je vypnutá.
Programy, které se mi po startu běžně zapínají prostě nenabíhají zmiznou nebo se vůbec neobjeví třeba Hamachi.

Přemýšlel jsem, jestli třeba neodešel disk tak jsem stáhnul Crystaldiskinfo a pořád stále stejný dobrý stav jenom už půl roku přemapovaný sektor to ale asi určitě nebude ten problém tedy.

Vyčtete něco z logu nebo mám poslat správce úloh a něco v procesech?
Jinak nějaký ten den zpátky, jsem zkoušel dát systém do doby, kdy jsem ten malware neměl což jsem učinil, celé je to zmatečné nevím co se děje.

Úplně jak by se systém zbláznil.
Nyní jdu spát, Kaspersky za 35min zkontroloval 88 tisíc souborů ale je to jen zčeknuto 1%.

Zítra resp. už dneska teda plánuju udělat celou kontrolu antivirem tady pošlu vše co bude vyžadováno a ikdyž jestli se nic nenajde, tak budu nucen s tím něco dělat. Plánuju nejspíš obnovu do továrního nastavení tam asi nic jinýho nevymyslím.

Prostě se mi dějí divné věci, programy se mi neukazují, antiviry hlasí různé kritické chyby, stejně jako microsoft office, nebo iobit unistaller když dám nastavení -> odinstalovat programy tak jakoby tam mám toho strašně málo.

Nechápu co se děje. Snad mi někdo pomůže. Děkuji

[Rudy]

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=152706 . Kasperskyho doporučuji přeinstalovat, nebo použít jiný AV.

[Purchan]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-04-2022
Ran by Ricky (administrator) on DESKTOP-J4POG28 (27-04-2022 12:32:55)
Running from C:\Users\Ricky\Downloads
Loaded Profiles: Ricky
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1645 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\avpui.exe
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCopyAccelerator.exe
(DriverStore\FileRepository\u0367912.inf_amd64_1567db284dfba458\B366469\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0367912.inf_amd64_1567db284dfba458\B366469\atieclxx.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Microsoft Corporation -> ) C:\Program Files\PCHealthCheck\PCHealthCheck.exe
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0367912.inf_amd64_1567db284dfba458\B366469\atiesrxx.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\avp.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(svchost.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2203.4603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Windows x64\Print Processors\Canon MP140 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD8R.DLL [27648 2007-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP140 series: C:\WINDOWS\system32\CNMLM8R.DLL [259584 2008-02-05] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-20] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03FE2637-CF46-4E5F-A21A-C1D0078E8323} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0BA9359D-2606-4EE6-9EC6-5966E211FFC4} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2022-04-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {174F4847-4903-4581-9827-6B8C715D535A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-11] (Google LLC -> Google LLC)
Task: {202F5358-4BA5-4540-BAB4-B8633B0E373A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {254A177A-A5D5-4AE4-9FD8-A100F97F55D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-11] (Google LLC -> Google LLC)
Task: {5E395307-49FC-4898-99F5-47ECB3CF0B9A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7512D831-F884-4F33-AB60-B6BDD2C974EE} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B2C42B90-7AF3-4DD4-BB64-71AE19816BD2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {DADC97D4-02B8-4666-9D6F-0AC4A6FBE93C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E33A7BA2-9AEC-4BD0-BCBB-C0087076BFEA} - System32\Tasks\Uninstaller_SkipUac_Ricky => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [7517720 2022-02-10] (IObit CO., LTD -> IObit)
Task: {EAD11C51-F76B-4926-93D9-6117DA86C3FD} - System32\Tasks\Opera scheduled Autoupdate 1639179332 => C:\Users\Ricky\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-04] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 86.49.5.221 86.49.5.222
Tcpip\..\Interfaces\{0039d146-87ed-4237-bcac-43978c70e528}: [DhcpNameServer] 86.49.5.221 86.49.5.222

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ricky\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-27]
Edge HKU\S-1-5-21-3294239711-236292038-94065591-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: acxhjj4j.default
FF ProfilePath: C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\acxhjj4j.default [2021-12-15]
FF ProfilePath: C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\uu3pjy19.default-release [2022-04-26]
FF Notifications: Mozilla\Firefox\Profiles\uu3pjy19.default-release -> hxxps://key-drop.com
FF Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Ricky\AppData\Roaming\Mozilla\Firefox\Profiles\uu3pjy19.default-release\Extensions\@setupvpncom.xpi [2022-04-14]
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default [2022-04-27]
CHR Notifications: Default -> hxxps://csgocases.com; hxxps://sdilej.cz; hxxps://www.ifortuna.cz
CHR Extension: (Ochrana Kaspersky) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2022-04-27]
CHR Extension: (YouTube) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-19]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-04-25]
CHR Extension: (ySense Addon) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnhcgkngeeahimbfhejeaiijecekhba [2021-12-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-11]
CHR Profile: C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-04-27]
CHR Profile: C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-02-01]
CHR Extension: (Prezentace) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-11]
CHR Extension: (Ochrana Kaspersky) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-12-25]
CHR Extension: (Dokumenty) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-11]
CHR Extension: (Disk Google) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-11]
CHR Extension: (YouTube) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-11]
CHR Extension: (Tabulky) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-01]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-11]
CHR Extension: (Gmail) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-11]
CHR Profile: C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3 [2022-03-25]
CHR Extension: (Prezentace) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-12-25]
CHR Extension: (Dokumenty) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2021-12-25]
CHR Extension: (Disk Google) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-12-25]
CHR Extension: (YouTube) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-12-25]
CHR Extension: (Tabulky) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-12-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-25]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-12-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-03-25]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2022-03-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-25]
CHR Extension: (Gmail) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-12-25]
CHR Profile: C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-27]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\Ricky\AppData\Roaming\Opera Software\Opera Stable [2022-04-27]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Ricky\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-02-18]
OPR Extension: (NeoBux AdAlert) - C:\Users\Ricky\AppData\Roaming\Opera Software\Opera Stable\Extensions\gnamhfljnpidhcekbnhbppkgmpjkbofp [2022-01-11]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Ricky\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-12-11]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\avp.exe [184768 2022-02-17] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4958096 2021-12-11] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [447104 2021-12-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254352 2022-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [X]
S2 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-09-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [237288 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2021-03-26] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [63696 2021-12-11] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [105280 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [206600 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [119568 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [522504 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [694056 2022-04-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1571680 2022-04-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [290600 2022-04-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1049864 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [104728 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [107328 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [78088 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [88328 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [309272 2022-04-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [319176 2022-04-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116008 2022-04-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [227664 2022-04-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [150280 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [325400 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [294680 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-25] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-27 12:32 - 2022-04-27 12:36 - 000022792 _____ C:\Users\Ricky\Downloads\FRST.txt
2022-04-27 12:25 - 2022-04-27 12:25 - 002366976 _____ (Farbar) C:\Users\Ricky\Downloads\FRST64.exe
2022-04-27 12:02 - 2022-04-27 12:02 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-04-27 12:02 - 2022-04-27 12:02 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET5FF1.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET5E78.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET5CEF.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET5B86.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET59A0.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET5855.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET570B.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET52C4.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET5199.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET506E.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET4F43.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET4F02.tmp
2022-04-27 02:58 - 2022-04-27 02:58 - 000000000 _____ C:\WINDOWS\system32\Drivers\SET4BB5.tmp
2022-04-27 02:23 - 2022-04-27 02:23 - 008551608 _____ (Malwarebytes) C:\Users\Ricky\Downloads\adwcleaner(1).exe
2022-04-27 02:22 - 2022-04-27 02:27 - 000000000 ____D C:\AdwCleaner
2022-04-27 02:01 - 2022-04-27 02:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-04-27 01:59 - 2022-04-27 02:00 - 008540344 _____ (Malwarebytes) C:\Users\Ricky\Downloads\AdwCleaner.exe
2022-04-27 01:55 - 2022-04-27 01:55 - 000083728 _____ C:\ProgramData\agent.uninstall.1651017341.bdinstall.v2.bin
2022-04-27 01:45 - 2022-04-27 01:45 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2022-04-27 00:45 - 2022-04-27 00:45 - 000319176 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2022-04-27 00:39 - 2022-04-27 00:40 - 000227664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2022-04-27 00:39 - 2022-04-27 00:39 - 000309272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2022-04-27 00:39 - 2022-04-27 00:39 - 000116008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2022-04-27 00:38 - 2022-04-27 00:38 - 000003392 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2022-04-27 00:38 - 2022-04-27 00:38 - 000002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2022-04-27 00:38 - 2022-04-27 00:38 - 000002215 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2022-04-27 00:37 - 2022-02-17 09:35 - 000522504 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\SET4385.tmp
2022-04-27 00:37 - 2022-02-17 09:35 - 000522504 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2022-04-27 00:37 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2022-04-27 00:33 - 2022-04-27 00:33 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2022-04-26 23:53 - 2022-04-26 23:53 - 000096268 _____ C:\ProgramData\agent.update.1651009975.bdinstall.v2.bin
2022-04-26 23:38 - 2022-04-26 23:39 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2022-04-26 23:38 - 2022-04-26 23:38 - 000001828 _____ C:\Users\Ricky\Desktop\CrystalDiskInfo.lnk
2022-04-26 23:38 - 2022-04-26 23:38 - 000000000 ____D C:\Users\Ricky\AppData\Local\Bitdefender
2022-04-26 23:38 - 2022-04-26 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2022-04-26 23:32 - 2022-04-26 23:32 - 000104576 _____ C:\ProgramData\agent.1651008716.bdinstall.v2.bin
2022-04-26 23:31 - 2022-04-26 23:32 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2022-04-26 21:10 - 2022-04-26 21:10 - 000000000 ___HD C:\$SysReset
2022-04-26 17:56 - 2022-04-26 17:56 - 000000000 ____D C:\Users\Ricky\AppData\Local\mbam
2022-04-26 17:55 - 2022-04-26 17:55 - 000103888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-04-26 17:55 - 2022-04-26 17:54 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-04-26 17:54 - 2022-04-26 17:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-04-26 17:34 - 2022-04-26 17:35 - 383950924 _____ C:\Users\Ricky\Downloads\X2Download.com-TURBO 25 LET full concert(360p).mp4
2022-04-25 19:07 - 2022-04-25 19:07 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2022-04-25 19:05 - 2022-04-25 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2022-04-25 19:05 - 2022-04-25 23:21 - 000000000 ____D C:\Program Files\CCleaner
2022-04-25 19:05 - 2022-04-25 20:20 - 000000000 ____D C:\Users\Ricky\AppData\Local\Avast Software
2022-04-25 19:05 - 2022-04-25 19:05 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Avast Software
2022-04-25 19:01 - 2022-04-25 19:01 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2022-04-25 18:59 - 2022-04-25 22:52 - 000000000 ____D C:\ProgramData\Avast Software
2022-04-25 18:59 - 2022-04-25 18:59 - 000000000 ____D C:\Program Files\Avast Software
2022-04-25 13:04 - 2022-04-25 13:04 - 001336397 _____ C:\Users\Ricky\Downloads\446.pdf
2022-04-21 18:40 - 2022-04-21 18:42 - 030291259 _____ C:\Users\Ricky\Downloads\Sazka Hry – Bonus Buy 200 CZK profit 360% Western Gold Megaways (1).mp4
2022-04-20 23:23 - 2022-04-20 23:23 - 042177437 _____ C:\Users\Ricky\Downloads\Daniel Landa - Žito - Uruz (oficiální videoklip).mp4
2022-04-20 15:43 - 2022-04-20 15:43 - 000000000 ____D C:\ProgramData\Solidshield
2022-04-18 18:39 - 2022-04-24 20:12 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Polda 6
2022-04-18 15:51 - 2022-04-18 15:51 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Steam
2022-04-18 15:51 - 2022-04-18 15:51 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Polda 7
2022-04-14 13:57 - 2022-04-14 13:57 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-04-14 13:57 - 2022-04-14 13:57 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-04-14 13:57 - 2022-04-14 13:57 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-04-14 13:56 - 2022-04-14 13:56 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-04-14 13:08 - 2022-04-14 13:08 - 000000000 ___HD C:\$WinREAgent
2022-04-13 11:26 - 2022-04-15 02:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-04-12 00:28 - 2022-04-12 00:42 - 759810929 _____ C:\Users\Ricky\Desktop\Nové video.mp4
2022-04-09 18:59 - 2022-04-09 20:07 - 1235758046 _____ C:\Users\Ricky\Downloads\Stalker Anomaly 151 in winter and 40 mods eng_rus lang.7z

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-04-27 12:34 - 2021-12-14 17:36 - 000000000 ____D C:\FRST
2022-04-27 12:32 - 2021-12-11 01:44 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-27 12:04 - 2021-12-11 01:39 - 000000000 ____D C:\Users\Ricky\AppData\LocalLow\Mozilla
2022-04-27 12:03 - 2019-12-07 11:14 - 000000167 _____ C:\WINDOWS\win.ini
2022-04-27 12:02 - 2021-12-11 01:01 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-04-27 12:02 - 2021-12-11 01:01 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-04-27 12:01 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-04-27 03:28 - 2021-12-11 03:02 - 000002386 _____ C:\Users\Ricky\Desktop\Docent - Chrome.lnk
2022-04-27 03:25 - 2021-12-11 00:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-04-27 02:53 - 2021-12-16 13:33 - 000000000 ____D C:\Users\Ricky\AppData\Local\CrashDumps
2022-04-27 02:41 - 2021-12-11 01:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-27 02:41 - 2021-12-11 00:59 - 000008192 ___SH C:\DumpStack.log.tmp
2022-04-27 02:40 - 2021-12-11 01:03 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2022-04-27 02:40 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-04-27 02:27 - 2021-12-11 16:01 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\IObit
2022-04-27 02:26 - 2022-02-05 18:30 - 000000000 ____D C:\Program Files (x86)\Steam
2022-04-27 01:56 - 2022-02-05 18:38 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-04-27 01:22 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-04-27 01:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-04-27 00:40 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-04-27 00:38 - 2021-12-11 18:17 - 000000000 ____D C:\Program Files\Common Files\AV
2022-04-27 00:38 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-04-27 00:37 - 2021-12-11 18:16 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2022-04-27 00:37 - 2021-12-11 18:16 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2022-04-27 00:37 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-04-27 00:04 - 2021-12-11 01:29 - 000000000 ____D C:\Users\Ricky\AppData\Local\D3DSCache
2022-04-27 00:00 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-04-26 23:45 - 2021-12-11 03:09 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\vlc
2022-04-26 21:10 - 2021-12-11 00:30 - 000000000 ____D C:\WINDOWS\Panther
2022-04-26 20:16 - 2021-12-11 01:29 - 000000000 ____D C:\Users\Ricky\AppData\Local\Packages
2022-04-26 20:12 - 2021-12-11 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2022-04-26 18:48 - 2020-04-11 19:34 - 000031232 _____ C:\Users\Ricky\Desktop\Earn2022.xlsx
2022-04-26 17:57 - 2021-12-14 19:26 - 000000000 ____D C:\Users\Ricky\AppData\LocalLow\IGDump
2022-04-26 17:54 - 2021-12-14 15:36 - 000000000 ____D C:\Program Files\Malwarebytes
2022-04-26 17:08 - 2022-03-03 14:42 - 000000000 ____D C:\ProgramData\F-Secure
2022-04-26 13:09 - 2021-12-11 16:02 - 000000000 ____D C:\Program Files (x86)\IObit
2022-04-26 12:06 - 2021-12-11 16:03 - 000000000 ____D C:\ProgramData\ProductData
2022-04-26 12:06 - 2021-12-11 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 9
2022-04-26 12:05 - 2022-01-01 20:57 - 000000000 ____D C:\Users\Ricky\AppData\Local\LogMeIn Hamachi
2022-04-25 23:35 - 2021-12-11 01:27 - 000000000 ____D C:\Users\Ricky
2022-04-25 23:34 - 2021-12-11 01:04 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-25 23:23 - 2021-12-11 16:02 - 000000000 ____D C:\Users\Ricky\AppData\LocalLow\IObit
2022-04-25 23:22 - 2021-12-11 16:01 - 000000000 ____D C:\ProgramData\IObit
2022-04-25 23:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\registration
2022-04-25 23:00 - 2022-03-03 14:44 - 000000000 ____D C:\Program Files (x86)\F-Secure
2022-04-25 00:23 - 2021-12-11 01:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-04-23 15:37 - 2022-02-09 19:46 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-04-20 22:27 - 2021-12-11 01:44 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-04-20 22:27 - 2021-12-11 01:44 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-04-20 16:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-04-20 12:05 - 2021-12-11 01:44 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-20 12:05 - 2021-12-11 01:44 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-19 14:31 - 2021-12-11 01:32 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3294239711-236292038-94065591-1001
2022-04-19 14:31 - 2021-12-11 01:31 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3294239711-236292038-94065591-1001
2022-04-19 14:31 - 2021-12-11 01:27 - 000002373 _____ C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-15 10:55 - 2021-12-11 01:20 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-15 10:55 - 2019-12-07 16:43 - 000716726 _____ C:\WINDOWS\system32\perfh005.dat
2022-04-15 10:55 - 2019-12-07 16:43 - 000144904 _____ C:\WINDOWS\system32\perfc005.dat
2022-04-15 02:16 - 2021-12-11 01:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-15 02:16 - 2021-12-11 00:59 - 000445248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-04-15 02:13 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-04-15 02:12 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-04-15 02:12 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-04-15 02:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-04-15 02:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-04-15 02:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-04-15 02:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-04-15 02:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-04-15 02:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-04-15 02:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-04-14 21:09 - 2022-01-01 22:28 - 000000000 ____D C:\Users\Ricky\Desktop\Liga
2022-04-14 14:05 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-04-14 12:58 - 2021-12-11 03:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-04-14 12:52 - 2021-12-11 03:39 - 143823848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-04-13 14:49 - 2022-01-22 20:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-04-13 14:49 - 2021-12-11 01:39 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-04-09 17:05 - 2021-12-11 03:22 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Exodus
2022-04-09 17:04 - 2021-12-11 03:22 - 000002219 _____ C:\Users\Ricky\Desktop\Exodus.lnk
2022-04-09 17:04 - 2021-12-11 03:22 - 000000000 ____D C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2022-04-09 17:03 - 2021-12-11 03:22 - 000000000 ____D C:\Users\Ricky\AppData\Local\exodus
2022-04-07 12:40 - 2021-12-11 13:16 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-04-05 12:35 - 2021-12-11 01:35 - 000004206 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1639179332
2022-04-05 12:35 - 2021-12-11 01:35 - 000001395 _____ C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2022-04-05 11:57 - 2022-02-17 09:34 - 001571680 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2022-04-05 11:57 - 2022-02-17 09:34 - 000694056 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klgse.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2022
Ran by Ricky (27-04-2022 12:40:20)
Running from C:\Users\Ricky\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1645 (X64) (2021-12-10 23:16:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3294239711-236292038-94065591-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3294239711-236292038-94065591-503 - Limited - Disabled)
Guest (S-1-5-21-3294239711-236292038-94065591-501 - Limited - Disabled)
Ricky (S-1-5-21-3294239711-236292038-94065591-1001 - Administrator - Enabled) => C:\Users\Ricky
WDAGUtilityAccount (S-1-5-21-3294239711-236292038-94065591-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Kaspersky Internet Security (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apowersoft Online Launcher version 1.8.1 (HKU\S-1-5-21-3294239711-236292038-94065591-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.1 - APOWERSOFT LIMITED)
CrystalDiskInfo 8.16.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.16.3 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 11.0.0.1932 - Disc Soft Ltd)
Exodus (HKU\S-1-5-21-3294239711-236292038-94065591-1001\...\exodus) (Version: 22.3.31 - Exodus Movement Inc)
Kaspersky Internet Security (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
Malwarebytes version 4.5.8.191 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.8.191 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0405-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3294239711-236292038-94065591-1001\...\OneDriveSetup.exe) (Version: 22.065.0412.0004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 99.0.1 (x64 cs)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0 - Mozilla)
Opera Stable 85.0.4341.53 (HKU\S-1-5-21-3294239711-236292038-94065591-1001\...\Opera 85.0.4341.53) (Version: 85.0.4341.53 - Opera Software)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\advancedmicrodevicesinc-2.amdradeonsoftware_10.20.50017.0_x64__0a9344xs7nr4m [2022-04-25] (Advanced Micro Devices Inc.) [Startup Task]
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-04-25] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-04-25] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-04-25] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\F-Secure\SAFE\FsShellExtension64.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\x64\shellex.dll [2022-04-27] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-12-11] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\x64\shellex.dll [2022-04-27] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-12-11] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\x64\shellex.dll [2022-04-27] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\x64\shellex.dll [2022-04-27] (AO Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ricky\Desktop\Docent - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Ricky\Desktop\TGM Panel - Respondent Portal.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=efpbedmeibiphkmladchpkhjlbjmmdoh
ShortcutWithArgument: C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\TGM Panel - Respondent Portal.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=efpbedmeibiphkmladchpkhjlbjmmdoh

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll => No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3294239711-236292038-94065591-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ricky\Desktop\Surveytime návod\tapety plocha\Tapety\Leelee Sobieski II.jpg
DNS Servers: 86.49.5.221 - 86.49.5.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{74AB4A9C-ACC6-4E71-8B9F-A44F706F1A47}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{3423A7DF-FD9F-4F81-BF48-88DFC0FAF624}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{F5F5F602-5C71-415E-9EFA-8CC1D1C983C2}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{C76E6039-46CA-4FA2-A47B-8D8D435C30A4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{89FC954C-7BB7-4379-88E5-4FD43C6C596B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E7705576-3E74-41E5-B92B-457DD1C811AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)

==================== Restore Points =========================

22-04-2022 13:26:18 Naplánovaný kontrolní bod
25-04-2022 18:37:22 Removed F-Secure SAFE
25-04-2022 22:50:27 Operace obnovení
26-04-2022 17:05:52 Removed F-Secure SAFE
26-04-2022 19:06:12 Odebráno: Microsoft Office Enterprise 2007
26-04-2022 19:35:45 Odebráno: Microsoft Office File Validation Add-In

==================== Faulty Device Manager Devices ============

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/27/2022 02:58:27 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Aktualizaci KAVKISKTSKFA 2021 MR3, KSC 4.0 MR3 patch I produktu Kaspersky Internet Security nebylo možné nainstalovat. Kód chyby: 1603. Další informace naleznete v souboru protokolu C:\WINDOWS\Temp\kis.21.3.10.391i_03.27_00.57_3440.apply_patches.kis2021mr3.log.

Error: (04/27/2022 02:58:22 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Aplikace: Kaspersky Internet Security -- Chyba 27300. Chyba při instalaci ovladače klwtp.sys_x64. Kód chyby: -2147024891.<<29100>>

Error: (04/27/2022 02:53:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 10.0.19041.1645, časové razítko: 0x7c06cc0e
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000bd10fd8
ID chybujícího procesu: 0xfb4
Čas spuštění chybující aplikace: 0x01d859cf86601a0d
Cesta k chybující aplikaci: C:\WINDOWS\Explorer.EXE
Cesta k chybujícímu modulu: unknown
ID zprávy: e026371b-dee8-4570-8603-faf076fde138
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/27/2022 02:39:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (04/27/2022 02:39:31 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/27/2022 02:01:17 AM) (Source: MsiInstaller) (EventID: 11704) (User: DESKTOP-J4POG28)
Description: Produkt: Microsoft Office Shared MUI (Czech) 2007 – Chyba 1704 Instalace produktu Kaspersky Internet Security je pozastavena. Chcete-li pokračovat, je nutné vrátit zpět změny provedené při instalaci. Chcete tyto změny vrátit zpět?

Error: (04/27/2022 02:00:54 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (04/27/2022 01:51:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SystemSettings.exe, verze: 10.0.19041.1566, časové razítko: 0x4aa1ce82
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1645, časové razítko: 0x630193b4
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b362
ID chybujícího procesu: 0x2158
Čas spuštění chybující aplikace: 0x01d859bf2c2278a7
Cesta k chybující aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: fb5d81dd-9f31-4464-9ea1-ee08b975c7c1
Úplný název chybujícího balíčku: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: microsoft.windows.immersivecontrolpanel


System errors:
=============
Error: (04/27/2022 02:58:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (04/27/2022 02:58:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (04/27/2022 02:58:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (04/27/2022 02:58:26 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (04/27/2022 02:58:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (04/27/2022 02:58:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (04/27/2022 02:58:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.

Error: (04/27/2022 02:58:23 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Volání ScRegSetValueExW skončilo neúspěšné pro Type s touto chybou:
Přístup byl odepřen.


Windows Defender:
================
Date: 2022-04-26 15:56:24
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C4ECBDB8-A547-4F5E-88C4-08656473E808}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-04-26 15:50:05
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {56A51F7C-A1F0-4E29-9E8A-E818732EE10E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-04-26 15:34:57
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D3BB1821-A2CF-43D6-88E0-07B63D20443D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-04-26 15:28:07
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D286D932-22EF-4E86-B0C5-6C2711035AE0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-04-26 15:18:44
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F15557B1-B9D9-41AE-BC52-AFA31A163BB5}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2022-04-26 18:30:10
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80070013
Popis chyby: Médium je chráněno proti zápisu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2022-04-25 23:31:23
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o načtení bezpečnostních informací a pokusí se o obnovení poslední známé funkční verze.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu.
Verze bezpečnostních informací: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2022-04-25 18:08:20
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.363.896.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19200.5
Kód chyby: 0x80245004
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

CodeIntegrity:
===============
Date: 2022-04-27 12:01:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\x64\antimalware_provider.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 3803 01/22/2018
Motherboard: ASUSTeK COMPUTER INC. PRIME A320M-K
Processor: AMD A8-9600 RADEON R7, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 64%
Total physical RAM: 7609.93 MB
Available physical RAM: 2702.28 MB
Total Virtual: 11449.93 MB
Available Virtual: 5503.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.54 GB) (Free:87.07 GB) NTFS
Drive d: (Data) (Fixed) (Total:687.37 GB) (Free:119.98 GB) NTFS

\\?\Volume{021c5c0c-9e50-450b-8871-4a934cf0b902}\ (Obnovení) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{c86c9a0b-9742-48df-87f5-6f479d412bba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

[Purchan]

Kompletní sken antivirem je na 83% zbývající čas 2.hod zatím to nic nenašlo pak bych rád provedl, obnovení do továrního nastavení, které jsem už půl roku nedělal.

Chci se tedy optat, nastavení -> zabezpečení -> obnovení -> odebrat všechno

Jestli mě pamět neklame, chápu správně že se odebere vše ale DATA na jiném diskovém oddílu zůstanou že?

Děkuji

[Rudy]

Máte 3 možnosti. Tov. nastavení se zachováním vašich dat, tov. nastavení bez zachováním vašich dat a úplný reinstal systému. Tyto možnosti se týkají pouze systémového disku, na jiných oddílech zůstanou data zachována. Pojem "zachoání dat" se týká systémového disku. Jde o dokumenty, videa, audia a fotky.

[Purchan]

Odebrat všechno je tedy ta druhá možnost?

tov. nastavení bez zachováním vašich dat a úplný reinstal systému
Cokoliv důležitého z C mám již v Datech přeloženo eventuálně něco na flašku jsem dal.

A tu třetí možnost úplný reinstal systému.se nachází kde'?

[Purchan]

Sken mám hotov, vyčetl jste něco z logu výše? Spoustu programů jsem smazal ručně aby ten sken celýho PC proběhl fakt rychle. Jdu pomalu tedy reinstalovat systém, doufám, že se mi nesmažou data. Ještě zkontroluju jestli mám všechno důležité na flešce.

Ještě otázka jak si budu vybírat stažení z cloudu nebo místní přeinstalace je to jedno co vyberu?

[Rudy]

Zvolte možnost 1 (zachovat moje soubory). V případě obnovy do tov. nastavení je čištění PC bezpředmětné. Aplikace ale budete muset přeinstalovat.

[Purchan]

Děkuji, dal jsem preventivně 2.možnost kdyby se malware někde ukrýval v tom systémovém oddílu.

[Rudy]

Všechny skeny prověřují právě systémový disk. V ostatních oddílech může být virus jen tehdy, pokud si ho tam odněkud stáhete, nebo úmyslně uložíte. Další možnost je MBR, ale to byste poznal při staru PC.