Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu, děkuji

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
magia.n
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 09 dub 2021 17:19

Prosím o kontrolu, děkuji

#1 Příspěvek od magia.n »

Logfile of random's system information tool 1.10 (written by random/random)
Run by hp at 2021-04-09 18:03:24
Microsoft Windows 8.1
System drive C: has 685 GB (73%) free of 942 GB
Total RAM: 7349 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:03:33, on 9. 4. 2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.19036)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\AnyDesk\AnyDesk.exe
C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Users\hp\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
C:\Program Files\trend micro\hp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.68\BHO\ie_to_edge_bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Browsing Protection by F-Secure - {45BBE08D-81C5-4A67-AF20-B2A077C67747} - C:\Program Files (x86)\F-Secure\SAFE\Ultralight\http\1617091255\browser\fs_ie_https\fs_ie_https.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [TeamsMachineInstaller] %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Flvto Youtube Downloader] "C:\Users\hp\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [com.squirrel.Teams.Teams] C:\Users\hp\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
O4 - Startup: Facebook Gameroom.lnk = C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe
O4 - Global Startup: AnyDesk.lnk = C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AnyDesk Service (AnyDesk) - philandro Software GmbH - C:\Program Files (x86)\AnyDesk\AnyDesk.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
O23 - Service: F-Secure Hoster (Restricted) (fsnethoster) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe
O23 - Service: F-Secure Ultralight Hoster (fsulhoster) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe
O23 - Service: F-Secure Ultralight Network Hoster (fsulnethoster) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe
O23 - Service: F-Secure Ultralight ORSP Client (fsulorsp) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsorsp64.exe
O23 - Service: F-Secure Ultralight Protected Hoster (fsulprothoster) - F-Secure Corporation - C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulprothoster.exe
O23 - Service: Gameforge Client Service (GameforgeClientService) - Unknown owner - C:\Program Files (x86)\GameforgeClient\gfservice.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11755 bytes

======Listing Processes======





wininit.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe" --service --namespace default --id 0
dashost.exe {c514753e-a230-458a-9c928df480603865}
"C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe" --service --namespace default --id 2
"C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Browny02\BrYNSvc.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
taskhost.exe $(Arg0)
C:\Windows\system32\DllHost.exe /Processid:{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}
"C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsorsp64.exe"
"C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe" --service --namespace ul_default --id 2
"C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe" --service --namespace ul_default
"C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulprothoster.exe" --service --namespace ul_default --id 5
1960
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /frequentupdate SCHEDULEDTASK displaylevel=False

C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\skydrive.exe -Embedding

"C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe" --app --namespace default --id 1
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\IDT\WDM\Beats64.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --control
"C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe" fbgames://windows_startup/
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
-BootProc
"C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
-BootProc
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="10532.0.1642142063\401030311" -parentBuildID 20210318103112 -prefsHandle 1296 -prefMapHandle 1288 -prefsLen 1 -prefMapSize 260544 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 10532 "\\.\pipe\gecko-crash-server-pipe.10532" 1384 gpu
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="10532.6.36303365\931304986" -childID 1 -isForBrowser -prefsHandle 2212 -prefMapHandle 2100 -prefsLen 393 -prefMapSize 260544 -parentBuildID 20210318103112 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 10532 "\\.\pipe\gecko-crash-server-pipe.10532" 2208 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="10532.13.977780565\388608548" -childID 2 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 6524 -prefMapSize 260544 -parentBuildID 20210318103112 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 10532 "\\.\pipe\gecko-crash-server-pipe.10532" 3248 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="10532.20.2074090850\389937924" -childID 3 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 7383 -prefMapSize 260544 -parentBuildID 20210318103112 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 10532 "\\.\pipe\gecko-crash-server-pipe.10532" 3892 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="10532.41.29808577\987476303" -childID 6 -isForBrowser -prefsHandle 4652 -prefMapHandle 4644 -prefsLen 7383 -prefMapSize 260544 -parentBuildID 20210318103112 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 10532 "\\.\pipe\gecko-crash-server-pipe.10532" 4656 tab
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -contentproc --channel="10532.48.285438513\7835765" -parentBuildID 20210318103112 -prefsHandle 8764 -prefMapHandle 8700 -prefsLen 7647 -prefMapSize 260544 -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" - 10532 "\\.\pipe\gecko-crash-server-pipe.10532" 8748 rdd
"Facebook Gameroom Browser.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\hp\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 CanvasFrame/1.23.7426.18586 Safari/537.36 FacebookCanvasDesktop FBAN/GamesWindowsDesktopApp FBAV/1.23.7426.18586" --gpu-vendor-id=0x1002 --gpu-device-id=0x6611 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=15.201.2401.1001 --gpu-driver-date=11-25-2015 --gpu-secondary-vendor-ids=0x1002 --gpu-secondary-device-ids=0x9901 --lang=en-US --log-file="C:\Users\hp\AppData\Local\Facebook\Games\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 CanvasFrame/1.23.7426.18586 Safari/537.36 FacebookCanvasDesktop FBAN/GamesWindowsDesktopApp FBAV/1.23.7426.18586" --service-request-channel-token=54998B458CD6A4EAC8C0400A2B70005A --mojo-platform-channel-handle=2456 /prefetch:2
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe"
C:\Windows\system32\msiexec.exe /V

"C:\Users\hp\Desktop\RSITx64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\wmiprvse.exe


=========Mozilla firefox=========

ProfilePath - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fag465m9.default

prefs.js - "browser.startup.homepage" - "http://seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.68\BHO\ie_to_edge_bho_64.dll [2021-04-01 548240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-04 189248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45BBE08D-81C5-4A67-AF20-B2A077C67747}]
Browsing Protection by F-Secure - C:\Program Files (x86)\F-Secure\SAFE\Ultralight\http\1617091255\browser\fs_ie_https\fs_ie_https64.dll [2021-03-30 1639576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}]
IEToEdge BHO - C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.68\BHO\ie_to_edge_bho.dll [2021-04-01 416656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-04 151872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45BBE08D-81C5-4A67-AF20-B2A077C67747}]
Browsing Protection by F-Secure - C:\Program Files (x86)\F-Secure\SAFE\Ultralight\http\1617091255\browser\fs_ie_https\fs_ie_https.dll [2021-03-30 1056920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"=C:\Program Files\IDT\WDM\beats64.exe [2012-08-22 41664]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-11-20 1703424]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2020-10-16 331064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Flvto Youtube Downloader"=C:\Users\hp\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.Redesign.exe /minimize []
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2020-09-08 67384]
"com.squirrel.Teams.Teams"=C:\Users\hp\AppData\Local\Microsoft\Teams\Update.exe [2021-04-07 2453728]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"TeamsMachineInstaller"=C:\Program Files\Teams Installer\Teams.exe --checkInstall --source=PROPLUS []
"ControlCenter4"=C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [2014-05-22 139776]
"BrStsMon00"=C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2014-05-22 4513792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AnyDesk.lnk - C:\Program Files (x86)\AnyDesk\AnyDesk.exe

C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Facebook Gameroom.lnk - C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SafeModeBlockNonAdmins"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2021-04-09 18:03:24 ----D---- C:\rsit
2021-04-09 18:03:24 ----D---- C:\Program Files\trend micro
2021-03-23 21:04:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2021-03-11 09:26:05 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2021-03-11 09:26:05 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2021-03-11 09:26:05 ----A---- C:\Windows\system32\pngfilt.dll
2021-03-11 09:26:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2021-03-11 09:26:04 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2021-03-11 09:26:04 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2021-03-11 09:26:04 ----A---- C:\Windows\system32\ie4uinit.exe
2021-03-11 09:26:03 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2021-03-11 09:26:03 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2021-03-11 09:26:03 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2021-03-11 09:26:02 ----A---- C:\Windows\SYSWOW64\jscript.dll
2021-03-11 09:26:02 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2021-03-11 09:26:02 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2021-03-11 09:26:02 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2021-03-11 09:26:02 ----A---- C:\Windows\system32\vbscript.dll
2021-03-11 09:26:02 ----A---- C:\Windows\system32\urlmon.dll
2021-03-11 09:26:02 ----A---- C:\Windows\system32\msfeeds.dll
2021-03-11 09:26:02 ----A---- C:\Windows\system32\iedkcs32.dll
2021-03-11 09:26:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2021-03-11 09:26:01 ----A---- C:\Windows\system32\iertutil.dll
2021-03-11 09:26:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2021-03-11 09:26:00 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2021-03-11 09:26:00 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2021-03-11 09:26:00 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2021-03-11 09:26:00 ----A---- C:\Windows\system32\jscript.dll
2021-03-11 09:25:59 ----A---- C:\Windows\system32\ieframe.dll
2021-03-11 09:25:59 ----A---- C:\Windows\system32\dxtrans.dll
2021-03-11 09:25:59 ----A---- C:\Windows\system32\dxtmsft.dll
2021-03-11 09:25:58 ----A---- C:\Windows\system32\webcheck.dll
2021-03-11 09:25:58 ----A---- C:\Windows\system32\mshtmled.dll
2021-03-11 09:25:58 ----A---- C:\Windows\system32\jscript9.dll
2021-03-11 09:25:58 ----A---- C:\Windows\system32\inetcomm.dll
2021-03-11 09:25:58 ----A---- C:\Windows\system32\imgutil.dll
2021-03-11 09:25:57 ----A---- C:\Windows\system32\wininet.dll
2021-03-11 09:25:57 ----A---- C:\Windows\system32\mshtml.dll
2021-03-11 09:25:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2021-03-11 09:25:54 ----A---- C:\Windows\system32\win32k.sys
2021-03-11 09:25:54 ----A---- C:\Windows\system32\iepeers.dll
2021-03-11 09:25:54 ----A---- C:\Windows\system32\ieapfltr.dll
2021-03-11 09:25:53 ----A---- C:\Windows\SYSWOW64\msi.dll
2021-03-11 09:25:53 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2021-03-11 09:25:53 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2021-03-11 09:25:53 ----A---- C:\Windows\system32\msi.dll
2021-03-11 09:25:52 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2021-03-11 09:25:52 ----A---- C:\Windows\system32\WindowsCodecs.dll
2021-03-11 09:25:52 ----A---- C:\Windows\system32\jscript9diag.dll
2021-03-11 09:25:51 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2021-03-11 09:25:51 ----A---- C:\Windows\system32\Windows.UI.Immersive.dll
2021-03-11 09:25:51 ----A---- C:\Windows\system32\localspl.dll
2021-03-11 09:25:50 ----A---- C:\Windows\SYSWOW64\Windows.UI.Immersive.dll
2021-03-11 09:25:50 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2021-03-11 09:25:50 ----A---- C:\Windows\system32\IKEEXT.DLL
2021-03-11 09:25:49 ----A---- C:\Windows\SYSWOW64\upnphost.dll
2021-03-11 09:25:49 ----A---- C:\Windows\SYSWOW64\rasapi32.dll
2021-03-11 09:25:49 ----A---- C:\Windows\system32\rasdlg.dll
2021-03-11 09:25:49 ----A---- C:\Windows\system32\rasapi32.dll
2021-03-11 09:25:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2021-03-11 09:25:49 ----A---- C:\Windows\system32\drivers\nwifi.sys
2021-03-11 09:25:48 ----A---- C:\Windows\SYSWOW64\wlanapi.dll
2021-03-11 09:25:48 ----A---- C:\Windows\SYSWOW64\rasdlg.dll
2021-03-11 09:25:48 ----A---- C:\Windows\SYSWOW64\COLORCNV.DLL
2021-03-11 09:25:48 ----A---- C:\Windows\system32\WMPhoto.dll
2021-03-11 09:25:48 ----A---- C:\Windows\system32\wlanapi.dll
2021-03-11 09:25:48 ----A---- C:\Windows\system32\upnphost.dll
2021-03-11 09:25:48 ----A---- C:\Windows\system32\COLORCNV.DLL
2021-03-11 09:25:48 ----A---- C:\Windows\system32\AxInstSv.dll
2021-03-11 09:25:47 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2021-03-11 09:25:45 ----A---- C:\Windows\SYSWOW64\profext.dll
2021-03-11 09:25:45 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2021-03-11 09:25:45 ----A---- C:\Windows\SYSWOW64\certcli.dll
2021-03-11 09:25:45 ----A---- C:\Windows\system32\ProximityService.dll
2021-03-11 09:25:45 ----A---- C:\Windows\system32\profext.dll
2021-03-11 09:25:45 ----A---- C:\Windows\system32\certcli.dll
2021-03-10 14:51:43 ----D---- C:\Users\hp\AppData\Roaming\ControlCenter4
2021-03-10 14:44:50 ----D---- C:\Brother
2021-03-10 14:44:30 ----D---- C:\ProgramData\ControlCenter4
2021-03-10 14:44:30 ----D---- C:\Program Files (x86)\Browny02
2021-03-10 14:44:24 ----D---- C:\Program Files (x86)\ControlCenter4
2021-03-10 14:44:02 ----A---- C:\Windows\SYSWOW64\BRTCPCON.DLL
2021-03-10 14:44:02 ----A---- C:\Windows\system32\BrWi213b.dll
2021-03-10 14:44:02 ----A---- C:\Windows\system32\BrUsi13b.dll
2021-03-10 14:44:01 ----A---- C:\Windows\SYSWOW64\BROSNMP.DLL
2021-03-10 14:44:01 ----A---- C:\Windows\SYSWOW64\BRLMW03A.INI
2021-03-10 14:44:01 ----A---- C:\Windows\SYSWOW64\BRLMW03A.DLL
2021-03-10 14:44:01 ----A---- C:\Windows\SYSWOW64\BRLM03A.DLL
2021-03-10 14:44:01 ----A---- C:\Windows\system32\BrJDec.dll
2021-03-10 14:44:00 ----A---- C:\Windows\system32\BRCOM14A.DLL
2021-03-10 14:44:00 ----A---- C:\Windows\system32\BrCiImg.dll
2021-03-10 14:43:55 ----A---- C:\Windows\system32\BRADM14A.DAT
2021-03-10 14:43:53 ----N---- C:\Windows\SYSWOW64\NSSearch.dll
2021-03-10 14:43:52 ----N---- C:\Windows\SYSWOW64\BrDctF2S.dll
2021-03-10 14:43:52 ----N---- C:\Windows\SYSWOW64\BrDctF2L.dll
2021-03-10 14:43:52 ----N---- C:\Windows\SYSWOW64\BrDctF2.dll
2021-03-10 14:43:52 ----D---- C:\Program Files (x86)\Brother
2021-03-10 14:40:49 ----D---- C:\Users\hp\AppData\Roaming\InstallShield
2021-03-10 14:40:22 ----D---- C:\ProgramData\Brother

======List of files/folders modified in the last 1 month======

2021-04-09 18:03:30 ----D---- C:\Windows\Prefetch
2021-04-09 18:03:28 ----D---- C:\Windows\Temp
2021-04-09 18:03:26 ----SHD---- C:\Windows\Installer
2021-04-09 18:03:25 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2021-04-09 18:03:24 ----RD---- C:\Program Files
2021-04-09 18:03:16 ----D---- C:\Windows\Microsoft.NET
2021-04-09 18:02:08 ----D---- C:\Windows\system32\catroot2
2021-04-09 18:02:05 ----D---- C:\Windows\system32\sru
2021-04-09 18:01:41 ----D---- C:\Program Files\Microsoft Office
2021-04-09 18:00:13 ----D---- C:\ProgramData\Mozilla
2021-04-08 23:24:53 ----D---- C:\Users\hp\AppData\Roaming\upjers-playground2
2021-04-08 13:35:25 ----D---- C:\Windows\system32\Tasks
2021-04-07 15:49:48 ----D---- C:\Users\hp\AppData\Roaming\vlc
2021-04-07 15:33:01 ----D---- C:\Windows\System32
2021-04-07 15:33:01 ----D---- C:\Windows\Inf
2021-04-07 15:33:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2021-04-06 12:10:37 ----D---- C:\Windows\system32\catroot
2021-04-02 10:46:19 ----SHD---- C:\System Volume Information
2021-03-24 00:01:47 ----RD---- C:\Program Files (x86)
2021-03-23 22:55:38 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-19 23:56:35 ----D---- C:\Program Files (x86)\AnyDesk
2021-03-19 18:20:46 ----D---- C:\ProgramData\Disc-Soft
2021-03-19 18:20:44 ----D---- C:\Users\hp\AppData\Roaming\Disc-Soft
2021-03-19 18:20:44 ----AHD---- C:\ProgramData
2021-03-19 18:19:37 ----D---- C:\Users\hp\AppData\Roaming\Canon
2021-03-19 18:18:32 ----D---- C:\Windows\twain_32
2021-03-19 18:18:17 ----D---- C:\Windows\system32\DriverStore
2021-03-16 09:42:40 ----D---- C:\Windows\system32\config
2021-03-16 08:38:06 ----HD---- C:\Program Files\WindowsApps
2021-03-16 08:38:06 ----D---- C:\Windows\AppReadiness
2021-03-15 13:12:05 ----D---- C:\Windows\WinSxS
2021-03-13 17:01:19 ----D---- C:\Windows\SysWOW64
2021-03-12 20:25:11 ----D---- C:\Windows\rescache
2021-03-12 18:16:18 ----D---- C:\Program Files\Common Files\microsoft shared
2021-03-11 23:58:59 ----RD---- C:\Windows\ToastData
2021-03-11 23:58:58 ----D---- C:\Program Files\Internet Explorer
2021-03-11 23:58:58 ----D---- C:\Program Files (x86)\Internet Explorer
2021-03-11 23:58:57 ----D---- C:\Windows\SYSWOW64\setup
2021-03-11 23:58:55 ----D---- C:\Windows\system32\wbem
2021-03-11 23:58:55 ----D---- C:\Windows\system32\drivers
2021-03-11 23:58:54 ----D---- C:\Windows\system32\setup
2021-03-11 19:09:45 ----SD---- C:\Users\hp\AppData\Roaming\Microsoft
2021-03-11 11:13:36 ----D---- C:\Windows\CbsTemp
2021-03-10 14:43:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2021-03-10 10:24:10 ----D---- C:\Windows\system32\MRT
2021-03-10 10:17:11 ----AC---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fsbts;fsbts; C:\Windows\system32\drivers\fsbts.sys [2020-12-12 58752]
R1 dtsoftbus01;@oem12.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2017-05-04 254528]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2014-12-21 40344]
R1 RawDisk3;RawDisk3; \??\C:\Windows\system32\drivers\rawdsk3.sys [2014-04-29 31040]
R2 fsnif2;fsnif2; \??\C:\Program Files (x86)\F-Secure\SAFE\Ultralight\nif2\1614076011\nif2s64.sys [2021-02-23 177672]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2016-02-17 21527568]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2016-02-17 493592]
R3 BthA2DP;@wdma_bt.inf,%BthA2DP.SvcDesc%;Bluetooth stereo; C:\Windows\system32\drivers\BthA2DP.sys [2015-01-30 132608]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2019-08-04 53248]
R3 BthHFAud;@wdma_bt.inf,%DISPLAY_NAME%;Bluetooth handsfree; C:\Windows\system32\DRIVERS\BthHfAud.sys [2014-10-08 32768]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2017-07-06 119296]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2019-05-03 81920]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulgk.sys [2021-04-06 361448]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\Windows\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2015-01-30 167424]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2013-11-20 551936]
R3 VClone;VClone; C:\Windows\System32\drivers\VClone.sys [2014-05-03 34816]
S3 ardrv;ardrv; \??\C:\Users\hp\AppData\Local\Temp\ardrv.sys [2018-12-14 17224]
S3 AtiDCM;AtiDCM; \??\C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys [2014-03-13 28416]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2021-01-05 1209856]
S3 dg_ssudbus;@oem5.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-09-05 131712]
S3 htcnprot;@oem13.inf,%NDISPROT_Desc%;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2013-10-17 36928]
S3 HtcVCom32;@oem16.inf,%OEMSerialPortName00%;HTC Diagnostic Port; C:\Windows\system32\DRIVERS\HtcVComV64.sys [2010-03-09 121800]
S3 Netaapl;@oem26.inf,%Netaapl.Service.DispName%;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2020-05-06 23040]
S3 ssudmdm;@oem8.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-09-05 165504]
S3 usb_rndisx;@netrndis.inf,%usb_rndis.Service.DispName%;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2015-04-25 20992]
S3 USBAAPL64;@oem25.inf,%USBAAPL64.SvcDesc%;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2020-05-06 54784]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 44544]
S3 WDC_SAM;@oem21.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2018-02-26 35584]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-08-16 159936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2021-01-25 169672]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2016-02-17 305176]
R2 AnyDesk;AnyDesk Service; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [2021-03-08 3743464]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2020-09-24 96056]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2021-03-29 8788368]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 fshoster;F-Secure Hoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [2020-11-03 244096]
R2 fsnethoster;F-Secure Hoster (Restricted); C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [2020-11-03 244096]
R2 fsulhoster;F-Secure Ultralight Hoster; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe [2021-04-06 623744]
R2 fsulnethoster;F-Secure Ultralight Network Hoster; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe [2021-04-06 623744]
R2 fsulorsp;F-Secure Ultralight ORSP Client; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsorsp64.exe [2021-04-06 101248]
R2 fsulprothoster;F-Secure Ultralight Protected Hoster; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulprothoster.exe [2021-04-06 623744]
R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2016-09-20 87368]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 ScsiAccess;ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [2016-10-11 181312]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-11-20 339456]
R3 BrYNSvc;BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-09-25 282112]
R3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\system32\svchost.exe [2014-10-29 38792]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2020-10-16 672056]
S2 edgeupdate;Služba Microsoft Edge Update (edgeupdate); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-07-06 224152]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-24 153168]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-06-01 317400]
S3 edgeupdatem;Služba Microsoft Edge Update (edgeupdatem); C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [2020-07-06 224152]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 GameforgeClientService;Gameforge Client Service; C:\Program Files (x86)\GameforgeClient\gfservice.exe [2021-01-29 568480]
S3 GoogleChromeElevationService;Google Chrome Elevation Service; C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\elevation_service.exe [2021-03-29 1509488]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-24 153168]
S3 MicrosoftEdgeElevationService;Microsoft Edge Elevation Service (MicrosoftEdgeElevationService); C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.68\elevation_service.exe [2021-04-01 1559952]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2021-03-23 242672]

-----------------EOF-----------------

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu, děkuji

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

magia.n
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 09 dub 2021 17:19

Re: Prosím o kontrolu, děkuji

#3 Příspěvek od magia.n »

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-08.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-10-2021
# Duration: 00:00:54
# OS: Windows 8.1
# Scanned: 31988
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu, děkuji

#4 Příspěvek od Diallix »

Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

magia.n
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 09 dub 2021 17:19

Re: Prosím o kontrolu, děkuji

#5 Příspěvek od magia.n »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-04-2021
Ran by hp (administrator) on HP-PC (Hewlett-Packard 500-202ec) (10-04-2021 16:07:26)
Running from C:\Users\hp\Desktop
Loaded Profiles: hp
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Facebook, Inc. -> Facebook) C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Facebook, Inc. -> The CefSharp Authors) C:\Users\hp\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe <26>
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe <2>
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsorsp64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\FsPisces.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulprothoster.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>
(upjers GmbH -> upjers GmbH) C:\Users\hp\AppData\Local\Programs\upjers-playground2\upjers Home.exe <6>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Integrated Device Technology Inc. -> Hewlett-Packard) [File not signed]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.) [File not signed]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [100580600 2020-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd -> DT Soft Ltd)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Run: [Flvto Youtube Downloader] => "C:\Users\hp\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\hp\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-07] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {1e9cd87f-84d2-11e8-829c-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {710ee6b9-6471-11e6-824f-806e6f6e6963} - "F:\START.EXE"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851f3e4-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851fa7b-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1003\...\MountPoints2: {2dd72f34-a7e0-11e6-8260-9cb654edfc7c} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Dáda\AppData\Local\Microsoft\Teams\Update.exe [2453656 2021-02-20] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Týna\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-11-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP190 series: C:\Windows\system32\CNMLM9I.DLL [279040 2008-02-25] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-01] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-09-04]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-06]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
Startup: C:\Users\Kristýna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-08-13]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
Startup: C:\Users\Týna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-13]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
Startup: C:\Users\Týna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-31]
ShortcutTarget: MEGAsync.lnk -> C:\Users\hp\AppData\Local\MEGAsync\MEGAsync.exe (No File)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C9634F6-EF84-42FD-968D-2D8FFDB7CDB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-24] (Google Inc -> Google Inc.)
Task: {38049093-848F-484A-B596-91122766BC91} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {46418CC2-AD3E-42C8-B61A-A0EDD96B3054} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {5962DDD7-C251-47F5-A41F-D3B086A94BEA} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3921397407-2631415318-3197205120-1005 => C:\Users\hp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {5FDDE5A0-374C-49FA-A449-67D08C474337} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3921397407-2631415318-3197205120-1004 => {201600d8-6eff-48ce-b842-e14d37a0682d} C:\Windows\System32\wpninprc.dll [62464 2014-10-29] (Microsoft Windows -> Microsoft Corporation)
Task: {606EBC9B-838D-4DC9-A1A3-176EBD4E96B8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {61CB0EAF-BCB5-4FFC-A049-A0806844431D} - System32\Tasks\{8BC24110-F064-4E3E-8B43-F7F2B365943D} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.39.0.102/cs ... rogressBar
Task: {745DDD41-0C2F-4B35-9790-C9F43AEE81DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {7A874B00-1D28-4469-8F38-E329063F23AF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {90E5C152-EED6-4CE2-9402-F22F873CD65A} - System32\Tasks\{3CF151D6-0E18-49D7-BEE3-EE58DB9E3999} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.36.0.101/cs ... rogressBar
Task: {98B5F1B2-C300-4E62-B712-4A5CCEC70160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-24] (Google Inc -> Google Inc.)
Task: {9B233D7B-8809-48EA-B0E0-788AB09DB569} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {A1C1CF50-EC61-4A45-A2C9-7CEF3EB91909} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498032 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {AED4E2C5-2A93-4EFB-A79A-ADBF421E969A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {B9C16742-5794-4F66-BA5E-160146F69A1B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5445726-1F50-4E47-9C2E-246288D0A26D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFBF869F-0903-4936-BD94-A5DF0302461A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {FA0E4834-8054-41E0-BC94-C190B8B9A179} - System32\Tasks\F-Secure\F-Secure Hotfix => C:\Program Files (x86)\F-Secure\SAFE\fs_hotfix.exe [308608 2020-11-03] (F-Secure Corporation -> F-Secure Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{3E1BC311-A25A-499A-85BF-A0ADD9BED33F}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-22]
Edge Extension: (Browsing Protection by F-Secure) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2021-02-22]
Edge HKLM\...\Edge\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
Edge HKLM-x32\...\Edge\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]

FireFox:
========
FF DefaultProfile: fag465m9.default
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fag465m9.default [2021-04-10]
FF DownloadDir: C:\Users\hp\Desktop
FF Homepage: Mozilla\Firefox\Profiles\fag465m9.default -> hxxp://seznam.cz/
FF Extension: (YouTube™ Flash® Player) - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fag465m9.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2017-12-04]
FF Extension: (YouTube High Definition) - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fag465m9.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2021-02-03]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\hp\AppData\Roaming\mozilla\plugins\npPxPlay.dll [2016-10-11]

Chrome:
=======
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2021-04-10]
CHR Extension: (Prezentace) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Dokumenty) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-24]
CHR Extension: (Tabulky) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-18]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2020-10-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-18]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-08] (philandro Software GmbH -> philandro Software GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788368 2021-03-29] (Microsoft Corporation -> Microsoft Corporation)
R2 fshoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [244096 2020-11-03] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [244096 2020-11-03] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe [623744 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe [623744 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsorsp64.exe [101248 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulprothoster.exe [623744 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
S3 GameforgeClientService; C:\Program Files (x86)\GameforgeClient\gfservice.exe [568480 2021-01-29] (Gameforge 4D GmbH -> )
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG -> Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [181312 2016-10-11] () [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ardrv; C:\Users\hp\AppData\Local\Temp\ardrv.sys [17224 2018-12-14] (OPSWAT, Inc. -> OPSWAT, Inc.) <==== ATTENTION
S3 AtiDCM; C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys [28416 2014-03-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [254528 2017-05-04] (DT Soft Ltd -> DT Soft Ltd)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulgk.sys [361448 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [58752 2020-12-12] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnif2; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\nif2\1614076011\nif2s64.sys [177672 2021-02-23] (F-Secure Corporation -> F-Secure Corporation)
S3 htcnprot; C:\Windows\system32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (Sqa.com(Test) -> QUALCOMM Incorporated)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [31040 2014-04-29] (IPTS Alisa, OOO -> EldoS Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [551936 2013-11-20] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-10 16:07 - 2021-04-10 16:08 - 000022499 _____ C:\Users\hp\Desktop\FRST.txt
2021-04-10 16:06 - 2021-04-10 16:08 - 000000000 ____D C:\FRST
2021-04-10 16:04 - 2021-04-10 16:04 - 002297856 _____ (Farbar) C:\Users\hp\Desktop\FRST64.exe
2021-04-10 13:46 - 2021-04-10 13:46 - 000710580 _____ C:\Users\hp\Desktop\Lebensmittelhygiene 2021_Zertifikat Lebensmittelhygiene 2021.pdf
2021-04-10 10:24 - 2021-04-10 10:29 - 000000000 ____D C:\AdwCleaner
2021-04-10 10:23 - 2021-04-10 10:23 - 008534696 _____ (Malwarebytes) C:\Users\hp\Desktop\adwcleaner_8.2.exe
2021-04-09 18:03 - 2021-04-09 18:03 - 000000000 ____D C:\rsit
2021-04-09 18:03 - 2021-04-09 18:03 - 000000000 ____D C:\Program Files\trend micro
2021-04-09 18:02 - 2021-04-09 18:02 - 001222144 _____ C:\Users\hp\Desktop\RSITx64.exe
2021-04-09 10:24 - 2021-04-09 10:24 - 000041555 _____ C:\Users\hp\Desktop\document.pdf
2021-04-08 10:37 - 2021-04-08 10:37 - 000221139 _____ C:\Users\hp\Desktop\CCI0842021.pdf
2021-04-08 10:34 - 2021-04-08 10:34 - 000686342 _____ C:\Users\hp\Desktop\Testergebnis 4.4.2021.pdf
2021-04-08 09:28 - 2021-04-08 09:28 - 000310642 _____ C:\Users\hp\Desktop\dokument-126578343.pdf
2021-04-05 22:49 - 2021-04-09 10:29 - 000000000 ____D C:\Users\hp\Desktop\Nová složka
2021-03-27 10:29 - 2021-04-07 09:48 - 000000000 ____D C:\Users\hp\Desktop\Formulář pro opuštění okresu
2021-03-26 19:50 - 2021-03-28 00:22 - 000011599 _____ C:\Users\hp\Desktop\kšefty.xlsx
2021-03-23 22:55 - 2021-03-23 22:55 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-03-23 21:04 - 2021-04-10 10:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-03-19 11:51 - 2021-03-19 11:51 - 000012317 _____ C:\Users\Týna\Desktop\maturita-cestina-didakticky-test-zaznamovy-arch-2016-jaro.pdf
2021-03-19 11:49 - 2021-03-19 11:49 - 000000000 ____D C:\Users\Týna\AppData\Roaming\ControlCenter4
2021-03-11 09:26 - 2021-02-13 04:26 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-03-11 09:26 - 2021-02-13 04:12 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-03-11 09:25 - 2021-02-13 04:47 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-03-11 09:25 - 2021-02-13 04:24 - 000073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-10 16:07 - 2019-02-06 10:43 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-10 16:07 - 2016-11-17 17:35 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Mozilla
2021-04-10 16:05 - 2019-05-22 20:28 - 000000000 ____D C:\Users\hp\AppData\Roaming\upjers-playground2
2021-04-10 11:06 - 2016-08-19 08:51 - 000000000 ___DO C:\Users\hp\OneDrive
2021-04-10 11:06 - 2016-08-17 14:05 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921397407-2631415318-3197205120-1001
2021-04-10 10:47 - 2014-03-18 17:33 - 001739092 _____ C:\Windows\system32\PerfStringBackup.INI
2021-04-10 10:47 - 2014-03-18 16:54 - 000733268 _____ C:\Windows\system32\perfh005.dat
2021-04-10 10:47 - 2014-03-18 16:54 - 000148614 _____ C:\Windows\system32\perfc005.dat
2021-04-10 10:47 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2021-04-10 10:43 - 2016-12-25 21:55 - 000000000 ____D C:\Users\hp\AppData\Local\HTC MediaHub
2021-04-10 10:42 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-10 10:40 - 2016-08-17 16:28 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-04-10 10:40 - 2013-08-22 15:25 - 001310720 ___SH C:\Windows\system32\config\BBI
2021-04-10 10:36 - 2016-11-17 17:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-10 10:33 - 2020-01-04 12:01 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2021-04-10 10:31 - 2020-07-06 10:17 - 000002241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-10 10:23 - 2016-08-17 14:03 - 000003946 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{FE27802C-E301-419F-B6F7-DD932E6659EB}
2021-04-09 21:56 - 2016-08-19 20:13 - 000029848 _____ C:\Users\hp\Desktop\Capi továrny.xlsx
2021-04-09 21:32 - 2021-02-22 21:22 - 000030516 _____ C:\Users\hp\Desktop\C.xlsx
2021-04-09 18:03 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-09 18:01 - 2020-11-02 12:28 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-09 10:32 - 2018-12-21 17:42 - 000000000 ____D C:\Users\hp\AppData\Local\CrashDumps
2021-04-09 10:25 - 2016-08-17 13:59 - 000000000 ____D C:\Users\hp\AppData\Local\Packages
2021-04-09 10:02 - 2018-12-01 22:47 - 000000000 ___RD C:\Users\Týna\OneDrive
2021-04-08 13:45 - 2018-12-08 11:21 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921397407-2631415318-3197205120-1005
2021-04-08 13:35 - 2020-11-02 12:42 - 000003166 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3921397407-2631415318-3197205120-1005
2021-04-08 13:35 - 2020-11-02 12:42 - 000002297 _____ C:\Users\Týna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2021-04-08 08:17 - 2021-02-21 19:44 - 000000000 ____D C:\Users\hp\Desktop\Einreiseanmeldungen
2021-04-08 07:03 - 2020-07-06 10:17 - 000003484 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-08 07:03 - 2020-07-06 10:17 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-07 15:49 - 2016-10-12 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\vlc
2021-04-07 10:18 - 2020-11-03 08:54 - 000002288 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-04-07 10:18 - 2020-11-03 08:54 - 000002280 _____ C:\Users\hp\Desktop\Microsoft Teams.lnk
2021-04-02 20:45 - 2016-08-19 08:59 - 000000000 ____D C:\Users\hp\Desktop\Dokumenty
2021-04-01 11:03 - 2017-07-24 17:31 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-25 15:46 - 2020-02-02 15:04 - 000003954 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{81B1C48C-D8AD-45EC-8E79-F2FAB85A011D}
2021-03-23 23:59 - 2020-05-22 11:45 - 000000000 ____D C:\Users\hp\Desktop\Uptasia
2021-03-23 22:55 - 2016-08-18 16:47 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-21 22:19 - 2020-04-27 19:50 - 000000000 ____D C:\Users\hp\Desktop\Sken
2021-03-19 18:20 - 2020-06-12 20:35 - 000000000 ____D C:\Users\hp\AppData\Roaming\Disc-Soft
2021-03-19 18:20 - 2020-06-12 20:34 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-03-19 18:19 - 2016-09-13 11:51 - 000000000 ____D C:\Users\hp\AppData\Roaming\Canon
2021-03-16 08:38 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-16 08:38 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2021-03-16 08:30 - 2016-11-19 19:06 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921397407-2631415318-3197205120-1004
2021-03-16 08:29 - 2016-11-19 19:02 - 000003954 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{082B1CEA-011E-407D-BC94-120E222088B1}
2021-03-13 17:01 - 2016-08-17 14:05 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-12 20:25 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2021-03-12 18:16 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-12 09:12 - 2013-08-22 16:44 - 000722128 _____ C:\Windows\system32\FNTCACHE.DAT
2021-03-11 23:58 - 2013-08-22 17:36 - 000000000 ___RD C:\Windows\ToastData
2021-03-11 23:58 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-03-11 23:58 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\system32\setup
2021-03-11 11:13 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp

==================== Files in the root of some directories ========

2019-11-29 22:56 - 2020-01-05 11:14 - 000004749 _____ () C:\Users\hp\AppData\Roaming\downloads.json

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-04-09 08:54
==================== End of FRST.txt ========================

magia.n
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 09 dub 2021 17:19

Re: Prosím o kontrolu, děkuji

#6 Příspěvek od magia.n »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-04-2021
Ran by hp (10-04-2021 16:11:21)
Running from C:\Users\hp\Desktop
Windows 8.1 (Update) (X64) (2016-08-17 11:59:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3921397407-2631415318-3197205120-500 - Administrator - Disabled)
Dáda (S-1-5-21-3921397407-2631415318-3197205120-1004 - Limited - Enabled) => C:\Users\Dáda
Guest (S-1-5-21-3921397407-2631415318-3197205120-501 - Limited - Disabled)
Honza (S-1-5-21-3921397407-2631415318-3197205120-1006 - Limited - Enabled) => C:\Users\Honza
hp (S-1-5-21-3921397407-2631415318-3197205120-1001 - Administrator - Enabled) => C:\Users\hp
Kristýna (S-1-5-21-3921397407-2631415318-3197205120-1002 - Administrator - Enabled) => C:\Users\Kristýna
Martin (S-1-5-21-3921397407-2631415318-3197205120-1003 - Administrator - Enabled) => C:\Users\Martin
Týna (S-1-5-21-3921397407-2631415318-3197205120-1005 - Limited - Enabled) => C:\Users\Týna

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: F-Secure SAFE (Enabled - Up to date) {01EEC97C-28E5-34E7-6F5F-47CED8192856}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: F-Secure SAFE (Enabled - Up to date) {BA8F2898-0EDF-3B69-55EF-7CBCA39E62EB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.3 - philandro Software GmbH)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 3.03 (HKLM-x32\...\Ashampoo Photo Optimizer 3_is1) (Version: 3.0.3 - ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-1610W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CDRoller version 10.60 (HKLM-x32\...\CDRoller_is1) (Version: 10.60 - Digital Atlantic Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
F-Secure SAFE (HKLM-x32\...\{46B8A013-32EE-4158-A401-E25B63FE5D28}) (Version: 17.9 - F-Secure Corporation)
Gameforge Client (HKLM-x32\...\{d3b2a0c1-f0d0-4888-ae0b-1c5e1febdafb}_is1) (Version: 2.1.22.784 - Gameforge)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.77.0 - HTC)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{6B5E1BB0-7219-47AC-AA8C-9C2C9950E1E5}) (Version: 12.10.10.2 - Apple Inc.)
K-Lite Codec Pack (64-bit) v3.6.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 3.6.0 - )
Krvavá Kassandra - Sběratelská edice (HKLM-x32\...\{Krvava Kassandra - Sberatelska edice}_is1) (Version: - Spidla Data Processing, s.r.o.)
LibreOffice 6.3.5.2 (HKLM\...\{9FEFBA80-8687-4AC1-83F7-3CD3E9BAF275}) (Version: 6.3.5.2 - The Document Foundation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.75 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3921397407-2631415318-3197205120-1004\...\Teams) (Version: 1.4.00.2879 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\...\Teams) (Version: 1.3.00.21759 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Mozilla Firefox 87.0 (x64 cs) (HKLM\...\Mozilla Firefox 87.0 (x64 cs)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
NosTale (HKLM-x32\...\{dd4e22d6-00d1-44b9-8126-d8b40e0cd7c9}) (Version: - Gameforge)
NosTale cs-CZ (HKLM-x32\...\{dd4e22d6-00d1-44b9-8126-d8b40e0cd7c9.cs-CZ}) (Version: - Gameforge)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Prázdnota (HKLM-x32\...\{Prazdnota}_is1) (Version: - Spidla Data Processing, s.r.o.)
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Scooby-Doo(TM), Case File #2 The Scary Stone Dragon (HKLM-x32\...\Scooby-Doo(TM), Case File #2 The Scary Stone Dragon) (Version: - )
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Tajemství šesti moří (HKLM-x32\...\{Tajemstvi sesti mori}_is1) (Version: - Spidla Data Processing, s.r.o.)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
upjers Home 2.1.62 (HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\{e2446448-09eb-5b1b-84b1-6746557362e3}) (Version: 2.1.62 - upjers GmbH)
upjers Playground 2.0.98 (HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\e2446448-09eb-5b1b-84b1-6746557362e3) (Version: 2.0.98 - upjers GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Záchvěv - Ztracená stopařka v1.0 (HKLM-x32\...\{Zachvev - Ztracena stoparka}_is1) (Version: - Špidla Data Processing, s.r.o.)
Zloději duší v1.0 (HKLM-x32\...\{Zlodeji dusi}_is1) (Version: - Špidla Data Processing, s.r.o.)

Packages:
=========
2020: My Country -> C:\Program Files\WindowsApps\0EB8BD08.2020MyCountry_2.9.0.389_x86__erk4rrwmt7jyt [2018-11-29] (GAME INSIGHT GLOBAL LIMITED)
Člověče, nezlob se! Lite -> C:\Program Files\WindowsApps\b-interaktiveGmbH.DontgetangryFREE_1.3.0.11_x64__qbsg90x8tpqqt [2018-05-01] (b-interaktive GmbH) [MS Ad]
Happy Chef -> C:\Program Files\WindowsApps\Nordcurrent.HappyChef_1.0.0.5_x86__m9bz608c1b9ra [2017-09-01] (Nordcurrent)
Hidden City®: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.16.1700.0_x86__ytsefhwckbdv6 [2018-11-29] (G5 Entertainment AB)
Hry -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad]
Hudba -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
Kids' Puzzles -> C:\Program Files\WindowsApps\AboutFun.KidsPuzzles_1.5.0.0_neutral__3bmcbs85sh38e [2016-08-19] (About Fun)
Krtkova skládačka -> C:\Program Files\WindowsApps\SiliconJelly.LittleMolesPuzzle_1.1.0.0_x86__6v809z49xp5gp [2016-08-19] (Silicon Jelly s.r.o.)
Magic Jigsaw Puzzles -> C:\Program Files\WindowsApps\XIMADINC.MAGICPUZZLES_3.11.6.0_x64__np8fj6akx2czy [2021-03-12] (ZiMAD) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.9.1911.0_x86__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.10.1812.2002_x86__8wekyb3d8bbwe [2019-02-02] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-07-27] (Microsoft Studios) [MS Ad]
MSN Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Gurmánský svět -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Zdraví a fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
Pexeso pro děti -> C:\Program Files\WindowsApps\AboutFun.KidsPuzzlesMemoryGame_1.0.0.4_neutral__3bmcbs85sh38e [2016-08-19] (About Fun)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2016-08-18] (Skype) [MS Ad]
Spider Solitaire ! -> C:\Program Files\WindowsApps\41544BlastOffGames.SpiderSolitaire_1.0.0.15_neutral__qy5fmezmgqez0 [2021-03-14] (Blast Off Games Solitaire Tetris Flappy Bird) [MS Ad]
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-25] (Microsoft Studios) [MS Ad]
TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2019-03-16] (vasetest101)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3921397407-2631415318-3197205120-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\hp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3921397407-2631415318-3197205120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\hp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\F-Secure\SAFE\FsShellExtension64.dll [2020-11-03] (F-Secure Corporation -> F-Secure Corporation)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [136704 2010-06-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-05-01 10:23 - 2020-05-01 10:23 - 000774656 _____ () [File not signed] [File is in use] C:\Users\hp\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 001184256 _____ () [File not signed] [File is in use] C:\Users\hp\AppData\Local\Facebook\Games\CefSharp.Core.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 071641088 _____ () [File not signed] C:\Users\hp\AppData\Local\Facebook\Games\libcef.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 000078848 _____ () [File not signed] C:\Users\hp\AppData\Local\Facebook\Games\libegl.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 003149824 _____ () [File not signed] C:\Users\hp\AppData\Local\Facebook\Games\libglesv2.dll
2020-07-14 22:58 - 2020-07-14 09:24 - 002128896 _____ () [File not signed] C:\Users\hp\AppData\Local\Programs\upjers-playground2\ffmpeg.dll
2020-07-14 22:58 - 2020-07-14 09:24 - 000141824 _____ () [File not signed] C:\Users\hp\AppData\Local\Programs\upjers-playground2\libegl.dll
2020-07-14 22:58 - 2020-07-14 09:24 - 007731200 _____ () [File not signed] C:\Users\hp\AppData\Local\Programs\upjers-playground2\libglesv2.dll
2016-09-13 11:16 - 2008-02-25 20:00 - 000279040 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLM9I.DLL
2020-05-01 10:23 - 2020-05-01 10:23 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\hp\AppData\Local\Facebook\Games\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys [3072]
AlternateDataStreams: C:\Users\All Users:gs5sys [3072]
AlternateDataStreams: C:\Users\Dáda:gs5sys [3074]
AlternateDataStreams: C:\Users\hp:gs5sys [2560]
AlternateDataStreams: C:\Users\Týna:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Data aplikací:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\Dáda\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\Dáda\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\hp\Data aplikací:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Local Settings:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Soubory cookie:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Šablony:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Desktop\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Roaming:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local\Data aplikací:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Local\History:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Documents\desktop.ini:gs5sys [2304]
AlternateDataStreams: C:\Users\Týna\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Soubory cookie:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Documents\desktop.ini:gs5sys [3074]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
HKU\S-1-5-21-3921397407-2631415318-3197205120-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?OCID=IE11FREDHP&PC=UF01
HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/cs-cz/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\Ultralight\http\1617091255\browser\fs_ie_https\fs_ie_https64.dll [2021-03-30] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\Ultralight\http\1617091255\browser\fs_ie_https\fs_ie_https.dll [2021-03-30] (F-Secure Corporation -> F-Secure Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2018-11-15 19:53 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristýna\Desktop\6b82acef054a3494cc28dda3372c28ca956a9bcb_hq.jpg
HKU\S-1-5-21-3921397407-2631415318-3197205120-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3921397407-2631415318-3197205120-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3921397407-2631415318-3197205120-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Síť Ethernet: HTC NDIS Protocol Driver -> ms_ndisprot (enabled)
Síťové připojení Bluetooth 2: HTC NDIS Protocol Driver -> ms_ndisprot (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B29C2BD4-8F80-4DF9-BAE8-F485B5BFE171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5BD88E11-C6B0-4BAE-94C8-CBE056C4F582}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{09A460E3-DB0C-41F1-A37E-31759B83CE4F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{D0A05147-DE7A-4683-9D67-E232C7AFDB50}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{2A592CCF-B699-4C35-A9B5-11F7170FD095}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{862DC9D8-2975-48F2-B819-59B0C2E96E02}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7D385A94-324A-470E-8099-65DC4A980E73}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe (Nero AG -> )
FirewallRules: [{D16B523A-2106-4F44-AFC3-64B2DF553A2F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{69721B4D-4AB0-41A0-9637-BBF4B8B02FD5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{CF95D89D-C5B3-4A06-B3DA-5DCA5C087BCF}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{A60F7BC3-B493-46E4-8591-AF8314870BCC}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [{994CBD9A-5F24-42EA-9755-8399779B5E57}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A031FA04-8B22-41E8-A672-839D6B07B6FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13612E65-7774-4466-9A1E-538D294BD439}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{074076B5-6881-4DD6-8431-0AA567C7A212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{22079042-28EB-4524-8976-1D31B731519F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{903B7BB2-A0F0-404F-9685-94CC081F178A}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe (Apowersoft Ltd.) [File not signed]
FirewallRules: [{B4B5B911-B111-409E-9651-5B8A0903CC08}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe (Apowersoft Ltd.) [File not signed]
FirewallRules: [{9544F145-EDA4-44C4-938A-7BBAA9D5F6AF}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{2AFE3AF3-EDD9-4343-8D1E-870A2C76FC63}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{8174C7AE-05FA-4E65-97D8-AA71BE43EE95}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{88A29561-FD36-4D81-A765-D0E3C87C68B0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B28DEB3D-C663-48B3-9EB2-5DA860C51EEB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7B0E6AD7-C3EE-442D-B110-EDBBE85F4D73}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{438B6A4C-A889-48F6-A45C-0C2E8A1758CC}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{9B676265-C13B-4CAC-8BFE-B9A330F0FD95}C:\users\hp\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\hp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B2E70E01-C3EA-4FDD-AD29-83E9F438580E}C:\users\hp\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\hp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDF630BD-3447-466E-AF7F-38FF4865E193}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B7EB5888-527B-4419-B0E8-23EC5806E00A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4FA1CF43-AAC6-4A1B-A47E-0A3A98679952}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{D9E32529-F775-43A4-B49E-D33E9D21F6D9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{3083C9D4-1E29-4D03-83E8-111464AC5932}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{F7D60A69-60F9-4540-906B-A0FE915B65CA}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{56C3EAAD-57F4-422A-8E9E-C5E8275397FF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{289A93DC-5828-47F0-A7B3-41E9EE9C36B0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

26-03-2021 09:51:39 Naplánovaný kontrolní bod
02-04-2021 10:46:00 Naplánovaný kontrolní bod
10-04-2021 11:07:03 Windows Update

==================== Faulty Device Manager Devices ============

Name: DAEMON Tools Lite Virtual USB Bus
Description: DAEMON Tools Lite Virtual USB Bus
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Disc Soft Ltd
Service: dtliteusbbus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: DAEMON Tools Lite Virtual SCSI Bus
Description: DAEMON Tools Lite Virtual SCSI Bus
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Disc Soft Ltd
Service: dtlitescsibus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/10/2021 10:20:45 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 11:28:41 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 11:28:41 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 11:28:41 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 11:28:41 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 11:28:37 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 05:58:29 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 04:09:21 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed


System errors:
=============
Error: (04/10/2021 02:00:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070103): Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (04/10/2021 11:24:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070103): Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (04/10/2021 11:14:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070103): Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (04/10/2021 11:08:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070103): Advanced Micro Devices, Inc driver update for AMD SMBus.

Error: (04/10/2021 10:54:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba F-Secure Ultralight Hoster byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (04/10/2021 10:54:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba F-Secure Ultralight Network Hoster byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (04/10/2021 10:54:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/10/2021 10:54:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba F-Secure Ultralight Protected Hoster byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2018-09-24 14:25:29.666
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80073aba
Popis chyby: Prostředek je zastaralý, a proto není kompatibilní.
Verze podpisu: 1.155.266.0;1.155.266.0
Verze modulu: 1.1.9700.0

==================== Memory info ===========================

BIOS: AMI 80.52 11/11/2014
Motherboard: MSI 2AE0
Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 25%
Total physical RAM: 7349.03 MB
Available physical RAM: 5477.02 MB
Total Virtual: 8821.03 MB
Available Virtual: 6138.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:919.55 GB) (Free:669.61 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:10.44 GB) (Free:10.39 GB) NTFS

\\?\Volume{8d15af40-5d21-4f89-93f2-9c89f599c245}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.73 GB) NTFS
\\?\Volume{e43af091-bafa-40a3-b638-7668b888e7a0}\ (Obnovení) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4F4578C4)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu, děkuji

#7 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

C:\Users\hp\AppData\Local\Temp\ardrv.sys
C:\Program Files\Bonjour

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {1e9cd87f-84d2-11e8-829c-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {710ee6b9-6471-11e6-824f-806e6f6e6963} - "F:\START.EXE"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851f3e4-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851fa7b-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1003\...\MountPoints2: {2dd72f34-a7e0-11e6-8260-9cb654edfc7c} - "G:\HTC_Sync_Manager_PC.exe"
Startup: C:\Users\Týna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-31]
ShortcutTarget: MEGAsync.lnk -> C:\Users\hp\AppData\Local\MEGAsync\MEGAsync.exe (No File)
Task: {98B5F1B2-C300-4E62-B712-4A5CCEC70160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-24] (Google Inc -> Google Inc.)
S3 ardrv; C:\Users\hp\AppData\Local\Temp\ardrv.sys [17224 2018-12-14] (OPSWAT, Inc. -> OPSWAT, Inc.) <==== ATTENTION
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
CustomCLSID: HKU\S-1-5-21-3921397407-2631415318-3197205120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\hp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData:gs5sys [3072]
AlternateDataStreams: C:\Users\All Users:gs5sys [3072]
AlternateDataStreams: C:\Users\Dáda:gs5sys [3074]
AlternateDataStreams: C:\Users\hp:gs5sys [2560]
AlternateDataStreams: C:\Users\Týna:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Data aplikací:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\Dáda\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\Dáda\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\hp\Data aplikací:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Local Settings:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Soubory cookie:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Šablony:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Desktop\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Roaming:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local\Data aplikací:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Local\History:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Documents\desktop.ini:gs5sys [2304]
AlternateDataStreams: C:\Users\Týna\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Soubory cookie:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Documents\desktop.ini:gs5sys [3074]
FirewallRules: [{D16B523A-2106-4F44-AFC3-64B2DF553A2F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{69721B4D-4AB0-41A0-9637-BBF4B8B02FD5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{CF95D89D-C5B3-4A06-B3DA-5DCA5C087BCF}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{A60F7BC3-B493-46E4-8591-AF8314870BCC}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [{A031FA04-8B22-41E8-A672-839D6B07B6FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13612E65-7774-4466-9A1E-538D294BD439}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{074076B5-6881-4DD6-8431-0AA567C7A212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{22079042-28EB-4524-8976-1D31B731519F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

magia.n
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 09 dub 2021 17:19

Re: Prosím o kontrolu, děkuji

#8 Příspěvek od magia.n »

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-04-2021
Ran by hp (10-04-2021 21:29:17) Run:1
Running from C:\Users\hp\Desktop
Loaded Profiles: hp & Kristýna & Martin & Dáda & Týna & Honza
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

C:\Users\hp\AppData\Local\Temp\ardrv.sys
C:\Program Files\Bonjour

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {1e9cd87f-84d2-11e8-829c-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {710ee6b9-6471-11e6-824f-806e6f6e6963} - "F:\START.EXE"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851f3e4-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851fa7b-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1003\...\MountPoints2: {2dd72f34-a7e0-11e6-8260-9cb654edfc7c} - "G:\HTC_Sync_Manager_PC.exe"
Startup: C:\Users\T�na\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-31]
ShortcutTarget: MEGAsync.lnk -> C:\Users\hp\AppData\Local\MEGAsync\MEGAsync.exe (No File)
Task: {98B5F1B2-C300-4E62-B712-4A5CCEC70160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-24] (Google Inc -> Google Inc.)
S3 ardrv; C:\Users\hp\AppData\Local\Temp\ardrv.sys [17224 2018-12-14] (OPSWAT, Inc. -> OPSWAT, Inc.) <==== ATTENTION
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
CustomCLSID: HKU\S-1-5-21-3921397407-2631415318-3197205120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\hp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\T�na\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\T�na\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\T�na\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData:gs5sys [3072]
AlternateDataStreams: C:\Users\All Users:gs5sys [3072]
AlternateDataStreams: C:\Users\D�da:gs5sys [3074]
AlternateDataStreams: C:\Users\hp:gs5sys [2560]
AlternateDataStreams: C:\Users\T�na:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Data aplikac�:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\D�da\Data aplikac�:gs5sys [3074]
AlternateDataStreams: C:\Users\D�da\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\D�da\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\D�da\�ablony:gs5sys [3074]
AlternateDataStreams: C:\Users\D�da\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\D�da\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\D�da\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\D�da\AppData\Local\Data aplikac�:gs5sys [3074]
AlternateDataStreams: C:\Users\D�da\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\D�da\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\hp\Data aplikac�:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Local Settings:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Soubory cookie:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\�ablony:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Desktop\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Roaming:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local\Data aplikac�:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Local\History:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Documents\desktop.ini:gs5sys [2304]
AlternateDataStreams: C:\Users\T�na\Data aplikac�:gs5sys [3074]
AlternateDataStreams: C:\Users\T�na\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\T�na\Soubory cookie:gs5sys [3074]
AlternateDataStreams: C:\Users\T�na\�ablony:gs5sys [3074]
AlternateDataStreams: C:\Users\T�na\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\T�na\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\T�na\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\T�na\AppData\Local\Data aplikac�:gs5sys [3074]
AlternateDataStreams: C:\Users\T�na\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\T�na\Documents\desktop.ini:gs5sys [3074]
FirewallRules: [{D16B523A-2106-4F44-AFC3-64B2DF553A2F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{69721B4D-4AB0-41A0-9637-BBF4B8B02FD5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{CF95D89D-C5B3-4A06-B3DA-5DCA5C087BCF}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{A60F7BC3-B493-46E4-8591-AF8314870BCC}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [{A031FA04-8B22-41E8-A672-839D6B07B6FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13612E65-7774-4466-9A1E-538D294BD439}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{074076B5-6881-4DD6-8431-0AA567C7A212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{22079042-28EB-4524-8976-1D31B731519F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\hp\AppData\Local\Temp\ardrv.sys => moved successfully
C:\Program Files\Bonjour => moved successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => removed successfully
"HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e9cd87f-84d2-11e8-829c-9cb654edfc7c} => removed successfully
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{710ee6b9-6471-11e6-824f-806e6f6e6963} => removed successfully
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e851f3e4-0fa0-11e7-8268-9cb654edfc7c} => removed successfully
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e851fa7b-0fa0-11e7-8268-9cb654edfc7c} => removed successfully
HKU\S-1-5-21-3921397407-2631415318-3197205120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dd72f34-a7e0-11e6-8260-9cb654edfc7c} => removed successfully
"C:\Users\T�na\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk" => not found
"C:\Users\hp\AppData\Local\MEGAsync\MEGAsync.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98B5F1B2-C300-4E62-B712-4A5CCEC70160}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98B5F1B2-C300-4E62-B712-4A5CCEC70160}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\System\CurrentControlSet\Services\ardrv => removed successfully
ardrv => service removed successfully
HKLM\System\CurrentControlSet\Services\Bonjour Service => removed successfully
Bonjour Service => service removed successfully
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
C:\ProgramData => ":gs5sys" ADS removed successfully
"C:\Users\All Users" => ":gs5sys" ADS not found.
"C:\Users\D�da" => ":gs5sys" ADS not found.
C:\Users\hp => ":gs5sys" ADS removed successfully
"C:\Users\T�na" => ":gs5sys" ADS not found.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
"C:\ProgramData\Data aplikac�" => ":gs5sys" ADS not found.
C:\ProgramData\Documents\desktop.ini => ":gs5sys" ADS removed successfully
"C:\Users\D�da\Data aplikac�" => ":gs5sys" ADS not found.
"C:\Users\D�da\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\D�da\Soubory cookie" => ":gs5sys" ADS not found.
"C:\Users\D�da\�ablony" => ":gs5sys" ADS not found.
"C:\Users\D�da\Desktop\desktop.ini" => ":gs5sys" ADS not found.
"C:\Users\D�da\AppData\Local" => ":gs5sys" ADS not found.
"C:\Users\D�da\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\D�da\AppData\Local\Data aplikac�" => ":gs5sys" ADS not found.
"C:\Users\D�da\AppData\Local\History" => ":gs5sys" ADS not found.
"C:\Users\D�da\Documents\desktop.ini" => ":gs5sys" ADS not found.
"C:\Users\hp\Data aplikac�" => ":gs5sys" ADS not found.
C:\Users\hp\Local Settings => ":gs5sys" ADS removed successfully
C:\Users\hp\Soubory cookie => ":gs5sys" ADS removed successfully
"C:\Users\hp\�ablony" => ":gs5sys" ADS not found.
C:\Users\hp\Desktop\desktop.ini => ":gs5sys" ADS removed successfully
"C:\Users\hp\AppData\Local" => ":gs5sys" ADS not found.
C:\Users\hp\AppData\Roaming => ":gs5sys" ADS removed successfully
"C:\Users\hp\AppData\Local\Data aplikac�" => ":gs5sys" ADS not found.
C:\Users\hp\AppData\Local\History => ":gs5sys" ADS removed successfully
C:\Users\hp\Documents\desktop.ini => ":gs5sys" ADS removed successfully
"C:\Users\T�na\Data aplikac�" => ":gs5sys" ADS not found.
"C:\Users\T�na\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\T�na\Soubory cookie" => ":gs5sys" ADS not found.
"C:\Users\T�na\�ablony" => ":gs5sys" ADS not found.
"C:\Users\T�na\Desktop\desktop.ini" => ":gs5sys" ADS not found.
"C:\Users\T�na\AppData\Local" => ":gs5sys" ADS not found.
"C:\Users\T�na\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\T�na\AppData\Local\Data aplikac�" => ":gs5sys" ADS not found.
"C:\Users\T�na\AppData\Local\History" => ":gs5sys" ADS not found.
"C:\Users\T�na\Documents\desktop.ini" => ":gs5sys" ADS not found.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D16B523A-2106-4F44-AFC3-64B2DF553A2F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69721B4D-4AB0-41A0-9637-BBF4B8B02FD5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CF95D89D-C5B3-4A06-B3DA-5DCA5C087BCF}C:\users\hp\desktop\anydesk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A60F7BC3-B493-46E4-8591-AF8314870BCC}C:\users\hp\desktop\anydesk.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A031FA04-8B22-41E8-A672-839D6B07B6FB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13612E65-7774-4466-9A1E-538D294BD439}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{074076B5-6881-4DD6-8431-0AA567C7A212}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22079042-28EB-4524-8976-1D31B731519F}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 61266068 B
Java, Flash, Steam htmlcache => 1901 B
Windows/system/drivers => 287069634 B
Edge => 0 B
Chrome => 287809526 B
Firefox => 24869290 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 3017522 B
NetworkService => 3021292 B
hp => 1857918781 B
Kristýna => 2122426100 B
Martin => 2141285611 B
Dáda => 2239137634 B
Týna => 2687714875 B
Honza => 2688379233 B

RecycleBin => 0 B
EmptyTemp: => 13.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:33:12 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu, děkuji

#9 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

C:\Users\hp\AppData\Local\Temp\ardrv.sys
C:\Program Files\Bonjour

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {1e9cd87f-84d2-11e8-829c-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {710ee6b9-6471-11e6-824f-806e6f6e6963} - "F:\START.EXE"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851f3e4-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851fa7b-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1003\...\MountPoints2: {2dd72f34-a7e0-11e6-8260-9cb654edfc7c} - "G:\HTC_Sync_Manager_PC.exe"
Startup: C:\Users\Týna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-31]
ShortcutTarget: MEGAsync.lnk -> C:\Users\hp\AppData\Local\MEGAsync\MEGAsync.exe (No File)
Task: {98B5F1B2-C300-4E62-B712-4A5CCEC70160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-24] (Google Inc -> Google Inc.)
S3 ardrv; C:\Users\hp\AppData\Local\Temp\ardrv.sys [17224 2018-12-14] (OPSWAT, Inc. -> OPSWAT, Inc.) <==== ATTENTION
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
CustomCLSID: HKU\S-1-5-21-3921397407-2631415318-3197205120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\hp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData:gs5sys [3072]
AlternateDataStreams: C:\Users\All Users:gs5sys [3072]
AlternateDataStreams: C:\Users\Dáda:gs5sys [3074]
AlternateDataStreams: C:\Users\hp:gs5sys [2560]
AlternateDataStreams: C:\Users\Týna:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Data aplikací:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\Dáda\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\Dáda\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\hp\Data aplikací:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Local Settings:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Soubory cookie:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Šablony:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Desktop\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Roaming:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local\Data aplikací:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Local\History:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Documents\desktop.ini:gs5sys [2304]
AlternateDataStreams: C:\Users\Týna\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Soubory cookie:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Documents\desktop.ini:gs5sys [3074]
FirewallRules: [{D16B523A-2106-4F44-AFC3-64B2DF553A2F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{69721B4D-4AB0-41A0-9637-BBF4B8B02FD5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{CF95D89D-C5B3-4A06-B3DA-5DCA5C087BCF}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{A60F7BC3-B493-46E4-8591-AF8314870BCC}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [{A031FA04-8B22-41E8-A672-839D6B07B6FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13612E65-7774-4466-9A1E-538D294BD439}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{074076B5-6881-4DD6-8431-0AA567C7A212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{22079042-28EB-4524-8976-1D31B731519F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST, pricom zvolte Kodovanie na UTF-8 (skopirujte do poznamkoveho bloku -> Subor -> Ulozit ako -> Encoding/Kodovaniee: zvolte UTF-8 -> ulozit).
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

magia.n
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 09 dub 2021 17:19

Re: Prosím o kontrolu, děkuji

#10 Příspěvek od magia.n »

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-04-2021
Ran by hp (10-04-2021 22:36:23) Run:2
Running from C:\Users\hp\Desktop
Loaded Profiles: hp & Kristýna & Martin & Dáda & Týna & Honza
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

C:\Users\hp\AppData\Local\Temp\ardrv.sys
C:\Program Files\Bonjour

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {1e9cd87f-84d2-11e8-829c-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {710ee6b9-6471-11e6-824f-806e6f6e6963} - "F:\START.EXE"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851f3e4-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\...\MountPoints2: {e851fa7b-0fa0-11e7-8268-9cb654edfc7c} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\autorun.exe /auto
HKU\S-1-5-21-3921397407-2631415318-3197205120-1003\...\MountPoints2: {2dd72f34-a7e0-11e6-8260-9cb654edfc7c} - "G:\HTC_Sync_Manager_PC.exe"
Startup: C:\Users\Týna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2019-01-31]
ShortcutTarget: MEGAsync.lnk -> C:\Users\hp\AppData\Local\MEGAsync\MEGAsync.exe (No File)
Task: {98B5F1B2-C300-4E62-B712-4A5CCEC70160} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-24] (Google Inc -> Google Inc.)
S3 ardrv; C:\Users\hp\AppData\Local\Temp\ardrv.sys [17224 2018-12-14] (OPSWAT, Inc. -> OPSWAT, Inc.) <==== ATTENTION
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
CustomCLSID: HKU\S-1-5-21-3921397407-2631415318-3197205120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\hp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData:gs5sys [3072]
AlternateDataStreams: C:\Users\All Users:gs5sys [3072]
AlternateDataStreams: C:\Users\Dáda:gs5sys [3074]
AlternateDataStreams: C:\Users\hp:gs5sys [2560]
AlternateDataStreams: C:\Users\Týna:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Data aplikací:gs5sys [3072]
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\Dáda\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Soubory cookie:gs5sys [2048]
AlternateDataStreams: C:\Users\Dáda\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Dáda\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\hp\Data aplikací:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Local Settings:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Soubory cookie:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Šablony:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\Desktop\desktop.ini:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Roaming:gs5sys [2560]
AlternateDataStreams: C:\Users\hp\AppData\Local\Data aplikací:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\AppData\Local\History:gs5sys [2304]
AlternateDataStreams: C:\Users\hp\Documents\desktop.ini:gs5sys [2304]
AlternateDataStreams: C:\Users\Týna\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Soubory cookie:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Šablony:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local\Data aplikací:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Týna\Documents\desktop.ini:gs5sys [3074]
FirewallRules: [{D16B523A-2106-4F44-AFC3-64B2DF553A2F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [{69721B4D-4AB0-41A0-9637-BBF4B8B02FD5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe => No File
FirewallRules: [TCP Query User{CF95D89D-C5B3-4A06-B3DA-5DCA5C087BCF}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [UDP Query User{A60F7BC3-B493-46E4-8591-AF8314870BCC}C:\users\hp\desktop\anydesk.exe] => (Allow) C:\users\hp\desktop\anydesk.exe => No File
FirewallRules: [{A031FA04-8B22-41E8-A672-839D6B07B6FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13612E65-7774-4466-9A1E-538D294BD439}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{074076B5-6881-4DD6-8431-0AA567C7A212}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{22079042-28EB-4524-8976-1D31B731519F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
"C:\Users\hp\AppData\Local\Temp\ardrv.sys" => not found
"C:\Program Files\Bonjour" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper" => not found
"HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Control Panel\Desktop\\SCRNSAVE.EXE" => not found
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e9cd87f-84d2-11e8-829c-9cb654edfc7c} => not found
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{710ee6b9-6471-11e6-824f-806e6f6e6963} => not found
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e851f3e4-0fa0-11e7-8268-9cb654edfc7c} => not found
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e851fa7b-0fa0-11e7-8268-9cb654edfc7c} => not found
HKU\S-1-5-21-3921397407-2631415318-3197205120-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dd72f34-a7e0-11e6-8260-9cb654edfc7c} => not found
C:\Users\Týna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk => moved successfully
"C:\Users\hp\AppData\Local\MEGAsync\MEGAsync.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98B5F1B2-C300-4E62-B712-4A5CCEC70160}" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
ardrv => service not found.
Bonjour Service => service not found.
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
"C:\ProgramData" => ":gs5sys" ADS not found.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\Dáda => ":gs5sys" ADS removed successfully
"C:\Users\hp" => ":gs5sys" ADS not found.
C:\Users\Týna => ":gs5sys" ADS removed successfully
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
"C:\ProgramData\Data aplikací" => ":gs5sys" ADS not found.
"C:\ProgramData\Documents\desktop.ini" => ":gs5sys" ADS not found.
C:\Users\Dáda\Data aplikací => ":gs5sys" ADS removed successfully
C:\Users\Dáda\Local Settings => ":gs5sys" ADS removed successfully
C:\Users\Dáda\Soubory cookie => ":gs5sys" ADS removed successfully
C:\Users\Dáda\Šablony => ":gs5sys" ADS removed successfully
C:\Users\Dáda\Desktop\desktop.ini => ":gs5sys" ADS removed successfully
"C:\Users\Dáda\AppData\Local" => ":gs5sys" ADS not found.
"C:\Users\Dáda\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\Dáda\AppData\Local\Data aplikací" => ":gs5sys" ADS not found.
C:\Users\Dáda\AppData\Local\History => ":gs5sys" ADS removed successfully
C:\Users\Dáda\Documents\desktop.ini => ":gs5sys" ADS removed successfully
"C:\Users\hp\Data aplikací" => ":gs5sys" ADS not found.
"C:\Users\hp\Local Settings" => ":gs5sys" ADS not found.
"C:\Users\hp\Soubory cookie" => ":gs5sys" ADS not found.
C:\Users\hp\Šablony => ":gs5sys" ADS removed successfully
"C:\Users\hp\Desktop\desktop.ini" => ":gs5sys" ADS not found.
"C:\Users\hp\AppData\Local" => ":gs5sys" ADS not found.
"C:\Users\hp\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\hp\AppData\Local\Data aplikací" => ":gs5sys" ADS not found.
"C:\Users\hp\AppData\Local\History" => ":gs5sys" ADS not found.
"C:\Users\hp\Documents\desktop.ini" => ":gs5sys" ADS not found.
C:\Users\Týna\Data aplikací => ":gs5sys" ADS removed successfully
C:\Users\Týna\Local Settings => ":gs5sys" ADS removed successfully
C:\Users\Týna\Soubory cookie => ":gs5sys" ADS removed successfully
C:\Users\Týna\Šablony => ":gs5sys" ADS removed successfully
C:\Users\Týna\Desktop\desktop.ini => ":gs5sys" ADS removed successfully
"C:\Users\Týna\AppData\Local" => ":gs5sys" ADS not found.
"C:\Users\Týna\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\Týna\AppData\Local\Data aplikací" => ":gs5sys" ADS not found.
C:\Users\Týna\AppData\Local\History => ":gs5sys" ADS removed successfully
C:\Users\Týna\Documents\desktop.ini => ":gs5sys" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D16B523A-2106-4F44-AFC3-64B2DF553A2F}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69721B4D-4AB0-41A0-9637-BBF4B8B02FD5}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CF95D89D-C5B3-4A06-B3DA-5DCA5C087BCF}C:\users\hp\desktop\anydesk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A60F7BC3-B493-46E4-8591-AF8314870BCC}C:\users\hp\desktop\anydesk.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A031FA04-8B22-41E8-A672-839D6B07B6FB}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13612E65-7774-4466-9A1E-538D294BD439}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{074076B5-6881-4DD6-8431-0AA567C7A212}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22079042-28EB-4524-8976-1D31B731519F}" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6452744 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 161504 B
Edge => 0 B
Chrome => 7716761 B
Firefox => 18747767 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4092 B
NetworkService => 4092 B
hp => 24601 B
Kristýna => 24601 B
Martin => 24601 B
Dáda => 24601 B
Týna => 24601 B
Honza => 24601 B

RecycleBin => 0 B
EmptyTemp: => 39.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:37:51 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu, děkuji

#11 Příspěvek od Diallix »

Ok, poprosim o nove logy FRST + ADDITION.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

magia.n
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 09 dub 2021 17:19

Re: Prosím o kontrolu, děkuji

#12 Příspěvek od magia.n »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-04-2021
Ran by hp (administrator) on HP-PC (Hewlett-Packard 500-202ec) (11-04-2021 09:35:25)
Running from C:\Users\hp\Desktop
Loaded Profiles: hp
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() [File not signed] C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Facebook, Inc. -> Facebook) C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe <3>
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe <2>
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsorsp64.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\FsPisces.exe
(F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulprothoster.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(Integrated Device Technology Inc. -> Hewlett-Packard) [File not signed] C:\Program Files\IDT\WDM\Beats64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19750_none_fa39f32f9b2d0928\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Integrated Device Technology Inc. -> Hewlett-Packard) [File not signed]
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.) [File not signed]
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [100580600 2020-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd -> DT Soft Ltd)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Run: [Flvto Youtube Downloader] => "C:\Users\hp\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\hp\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-07] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1004\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Dáda\AppData\Local\Microsoft\Teams\Update.exe [2453656 2021-02-20] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Týna\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-11-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP190 series: C:\Windows\system32\CNMLM9I.DLL [279040 2008-02-25] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-04-01] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-09-04]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-06]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
Startup: C:\Users\Kristýna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-08-13]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)
Startup: C:\Users\Týna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-05-13]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\hp\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook, Inc. -> Facebook)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C9634F6-EF84-42FD-968D-2D8FFDB7CDB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-24] (Google Inc -> Google Inc.)
Task: {38049093-848F-484A-B596-91122766BC91} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {46418CC2-AD3E-42C8-B61A-A0EDD96B3054} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1791712 2021-02-23] (Avast Software s.r.o. -> Avast Software)
Task: {5962DDD7-C251-47F5-A41F-D3B086A94BEA} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3921397407-2631415318-3197205120-1005 => C:\Users\hp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {5FDDE5A0-374C-49FA-A449-67D08C474337} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3921397407-2631415318-3197205120-1004 => {201600d8-6eff-48ce-b842-e14d37a0682d} C:\Windows\System32\wpninprc.dll [62464 2014-10-29] (Microsoft Windows -> Microsoft Corporation)
Task: {606EBC9B-838D-4DC9-A1A3-176EBD4E96B8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {61CB0EAF-BCB5-4FFC-A049-A0806844431D} - System32\Tasks\{8BC24110-F064-4E3E-8B43-F7F2B365943D} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.39.0.102/cs ... rogressBar
Task: {745DDD41-0C2F-4B35-9790-C9F43AEE81DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {7A874B00-1D28-4469-8F38-E329063F23AF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {90E5C152-EED6-4CE2-9402-F22F873CD65A} - System32\Tasks\{3CF151D6-0E18-49D7-BEE3-EE58DB9E3999} => "c:\program files (x86)\mozilla firefox\firefox.exe" https://ui.skype.com/ui/0/7.36.0.101/cs ... rogressBar
Task: {9B233D7B-8809-48EA-B0E0-788AB09DB569} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255104 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {A1C1CF50-EC61-4A45-A2C9-7CEF3EB91909} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498032 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {AED4E2C5-2A93-4EFB-A79A-ADBF421E969A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {B9C16742-5794-4F66-BA5E-160146F69A1B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248760 2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5445726-1F50-4E47-9C2E-246288D0A26D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141168 2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFBF869F-0903-4936-BD94-A5DF0302461A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {FA0E4834-8054-41E0-BC94-C190B8B9A179} - System32\Tasks\F-Secure\F-Secure Hotfix => C:\Program Files (x86)\F-Secure\SAFE\fs_hotfix.exe [308608 2020-11-03] (F-Secure Corporation -> F-Secure Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll => No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{3E1BC311-A25A-499A-85BF-A0ADD9BED33F}: [DhcpNameServer] 10.0.0.138

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-22]
Edge Extension: (Browsing Protection by F-Secure) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2021-02-22]
Edge HKLM\...\Edge\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
Edge HKLM-x32\...\Edge\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]

FireFox:
========
FF DefaultProfile: fag465m9.default
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fag465m9.default [2021-04-10]
FF DownloadDir: C:\Users\hp\Desktop
FF Homepage: Mozilla\Firefox\Profiles\fag465m9.default -> hxxp://seznam.cz/
FF Extension: (YouTube™ Flash® Player) - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fag465m9.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2017-12-04]
FF Extension: (Browsing Protection by F-Secure) - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fag465m9.default\Extensions\ols@f-secure.com.xpi [2021-04-10] [UpdateUrl:hxxps://download.sp.f-secure.com/online-safety/updates.json]
FF Extension: (YouTube High Definition) - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\fag465m9.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2021-02-03]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\hp\AppData\Roaming\mozilla\plugins\npPxPlay.dll [2016-10-11]

Chrome:
=======
CHR Profile: C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default [2021-04-10]
CHR Extension: (Prezentace) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Dokumenty) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Disk Google) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-24]
CHR Extension: (Tabulky) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-18]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2020-10-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-18]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3743464 2021-03-08] (philandro Software GmbH -> philandro Software GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788368 2021-03-29] (Microsoft Corporation -> Microsoft Corporation)
R2 fshoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [244096 2020-11-03] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\SAFE\fshoster32.exe [244096 2020-11-03] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe [623744 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fshoster64.exe [623744 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsorsp64.exe [101248 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulprothoster.exe [623744 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
S3 GameforgeClientService; C:\Program Files (x86)\GameforgeClient\gfservice.exe [568480 2021-01-29] (Gameforge 4D GmbH -> )
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2016-09-20] (Nero AG -> Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [181312 2016-10-11] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiDCM; C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys [28416 2014-03-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [254528 2017-05-04] (DT Soft Ltd -> DT Soft Ltd)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1617700888\fsulgk.sys [361448 2021-04-06] (F-Secure Corporation -> F-Secure Corporation)
R0 fsbts; C:\Windows\System32\drivers\fsbts.sys [58752 2020-12-12] (F-Secure Corporation -> F-Secure Corporation)
R2 fsnif2; C:\Program Files (x86)\F-Secure\SAFE\Ultralight\nif2\1614076011\nif2s64.sys [177672 2021-02-23] (F-Secure Corporation -> F-Secure Corporation)
S3 htcnprot; C:\Windows\system32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (Sqa.com(Test) -> QUALCOMM Incorporated)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [31040 2014-04-29] (IPTS Alisa, OOO -> EldoS Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [551936 2013-11-20] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-10 21:29 - 2021-04-10 22:38 - 000013527 _____ C:\Users\hp\Desktop\Fixlog.txt
2021-04-10 21:24 - 2021-04-10 21:24 - 000000000 _____ C:\Users\hp\Desktop\Nový textový dokument.txt
2021-04-10 16:11 - 2021-04-10 16:17 - 000040980 _____ C:\Users\hp\Desktop\Addition.txt
2021-04-10 16:07 - 2021-04-11 09:37 - 000022259 _____ C:\Users\hp\Desktop\FRST.txt
2021-04-10 16:06 - 2021-04-11 09:36 - 000000000 ____D C:\FRST
2021-04-10 16:04 - 2021-04-10 16:04 - 002297856 _____ (Farbar) C:\Users\hp\Desktop\FRST64.exe
2021-04-10 10:24 - 2021-04-10 10:29 - 000000000 ____D C:\AdwCleaner
2021-04-10 10:23 - 2021-04-10 10:23 - 008534696 _____ (Malwarebytes) C:\Users\hp\Desktop\adwcleaner_8.2.exe
2021-04-09 18:03 - 2021-04-09 18:03 - 000000000 ____D C:\rsit
2021-04-09 18:03 - 2021-04-09 18:03 - 000000000 ____D C:\Program Files\trend micro
2021-04-09 18:02 - 2021-04-09 18:02 - 001222144 _____ C:\Users\hp\Desktop\RSITx64.exe
2021-04-09 10:24 - 2021-04-09 10:24 - 000041555 _____ C:\Users\hp\Desktop\document.pdf
2021-04-08 10:37 - 2021-04-08 10:37 - 000221139 _____ C:\Users\hp\Desktop\CCI0842021.pdf
2021-04-08 10:34 - 2021-04-08 10:34 - 000686342 _____ C:\Users\hp\Desktop\Testergebnis 4.4.2021.pdf
2021-04-08 09:28 - 2021-04-08 09:28 - 000310642 _____ C:\Users\hp\Desktop\dokument-126578343.pdf
2021-04-05 22:49 - 2021-04-09 10:29 - 000000000 ____D C:\Users\hp\Desktop\Nová složka
2021-03-27 10:29 - 2021-04-07 09:48 - 000000000 ____D C:\Users\hp\Desktop\Formulář pro opuštění okresu
2021-03-26 19:50 - 2021-03-28 00:22 - 000011599 _____ C:\Users\hp\Desktop\kšefty.xlsx
2021-03-23 22:55 - 2021-03-23 22:55 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-03-23 21:04 - 2021-04-10 10:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-03-19 11:51 - 2021-03-19 11:51 - 000012317 _____ C:\Users\Týna\Desktop\maturita-cestina-didakticky-test-zaznamovy-arch-2016-jaro.pdf
2021-03-19 11:49 - 2021-03-19 11:49 - 000000000 ____D C:\Users\Týna\AppData\Roaming\ControlCenter4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-11 09:37 - 2016-08-17 14:03 - 000003946 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{FE27802C-E301-419F-B6F7-DD932E6659EB}
2021-04-11 09:34 - 2016-08-19 08:51 - 000000000 __RDO C:\Users\hp\OneDrive
2021-04-10 23:50 - 2019-05-22 20:28 - 000000000 ____D C:\Users\hp\AppData\Roaming\upjers-playground2
2021-04-10 23:50 - 2019-02-06 10:43 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-10 23:50 - 2016-11-17 17:35 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Mozilla
2021-04-10 23:43 - 2020-01-04 12:01 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2021-04-10 23:22 - 2016-08-19 20:13 - 000029838 _____ C:\Users\hp\Desktop\Capi továrny.xlsx
2021-04-10 23:19 - 2021-02-22 21:22 - 000030608 _____ C:\Users\hp\Desktop\C.xlsx
2021-04-10 22:45 - 2016-09-12 15:01 - 000000000 ____D C:\Users\hp\Desktop\Já flash
2021-04-10 22:44 - 2014-03-18 17:33 - 001739092 _____ C:\Windows\system32\PerfStringBackup.INI
2021-04-10 22:44 - 2014-03-18 16:54 - 000733268 _____ C:\Windows\system32\perfh005.dat
2021-04-10 22:44 - 2014-03-18 16:54 - 000148614 _____ C:\Windows\system32\perfc005.dat
2021-04-10 22:44 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2021-04-10 22:40 - 2016-12-25 21:55 - 000000000 ____D C:\Users\hp\AppData\Local\HTC MediaHub
2021-04-10 22:39 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-04-10 22:38 - 2016-08-17 16:28 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-04-10 22:38 - 2013-08-22 15:25 - 001310720 ___SH C:\Windows\system32\config\BBI
2021-04-10 21:31 - 2018-01-03 21:46 - 000000000 ____D C:\Users\hp\AppData\LocalLow\Temp
2021-04-10 11:06 - 2016-08-17 14:05 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921397407-2631415318-3197205120-1001
2021-04-10 10:36 - 2016-11-17 17:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-10 10:31 - 2020-07-06 10:17 - 000002241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-09 18:03 - 2013-08-22 17:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-09 18:01 - 2020-11-02 12:28 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-09 10:32 - 2018-12-21 17:42 - 000000000 ____D C:\Users\hp\AppData\Local\CrashDumps
2021-04-09 10:25 - 2016-08-17 13:59 - 000000000 ____D C:\Users\hp\AppData\Local\Packages
2021-04-09 10:02 - 2018-12-01 22:47 - 000000000 ___RD C:\Users\Týna\OneDrive
2021-04-08 13:45 - 2018-12-08 11:21 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921397407-2631415318-3197205120-1005
2021-04-08 13:35 - 2020-11-02 12:42 - 000003166 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3921397407-2631415318-3197205120-1005
2021-04-08 13:35 - 2020-11-02 12:42 - 000002297 _____ C:\Users\Týna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive pro firmy.lnk
2021-04-08 08:17 - 2021-02-21 19:44 - 000000000 ____D C:\Users\hp\Desktop\Einreiseanmeldungen
2021-04-08 07:03 - 2020-07-06 10:17 - 000003484 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-08 07:03 - 2020-07-06 10:17 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-07 15:49 - 2016-10-12 22:02 - 000000000 ____D C:\Users\hp\AppData\Roaming\vlc
2021-04-07 10:18 - 2020-11-03 08:54 - 000002288 _____ C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-04-07 10:18 - 2020-11-03 08:54 - 000002280 _____ C:\Users\hp\Desktop\Microsoft Teams.lnk
2021-04-02 20:45 - 2016-08-19 08:59 - 000000000 ____D C:\Users\hp\Desktop\Dokumenty
2021-04-01 11:03 - 2017-07-24 17:31 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-25 15:46 - 2020-02-02 15:04 - 000003954 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{81B1C48C-D8AD-45EC-8E79-F2FAB85A011D}
2021-03-23 23:59 - 2020-05-22 11:45 - 000000000 ____D C:\Users\hp\Desktop\Uptasia
2021-03-23 22:55 - 2016-08-18 16:47 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-21 22:19 - 2020-04-27 19:50 - 000000000 ____D C:\Users\hp\Desktop\Sken
2021-03-19 18:20 - 2020-06-12 20:35 - 000000000 ____D C:\Users\hp\AppData\Roaming\Disc-Soft
2021-03-19 18:20 - 2020-06-12 20:34 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-03-19 18:19 - 2016-09-13 11:51 - 000000000 ____D C:\Users\hp\AppData\Roaming\Canon
2021-03-16 08:38 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-16 08:38 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\AppReadiness
2021-03-16 08:30 - 2016-11-19 19:06 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3921397407-2631415318-3197205120-1004
2021-03-16 08:29 - 2016-11-19 19:02 - 000003954 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{082B1CEA-011E-407D-BC94-120E222088B1}
2021-03-13 17:01 - 2016-08-17 14:05 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-12 20:25 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2021-03-12 18:16 - 2013-08-22 17:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-12 09:12 - 2013-08-22 16:44 - 000722128 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories ========

2019-11-29 22:56 - 2020-01-05 11:14 - 000004749 _____ () C:\Users\hp\AppData\Roaming\downloads.json

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-04-09 08:54
==================== End of FRST.txt ========================

magia.n
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 09 dub 2021 17:19

Re: Prosím o kontrolu, děkuji

#13 Příspěvek od magia.n »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-04-2021
Ran by hp (11-04-2021 09:39:50)
Running from C:\Users\hp\Desktop
Windows 8.1 (Update) (X64) (2016-08-17 11:59:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3921397407-2631415318-3197205120-500 - Administrator - Disabled)
Dáda (S-1-5-21-3921397407-2631415318-3197205120-1004 - Limited - Enabled) => C:\Users\Dáda
Guest (S-1-5-21-3921397407-2631415318-3197205120-501 - Limited - Disabled)
Honza (S-1-5-21-3921397407-2631415318-3197205120-1006 - Limited - Enabled) => C:\Users\Honza
hp (S-1-5-21-3921397407-2631415318-3197205120-1001 - Administrator - Enabled) => C:\Users\hp
Kristýna (S-1-5-21-3921397407-2631415318-3197205120-1002 - Administrator - Enabled) => C:\Users\Kristýna
Martin (S-1-5-21-3921397407-2631415318-3197205120-1003 - Administrator - Enabled) => C:\Users\Martin
Týna (S-1-5-21-3921397407-2631415318-3197205120-1005 - Limited - Enabled) => C:\Users\Týna

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: F-Secure SAFE (Enabled - Up to date) {01EEC97C-28E5-34E7-6F5F-47CED8192856}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: F-Secure SAFE (Enabled - Up to date) {BA8F2898-0EDF-3B69-55EF-7CBCA39E62EB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.3 - philandro Software GmbH)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 3.03 (HKLM-x32\...\Ashampoo Photo Optimizer 3_is1) (Version: 3.0.3 - ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-1610W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
CDRoller version 10.60 (HKLM-x32\...\CDRoller_is1) (Version: 10.60 - Digital Atlantic Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
FastStone Image Viewer 5.7 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.7 - FastStone Soft)
F-Secure SAFE (HKLM-x32\...\{46B8A013-32EE-4158-A401-E25B63FE5D28}) (Version: 17.9 - F-Secure Corporation)
Gameforge Client (HKLM-x32\...\{d3b2a0c1-f0d0-4888-ae0b-1c5e1febdafb}_is1) (Version: 2.1.22.784 - Gameforge)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.77.0 - HTC)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{6B5E1BB0-7219-47AC-AA8C-9C2C9950E1E5}) (Version: 12.10.10.2 - Apple Inc.)
K-Lite Codec Pack (64-bit) v3.6.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 3.6.0 - )
Krvavá Kassandra - Sběratelská edice (HKLM-x32\...\{Krvava Kassandra - Sberatelska edice}_is1) (Version: - Spidla Data Processing, s.r.o.)
LibreOffice 6.3.5.2 (HKLM\...\{9FEFBA80-8687-4AC1-83F7-3CD3E9BAF275}) (Version: 6.3.5.2 - The Document Foundation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13901.20336 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.75 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3921397407-2631415318-3197205120-1004\...\Teams) (Version: 1.4.00.2879 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\...\Teams) (Version: 1.3.00.21759 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation)
Mozilla Firefox 87.0 (x64 cs) (HKLM\...\Mozilla Firefox 87.0 (x64 cs)) (Version: 87.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
NosTale (HKLM-x32\...\{dd4e22d6-00d1-44b9-8126-d8b40e0cd7c9}) (Version: - Gameforge)
NosTale cs-CZ (HKLM-x32\...\{dd4e22d6-00d1-44b9-8126-d8b40e0cd7c9.cs-CZ}) (Version: - Gameforge)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Prázdnota (HKLM-x32\...\{Prazdnota}_is1) (Version: - Spidla Data Processing, s.r.o.)
ProShow Gold (HKLM-x32\...\ProShow Gold) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Scooby-Doo(TM), Case File #2 The Scary Stone Dragon (HKLM-x32\...\Scooby-Doo(TM), Case File #2 The Scary Stone Dragon) (Version: - )
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Tajemství šesti moří (HKLM-x32\...\{Tajemstvi sesti mori}_is1) (Version: - Spidla Data Processing, s.r.o.)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
upjers Home 2.1.62 (HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\{e2446448-09eb-5b1b-84b1-6746557362e3}) (Version: 2.1.62 - upjers GmbH)
upjers Playground 2.0.98 (HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\e2446448-09eb-5b1b-84b1-6746557362e3) (Version: 2.0.98 - upjers GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Záchvěv - Ztracená stopařka v1.0 (HKLM-x32\...\{Zachvev - Ztracena stoparka}_is1) (Version: - Špidla Data Processing, s.r.o.)
Zloději duší v1.0 (HKLM-x32\...\{Zlodeji dusi}_is1) (Version: - Špidla Data Processing, s.r.o.)

Packages:
=========
2020: My Country -> C:\Program Files\WindowsApps\0EB8BD08.2020MyCountry_2.9.0.389_x86__erk4rrwmt7jyt [2018-11-29] (GAME INSIGHT GLOBAL LIMITED)
Člověče, nezlob se! Lite -> C:\Program Files\WindowsApps\b-interaktiveGmbH.DontgetangryFREE_1.3.0.11_x64__qbsg90x8tpqqt [2018-05-01] (b-interaktive GmbH) [MS Ad]
Happy Chef -> C:\Program Files\WindowsApps\Nordcurrent.HappyChef_1.0.0.5_x86__m9bz608c1b9ra [2017-09-01] (Nordcurrent)
Hidden City®: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.16.1700.0_x86__ytsefhwckbdv6 [2018-11-29] (G5 Entertainment AB)
Hry -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-03-18] (Microsoft Corporation) [MS Ad]
Hudba -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
Kids' Puzzles -> C:\Program Files\WindowsApps\AboutFun.KidsPuzzles_1.5.0.0_neutral__3bmcbs85sh38e [2016-08-19] (About Fun)
Krtkova skládačka -> C:\Program Files\WindowsApps\SiliconJelly.LittleMolesPuzzle_1.1.0.0_x86__6v809z49xp5gp [2016-08-19] (Silicon Jelly s.r.o.)
Magic Jigsaw Puzzles -> C:\Program Files\WindowsApps\XIMADINC.MAGICPUZZLES_3.11.6.0_x64__np8fj6akx2czy [2021-03-12] (ZiMAD) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.9.1911.0_x86__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.10.1812.2002_x86__8wekyb3d8bbwe [2019-02-02] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-07-27] (Microsoft Studios) [MS Ad]
MSN Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Gurmánský svět -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Zdraví a fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
MSN Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]
Pexeso pro děti -> C:\Program Files\WindowsApps\AboutFun.KidsPuzzlesMemoryGame_1.0.0.4_neutral__3bmcbs85sh38e [2016-08-19] (About Fun)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2016-08-18] (Skype) [MS Ad]
Spider Solitaire ! -> C:\Program Files\WindowsApps\41544BlastOffGames.SpiderSolitaire_1.0.0.15_neutral__qy5fmezmgqez0 [2021-03-14] (Blast Off Games Solitaire Tetris Flappy Bird) [MS Ad]
Taptiles -> C:\Program Files\WindowsApps\Microsoft.Taptiles_2.6.288.0_x86__8wekyb3d8bbwe [2018-10-25] (Microsoft Studios) [MS Ad]
TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2019-03-16] (vasetest101)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2016-08-18] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3921397407-2631415318-3197205120-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\hp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [F-Secure DataGuard Icon Overlay] -> {CA789262-D278-40F7-AC12-19C0395F9DD9} => C:\Program Files (x86)\F-Secure\SAFE\FsShellExtension64.dll [2020-11-03] (F-Secure Corporation -> F-Secure Corporation)
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [136704 2010-06-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-05-01 10:23 - 2020-05-01 10:23 - 000774656 _____ () [File not signed] [File is in use] C:\Users\hp\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 001184256 _____ () [File not signed] [File is in use] C:\Users\hp\AppData\Local\Facebook\Games\CefSharp.Core.dll
2021-03-10 14:43 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 071641088 _____ () [File not signed] C:\Users\hp\AppData\Local\Facebook\Games\libcef.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 000078848 _____ () [File not signed] C:\Users\hp\AppData\Local\Facebook\Games\libegl.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 003149824 _____ () [File not signed] C:\Users\hp\AppData\Local\Facebook\Games\libglesv2.dll
2021-03-10 14:44 - 2008-08-18 19:27 - 000122880 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2021-03-10 14:44 - 2013-06-12 20:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2021-03-10 14:44 - 2011-02-28 12:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2021-03-10 14:44 - 2013-10-10 22:55 - 002040320 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2021-03-10 14:44 - 2014-05-22 20:12 - 000137728 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2021-03-10 14:44 - 2014-02-06 22:13 - 000083968 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2021-03-10 14:44 - 2014-02-06 22:13 - 017904640 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2021-03-10 14:44 - 2014-01-09 18:36 - 000082944 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLCze.dll
2016-09-13 11:16 - 2008-02-25 20:00 - 000279040 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLM9I.DLL
2021-04-10 23:43 - 2021-04-10 23:43 - 000394240 _____ (Google Inc.) [File not signed] C:\Program Files (x86)\AnyDesk\gcapi.dll
2020-05-01 10:23 - 2020-05-01 10:23 - 000433664 _____ (The Chromium Authors) [File not signed] C:\Users\hp\AppData\Local\Facebook\Games\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seznam.cz/
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
HKU\S-1-5-21-3921397407-2631415318-3197205120-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?OCID=IE11FREDHP&PC=UF01
HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/cs-cz/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\Ultralight\http\1617091255\browser\fs_ie_https\fs_ie_https64.dll [2021-03-30] (F-Secure Corporation -> F-Secure Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\F-Secure\SAFE\Ultralight\http\1617091255\browser\fs_ie_https\fs_ie_https.dll [2021-03-30] (F-Secure Corporation -> F-Secure Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2018-11-15 19:53 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3921397407-2631415318-3197205120-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kristýna\Desktop\6b82acef054a3494cc28dda3372c28ca956a9bcb_hq.jpg
HKU\S-1-5-21-3921397407-2631415318-3197205120-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3921397407-2631415318-3197205120-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3921397407-2631415318-3197205120-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3921397407-2631415318-3197205120-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Síť Ethernet: HTC NDIS Protocol Driver -> ms_ndisprot (enabled)
Síťové připojení Bluetooth 2: HTC NDIS Protocol Driver -> ms_ndisprot (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3921397407-2631415318-3197205120-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B29C2BD4-8F80-4DF9-BAE8-F485B5BFE171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5BD88E11-C6B0-4BAE-94C8-CBE056C4F582}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{09A460E3-DB0C-41F1-A37E-31759B83CE4F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{D0A05147-DE7A-4683-9D67-E232C7AFDB50}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{2A592CCF-B699-4C35-A9B5-11F7170FD095}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{862DC9D8-2975-48F2-B819-59B0C2E96E02}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7D385A94-324A-470E-8099-65DC4A980E73}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe (Nero AG -> )
FirewallRules: [{994CBD9A-5F24-42EA-9755-8399779B5E57}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{903B7BB2-A0F0-404F-9685-94CC081F178A}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe (Apowersoft Ltd.) [File not signed]
FirewallRules: [{B4B5B911-B111-409E-9651-5B8A0903CC08}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManager.exe (Apowersoft Ltd.) [File not signed]
FirewallRules: [{9544F145-EDA4-44C4-938A-7BBAA9D5F6AF}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{2AFE3AF3-EDD9-4343-8D1E-870A2C76FC63}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerManager\ApowerManagerCoreServices.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{8174C7AE-05FA-4E65-97D8-AA71BE43EE95}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{88A29561-FD36-4D81-A765-D0E3C87C68B0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B28DEB3D-C663-48B3-9EB2-5DA860C51EEB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7B0E6AD7-C3EE-442D-B110-EDBBE85F4D73}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{438B6A4C-A889-48F6-A45C-0C2E8A1758CC}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{9B676265-C13B-4CAC-8BFE-B9A330F0FD95}C:\users\hp\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\hp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B2E70E01-C3EA-4FDD-AD29-83E9F438580E}C:\users\hp\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\hp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CDF630BD-3447-466E-AF7F-38FF4865E193}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B7EB5888-527B-4419-B0E8-23EC5806E00A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7A2BE56D-28FE-4756-B0DA-6994315E3732}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{64A34DCF-25C7-48CE-9221-0C3557B3D2D9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{5CA89B5A-6E26-4728-BA6B-2C2F6F4C78E6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{0B336731-C466-49B3-B3E4-27B992FAF19F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{4CC62904-31DB-42A9-A3BB-90B58A9584D0}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{8D6F00C5-EFFF-42DC-962B-45DC0C28A103}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)

==================== Restore Points =========================

26-03-2021 09:51:39 Naplánovaný kontrolní bod
02-04-2021 10:46:00 Naplánovaný kontrolní bod
10-04-2021 11:07:03 Windows Update
10-04-2021 21:29:22 Restore Point Created by FRST
10-04-2021 22:36:30 Restore Point Created by FRST

==================== Faulty Device Manager Devices ============

Name: DAEMON Tools Lite Virtual USB Bus
Description: DAEMON Tools Lite Virtual USB Bus
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Disc Soft Ltd
Service: dtliteusbbus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: DAEMON Tools Lite Virtual SCSI Bus
Description: DAEMON Tools Lite Virtual SCSI Bus
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Disc Soft Ltd
Service: dtlitescsibus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: ========================

Application errors:
==================
Error: (04/10/2021 10:36:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {0a2c0473-bab9-4f04-84e4-7e82b5545b8e}

Error: (04/10/2021 09:31:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: fseventhistory.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.AccessViolationException
na FSecure.Api.EventHistory.ReleaseUnmanagedResources()
na FSecure.Api.EventHistory.Finalize()

Error: (04/10/2021 06:58:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program MagicPuzzles.exe verze 0.0.0.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 18ec

Čas spuštění: 01d72e1481a6cecc

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\XIMADINC.MAGICPUZZLES_3.11.6.0_x64__np8fj6akx2czy\MagicPuzzles.exe

ID hlášení: f5a52d3f-9a1d-11eb-830f-001a7dda7111

Úplný název chybujícího balíčku: XIMADINC.MAGICPUZZLES_3.11.6.0_x64__np8fj6akx2czy

ID aplikace související s chybujícím balíčkem: App

Error: (04/10/2021 06:58:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HP-PC)
Description: Balíček XIMADINC.MAGICPUZZLES_3.11.6.0_x64__np8fj6akx2czy+App se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (04/10/2021 10:20:45 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 11:28:41 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 11:28:41 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (04/09/2021 11:28:41 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed


System errors:
=============
Error: (04/10/2021 10:36:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba F-Secure Hoster byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (04/10/2021 10:36:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (04/10/2021 10:36:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba F-Secure Hoster (Restricted) byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (04/10/2021 10:36:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba F-Secure Ultralight ORSP Client byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (04/10/2021 10:36:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba F-Secure Ultralight Protected Hoster byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (04/10/2021 10:36:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HTCMonitorService byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/10/2021 10:36:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Internet Pass-Through Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (04/10/2021 10:36:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ScsiAccess byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
================
Date: 2018-09-24 14:25:29.666
Description:
Prohledávání Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80073aba
Popis chyby: Prostředek je zastaralý, a proto není kompatibilní.
Verze podpisu: 1.155.266.0;1.155.266.0
Verze modulu: 1.1.9700.0

==================== Memory info ===========================

BIOS: AMI 80.52 11/11/2014
Motherboard: MSI 2AE0
Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 7349.03 MB
Available physical RAM: 5293.26 MB
Total Virtual: 8821.03 MB
Available Virtual: 6819.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:919.55 GB) (Free:672.39 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:10.44 GB) (Free:10.39 GB) NTFS

\\?\Volume{8d15af40-5d21-4f89-93f2-9c89f599c245}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.73 GB) NTFS
\\?\Volume{e43af091-bafa-40a3-b638-7668b888e7a0}\ (Obnovení) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4F4578C4)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: Prosím o kontrolu, děkuji

#14 Příspěvek od Diallix »

Dobre.

Urobime posledne docistenie:

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

Task: {745DDD41-0C2F-4B35-9790-C9F43AEE81DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST, pricom zvolte Kodovanie na UTF-8 (skopirujte do poznamkoveho bloku -> Subor -> Ulozit ako -> Encoding/Kodovaniee: zvolte UTF-8 -> ulozit).
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

magia.n
Návštěvník
Návštěvník
Příspěvky: 15
Registrován: 09 dub 2021 17:19

Re: Prosím o kontrolu, děkuji

#15 Příspěvek od magia.n »

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-04-2021
Ran by hp (11-04-2021 12:04:49) Run:3
Running from C:\Users\hp\Desktop
Loaded Profiles: hp
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {745DDD41-0C2F-4B35-9790-C9F43AEE81DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{745DDD41-0C2F-4B35-9790-C9F43AEE81DC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{745DDD41-0C2F-4B35-9790-C9F43AEE81DC}" => removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File => Error: No automatic fix found for this entry.
ShellIconOverlayIdentifiers-x32-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Týna\AppData\Local\MEGAsync\ShellExtX32.dll -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully

==== End of Fixlog 12:04:49 ====

Reboot neproběhl.

Zamčeno