Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosím o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
bonapart
Návštěvník
Návštěvník
Příspěvky: 87
Registrován: 27 zář 2008 20:43

prosím o kontrolu logu

#1 Příspěvek od bonapart »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by aaa (administrator) on DESKTOP-1JNUR2R (ATComputers COMFOR DIABLO I65) (05-05-2021 21:14:19)
Running from C:\Users\aaa\Desktop
Loaded Profiles: defaultuser0 & aaa
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewch.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\mfeatp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Firewall\mfefw.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfetp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\aaa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.963_none_e7400f2b262ca554\TiWorker.exe
(OORT inc. -> oh!soft) C:\Program Files (x86)\oCam\oCamTask.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_291\bin\javaw.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vicamon.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vmonproc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IMMON] => C:\Program Files (x86)\IM Magician\Vicamon.exe [143360 2010-09-28] (Vimisoft Studio) [File not signed]
HKLM-x32\...\Run: [IMMONSUPPORT] => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2020-07-10] (Hammer & Chisel Inc. -> Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [654112 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
HKLM-x32\...\Run: [EpicPen] => C:\Program Files (x86)\Epic Pen\EpicPen.exe [779152 2020-02-20] (Tank Studios LTD -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-08-03] (Nero AG -> Nero AG)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [Discord] => C:\Users\aaa\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\XRXS1PC: C:\Windows\System32\spool\prtprocs\x64\xrxs1pc.dll [33792 2007-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\PJLMON.DLL [24064 2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\XRXS1 Langmon: C:\WINDOWS\system32\xrxs1l6.dll [22016 2007-03-23] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-27] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2504594E-DEC7-4257-BB7A-E5A3D2BCBB9A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {476FD06C-9440-43D5-B420-27FEDC5AE2F1} - System32\Tasks\G2MUploadTask-S-1-5-21-2905597249-1629462600-326273939-1001 => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {71C37E72-5579-4A38-A6E8-566DD5108E9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7257B0EB-FF5C-4072-8F68-9AD114EF6407} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {81795AC2-BBFA-40A9-B4C2-C1A162AC9B67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {86CEED45-B85C-46AE-9FE1-A62CB3214947} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {889AA1FF-880D-4D3B-AF59-A8BDD327FD9D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2905597249-1629462600-326273939-1001 => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {8CC33937-8F53-4729-81C3-ABAFC08B1D3D} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\Engine\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-06] (McAfee, Inc. -> McAfee, LLC.)
Task: {9EF66458-5B74-4E85-A5D2-24D4E8F1C6E5} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {BD5D8378-F11C-4D37-A816-E2F1D77F855F} - System32\Tasks\oCamTask => C:\Program Files (x86)\oCam\oCamTask.exe [148816 2019-09-06] (OORT inc. -> oh!soft)
Task: {C39432B3-5517-49C8-8ACD-F0173769553F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {DB4CBE4B-5881-49C0-9E39-BB296E2059F9} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {DFC4141C-1D5B-4C24-B902-9C7F22207E4C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{14b0b5df-90a9-4ebf-9aed-aaa7b8c0f122}: [DhcpNameServer] 10.0.0.138

Edge:
=======
DownloadDir: C:\Users\aaa\Desktop
Edge HomeButtonPage: HKU\S-1-5-21-2905597249-1629462600-326273939-1001 -> hxxp://www.seznam.cz/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\aaa\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-05]
Edge DownloadDir: C:\Users\aaa\Desktop
Edge HomePage: Default -> hxxp://www.seznam.cz/
Edge StartupUrls: Default -> "hxxps://google.com/"
Edge Session Restore: Default -> is enabled.

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-11-13] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Extension: (McAfee Endpoint Security Web Control) - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi [2019-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default [2021-05-05]
CHR DownloadDir: C:\Users\aaa\Desktop
CHR Notifications: Default -> hxxps://app.cryptokingdom.tech
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-30]
CHR Extension: (Dokumenty) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-30]
CHR Extension: (Disk Google) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-08-30]
CHR Extension: (YouTube) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-30]
CHR Extension: (Tabulky) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-21]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2021-04-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-16]
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-08]
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mcchplg.crx [2019-10-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [241456 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [179552 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [956760 2020-11-13] () [File not signed]
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [261640 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R2 mfewc; C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe [319792 2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2017-06-05] (Sony Mobile Communications AB -> Sony Mobile Communications)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [107440 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2020-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfeepmpk; C:\WINDOWS\System32\drivers\mfeepmpk.sys [226432 2020-10-14] (McAfee, Inc. -> McAfee, LLC.)
S3 MfeEpNfcp; C:\WINDOWS\System32\drivers\MfeEpNfcp.sys [79440 2021-04-06] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfehck; C:\WINDOWS\System32\drivers\mfehck.sys [89520 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [563640 2020-10-14] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107448 2020-10-14] (McAfee, Inc. -> McAfee LLC.)
R1 mfenlfk; C:\WINDOWS\system32\DRIVERS\mfenlfk.sys [82352 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49544 2021-03-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [420088 2021-03-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-11] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-05 20:57 - 2021-05-05 21:15 - 000021852 _____ C:\Users\aaa\Desktop\FRST.txt
2021-05-05 20:56 - 2021-05-05 21:12 - 000000000 ____D C:\FRST
2021-05-05 20:44 - 2021-05-05 20:45 - 002298368 _____ (Farbar) C:\Users\aaa\Desktop\FRST64.exe
2021-05-05 19:49 - 2021-05-05 21:17 - 1577254472 _____ C:\Users\aaa\Desktop\McMafie 8z8 (mafiánský seriál McMafia GB-USA 2018, audio CZ+EN, tit. CZ, 1080p) JackRIPper.ts.8806325895796533264.part
2021-05-05 18:39 - 2021-05-05 18:40 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2021-05-05 16:42 - 2021-05-05 21:14 - 000000000 ____D C:\Users\aaa\Desktop\mt4 a
2021-05-05 16:16 - 2021-05-05 19:16 - 000000390 _____ C:\Users\aaa\Desktop\tdPanel1.csv
2021-05-05 16:16 - 2021-05-05 16:44 - 000000484 _____ C:\Users\aaa\Desktop\tdPanel.csv
2021-05-03 08:37 - 2021-05-04 16:37 - 000000000 ____D C:\Users\aaa\Desktop\MOJE OBCHODY
2021-05-03 08:37 - 2021-05-04 09:14 - 000000000 ____D C:\Users\aaa\Desktop\Standa škola
2021-04-30 19:35 - 2021-05-02 17:57 - 000016490 _____ C:\Users\aaa\Desktop\divergence.xlsx
2021-04-30 19:03 - 2020-12-29 18:04 - 000054272 _____ C:\Users\aaa\Desktop\DENÍK Purple.xls
2021-04-30 18:47 - 2020-10-11 17:37 - 000013004 _____ C:\Users\aaa\Desktop\obchodni-denik-sablona.xlsx
2021-04-30 18:47 - 2020-09-13 11:05 - 000040960 _____ C:\Users\aaa\Desktop\tabulka obchodni denik - sablona.xls
2021-04-30 18:39 - 2021-04-30 18:39 - 000000000 _____ C:\Users\aaa\Desktop\DENIK NA HODANA A poslat adamovi.txt
2021-04-29 12:12 - 2021-04-29 12:12 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2021-04-20 21:17 - 2021-04-20 21:17 - 000001458 _____ C:\Users\aaa\Desktop\Korelace Ondry – zástupce.lnk
2021-04-17 16:21 - 2021-04-17 16:21 - 000000892 _____ C:\Users\aaa\Desktop\MT 4 A ZÁLOHA – zástupce.lnk
2021-04-17 16:19 - 2021-04-17 16:19 - 000002042 _____ C:\Users\aaa\Desktop\AE91483A2C1AB18F5CE478007E23752E – zástupce.lnk
2021-04-17 16:07 - 2021-04-17 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purple Trading MT4 A
2021-04-17 16:07 - 2021-04-17 16:07 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4 A
2021-04-14 07:37 - 2021-04-14 07:37 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2021-04-13 22:36 - 2021-04-13 22:36 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-13 22:34 - 2021-04-13 22:34 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-13 22:34 - 2021-04-13 22:34 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-13 21:07 - 2021-04-13 21:07 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2021-04-13 20:49 - 2021-04-13 20:49 - 000000000 ____D C:\WINDOWS\PCHEALTH

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-05 21:06 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-05 20:15 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-05 20:14 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-05 19:49 - 2020-11-22 19:33 - 000000000 ____D C:\Users\aaa\AppData\Roaming\EpicPen
2021-05-05 18:45 - 2017-10-01 17:18 - 000000000 ____D C:\Program Files\CCleaner
2021-05-05 18:45 - 2016-12-02 22:53 - 000000000 ___RD C:\Users\aaa\OneDrive
2021-05-05 18:42 - 2020-10-15 23:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-05 18:42 - 2020-10-15 22:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-05 18:41 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-05 16:20 - 2020-10-15 23:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-05-05 12:46 - 2020-10-15 22:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-05 11:23 - 2018-02-06 15:10 - 000000000 ____D C:\Users\aaa\AppData\Roaming\Telegram Desktop
2021-05-04 09:36 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-04 09:36 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-02 17:41 - 2020-05-08 16:07 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-30 18:55 - 2018-11-25 23:40 - 000000000 ___HD C:\Users\aaa\Desktop\ACRCallsBackup
2021-04-30 09:47 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-29 09:43 - 2020-10-15 23:45 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2905597249-1629462600-326273939-1001
2021-04-29 09:42 - 2020-10-15 22:59 - 000002400 _____ C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-27 16:27 - 2017-09-12 18:44 - 000000000 ____D C:\Users\aaa\AppData\Roaming\vlc
2021-04-27 14:57 - 2019-07-30 23:28 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-26 09:42 - 2020-10-16 00:21 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a337560a0dc6
2021-04-26 09:42 - 2020-10-15 23:45 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-24 17:43 - 2020-10-15 23:12 - 001693204 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-24 17:43 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-04-24 17:43 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-04-23 14:16 - 2017-08-02 13:16 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-21 21:11 - 2020-08-23 15:52 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-21 14:50 - 2020-10-15 23:45 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 14:50 - 2020-10-15 23:45 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-21 12:11 - 2018-03-25 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-04-21 12:11 - 2018-03-25 12:44 - 000000000 ____D C:\Program Files (x86)\Java
2021-04-21 12:09 - 2018-03-25 12:45 - 000164640 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-04-17 16:25 - 2017-08-11 21:45 - 000000000 ___RD C:\Users\aaa\Desktop\NÁSTROJE
2021-04-17 16:04 - 2019-04-28 18:38 - 000000000 ____D C:\Users\aaa\AppData\Roaming\MetaQuotes
2021-04-13 22:51 - 2020-10-15 22:54 - 000442920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-13 22:46 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-13 22:33 - 2020-10-15 23:00 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-13 21:10 - 2020-03-16 18:03 - 000000654 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2905597249-1629462600-326273939-1001.job
2021-04-13 21:10 - 2020-03-16 18:03 - 000000558 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2905597249-1629462600-326273939-1001.job
2021-04-13 20:54 - 2016-12-03 00:25 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-13 20:54 - 2016-12-03 00:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-13 20:49 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-12 09:56 - 2020-10-23 19:29 - 000000000 ____D C:\Program Files\Admiral Markets MT5
2021-04-06 03:12 - 2020-10-14 18:31 - 000079440 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\MfeEpNfcp.sys

==================== Files in the root of some directories ========

2019-05-28 11:03 - 2019-06-23 19:51 - 000004608 _____ () C:\Users\aaa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-13 21:20 - 2017-09-13 21:20 - 000000017 _____ () C:\Users\aaa\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by aaa (05-05-2021 21:18:07)
Running from C:\Users\aaa\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2020-10-15 21:47:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

aaa (S-1-5-21-2905597249-1629462600-326273939-1001 - Administrator - Enabled) => C:\Users\aaa
Administrator (S-1-5-21-2905597249-1629462600-326273939-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2905597249-1629462600-326273939-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2905597249-1629462600-326273939-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2905597249-1629462600-326273939-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2905597249-1629462600-326273939-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Endpoint Security (Enabled - Up to date) {A37DD4B2-BDFF-70DA-DE19-9F9927D6940F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Endpoint Security (Enabled) {9B465597-F790-7182-F546-36ACD905D374}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.11 (HKLM-x32\...\{26CB5429-1141-40FC-A7AA-F13AC1458D10}) (Version: 4.11.3.3420 - Open Media LLC)
Admiral Markets MT5 (HKLM\...\Admiral Markets MT5) (Version: 5.00 - MetaQuotes Software Corp.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
ANTSvc version 1.0.0.0 (HKLM-x32\...\ANTSvc_is1) (Version: 1.0.0.0 - ANTSvc)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
Discord (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: v3.9.29.0 - TANK Studios LTD)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
IM Magician (HKLM-x32\...\{A5742726-2180-4253-83A7-53558486A7A2}) (Version: 1.00.0001 - Vimisoft Studio)
Intel(R) Computing Improvement Program (HKLM\...\{848F0123-CF5D-4192-90EC-A6574D8B1796}) (Version: 2.4.06522 - Intel Corporation)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 291 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
McAfee Agent (HKLM\...\{F01CC7C9-9545-494A-9A8E-F52037F8BE8E}) (Version: 5.6.1.308 - McAfee, Inc.) Hidden
McAfee Agent (HKLM-x32\...\McAfeeAgent) (Version: 5.6.1.308 - McAfee, Inc.)
McAfee Data Exchange Layer for MA (HKLM\...\{FEE8AD9B-C4D7-4F07-89AC-88C28E2B8809}) (Version: 5.0.10249.0 - McAfee LLC) Hidden
McAfee Data Exchange Layer for MA (HKLM-x32\...\{a3f1e826-e1b0-460f-8113-6624beacab1b}) (Version: 5.0.1.249 - McAfee LLC) Hidden
McAfee Endpoint Security Adaptive Threat Protection (HKLM\...\{377DA1C7-79DE-4102-8DB7-5C2296A3E960}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Firewall (HKLM\...\{6F88C6E9-CAD0-4D03-99E1-161383F9AD6F}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Platform (HKLM\...\{B16DE18D-4D5D-45F8-92BD-8DC17225AFD8}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Threat Prevention (HKLM\...\{820D7600-089E-486B-860F-279B8119A893}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Web Control (HKLM\...\{5974413A-8D95-4D64-B9EE-40DF28186445}) (Version: 10.7.0 - McAfee, LLC.)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}) (Version: 8.0.182 - Nero AG)
NQuotes (HKLM-x32\...\NQuotes) (Version: 1.13 - Brainroom Ltd.)
oCam 버전 515.0 (HKLM-x32\...\oCam_is1) (Version: 515.0 - hxxp://ohsoft.net/)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4 A) (Version: 4.00 - MetaQuotes Ltd.)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4) (Version: 4.00 - MetaQuotes Software Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Slovník Verdict Free (a internetový překladač) (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Verdict Free) (Version: - )
Sonic Foundry Sound Forge 6.0a (HKLM-x32\...\{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}) (Version: 6.0.150 - Sonic Foundry)
Telegram Desktop version 2.7.4 (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.4 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
Video Viewer (HKLM-x32\...\Video Viewer) (Version: 0.1.9.7 - AVTECH Corporation, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VSO Downloader 5.1.1.69 (HKLM-x32\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.1.1.69 - VSO Software)
VSO Image Resizer 1.3.4d (HKLM-x32\...\VSO Image Resizer_is1) (Version: 1.3.4d - VSO-Software)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.157 - McAfee, LLC)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}) (Version: 1.0.30 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
YTD (pepak) (HKLM-x32\...\YTD_Pepak) (Version: - )
Zoom (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\ZoomUMX) (Version: 5.2.2 (45108.0831) - Zoom Video Communications, Inc.)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-01] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
McAfee Endpoint Security Web Control -> C:\Program Files\WindowsApps\5A894077.McAfeeEndpointSecurityWebControl_10.7.3.0_x86__wafk5atnkzcwy [2020-10-14] (McAfee Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.4213.0_x64__8wekyb3d8bbwe [2021-04-30] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.22101.0_x64__8wekyb3d8bbwe [2021-04-24] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-18] (Netflix, Inc.)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2905597249-1629462600-326273939-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2905597249-1629462600-326273939-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\aaa\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-08-04] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ImageResizer] -> {C6193976-9333-4E73-96BA-7B21CA942187} => C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll [2007-01-24] (VSO Software SARL) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-10-22 15:18 - 2014-05-18 21:32 - 000441220 _____ (Java(TM) Native Access (JNA)) [File not signed] C:\Users\aaa\Desktop\NÁSTROJE\FreeRapid-0.9u4\FreeRapid-0.9u4\lib\jnidispatch32.dll
2020-12-15 14:37 - 2020-12-15 14:37 - 001950208 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2018-01-22 20:50 - 2010-09-26 21:31 - 000073728 ____R (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\exvmuvc.ax
2018-01-22 20:50 - 2010-09-28 13:04 - 000081920 _____ (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\VmicCommonIR.dll
2018-01-22 20:50 - 2010-06-21 16:56 - 000077824 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\FlydCamCtrl.dll
2018-01-22 20:50 - 2010-09-28 14:43 - 000147456 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\Plugins\immirrc.dll
2018-01-22 20:50 - 2010-06-21 16:56 - 000073728 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\TiaDecFac.dll
2018-01-22 20:51 - 2010-06-10 16:10 - 000081920 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydblapl.ax
2018-01-22 20:51 - 2010-05-18 18:23 - 000196608 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydcam.ax
2019-08-15 18:52 - 2007-01-24 10:38 - 000130048 _____ (VSO Software SARL) [File not signed] C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\ssv.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Toolbar: HKLM-x32 - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2020-01-23 10:01 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2905597249-1629462600-326273939-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "IMMON"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "EpicPen"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\StartupFolder: => "Telegram.lnk"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38F8858B-DD30-4CED-B6A4-9D8A849DE640}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{04101C78-00BA-4BA5-94A8-B4B3C1FC16B3}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{E81ACD9B-9F79-4CA0-82CC-9F976E297C45}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{178C6B30-3CBF-4ECE-9060-ECFE1173B7A0}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{608C9E9E-AE0C-4A8A-B759-EB9423A21412}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{1235A4DE-BEA2-402F-882B-6195C22AE353}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [TCP Query User{FE2B040D-2F2D-4443-B2C0-5587EAB714FF}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [UDP Query User{2BB6BFBA-EA99-4A80-B02C-5150A0A5B261}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CEC3BE18-E637-450B-B5DE-10467C29D7BD}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2FAA2F69-7BA2-4BBB-93D4-E3D9FA529C57}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FF9A6185-44A3-4AAF-B848-28DA8331245E}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{624D843E-3005-4174-A38C-232C59DAE6D1}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{876C1C26-4B4F-4F6F-8F6C-D29CE0751ED2}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{595DF0CA-5356-40B0-9D41-C79748FE4D29}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Block) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [TCP Query User{669FD538-0D37-4D05-A9AF-34F0AF9590EE}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Block) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [UDP Query User{9DED04E5-CBBB-4BE1-92A6-1936398BF5B9}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [TCP Query User{EF6C2B77-156B-48E3-AA55-7B39F06DDBE7}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [UDP Query User{07BE12DB-7DB6-4E76-9076-8713C59F0439}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E032C053-8342-4D02-A5FF-EA1BF4094C92}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{05388E02-D273-4010-9FEC-47A76A9BFCCF}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{51DD86A4-7A3B-4D5B-9A1C-AFB229613AF8}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [{8473AAD1-96D9-4CDB-8F8F-BB181A3D29D5}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{917A3821-484C-4B61-8498-B89208B30163}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{43CC3079-FC02-4D11-8496-A0FA0795E7A4}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{26C8ABBB-C5E4-4EE4-B2DA-5879EA24EA5D}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [UDP Query User{BB0DB695-0B30-443D-B291-451D981C30AA}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe => No File
FirewallRules: [TCP Query User{81A37EFA-7493-4F1C-93FC-92A56DCF6789}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe => No File
FirewallRules: [{BF260DAD-8FD3-43DB-B554-170AAA390C3A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{41B55316-CCE3-4118-B69F-E04AC94C3D3B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [UDP Query User{B28E1106-7C65-4998-973D-6B42C576F506}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FDE4B27C-D078-4CB2-8F86-20447217832D}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BD0A65AF-223E-49BC-9E97-A873F55DE117}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe => No File
FirewallRules: [TCP Query User{807389EF-F73E-498A-8F33-68B9224FB859}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe => No File
FirewallRules: [UDP Query User{0697B737-5D05-4738-ADFA-2E77ECE3178D}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B0743B75-93A8-44EA-A969-92311DDD56CD}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FD769A59-594E-41CE-95FA-D0C6B69CC3D3}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8BF7EB87-E13D-4FE8-8301-564719B0E349}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe => No File
FirewallRules: [UDP Query User{6444DB01-25D1-45AD-9905-8D634C3A9362}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [TCP Query User{0390A106-3AF7-4363-A748-3F4455E14EF7}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [{68EF71F6-AF14-41F2-B131-F7B442CBE9E8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{C9DC3E7B-2870-4617-AB22-AB93F6314765}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{142A2E18-D95F-4C53-AA9D-2CB997F46C1E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{8155F672-63A1-49F9-896E-9511CA903A65}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{99D1E8FB-AAD8-40F0-8EF9-6EE8BD5CA390}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{1D6A71AF-1ADE-46D9-A1F6-FA5F8BF89B33}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{29DBEAF4-1771-4F6C-9FD8-77F5F381E08F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{0E8A3579-2D1D-4BB9-BA79-BCBB4B828C2B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{28C31ACC-F509-44A6-AC1F-D9B690F335E6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{AFC98497-7732-4BEC-BB8E-B08871DBCA2C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [TCP Query User{BB9736D6-BA41-4001-BBDB-81FF6FA7A576}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB12E5DD-F9AA-4DE2-93FA-8C265F94DDF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{79C32572-946E-48CF-90CA-B64E7CB95191}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [UDP Query User{523EC6D2-0E8A-4FB8-A508-A795F55E382E}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [{4F05A4CF-5509-4268-AFB5-EB40A5D085B5}] => (Allow) C:\Program Files\Admiral Markets MT5\metatester64.exe (MetaQuotes Ltd. -> MetaQuotes Ltd.)
FirewallRules: [{A3518309-723E-4FB4-BC64-103B9708AA00}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C3E3B695-92AC-4FD9-964C-CCA5051F02CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FEC2B40D-EB55-41D3-85C1-3AE600561D45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F7F912BC-FB5B-45C8-A67D-3DF4671B80E9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C6847437-B74D-4F00-B801-3F5F89FE1E54}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C07B6C3C-A546-496B-8406-3A40DD561660}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{34F7FAC2-711E-451F-AB7A-7C9A074D9A56}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{B72E368E-EB1A-4A2E-AA28-9CA706034BAE}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{BE4D5273-D152-48A8-8286-0A3D43960B42}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{0032E7BD-3242-45F2-80AA-AD3C3F2B45E5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

27-04-2021 17:16:32 Naplánovaný kontrolní bod
05-05-2021 18:25:09 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/05/2021 07:23:49 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/05/2021 07:23:49 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/05/2021 07:23:48 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/05/2021 07:23:47 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/05/2021 07:23:47 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\1, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/05/2021 07:23:46 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\1, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/05/2021 07:23:45 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/05/2021 06:47:27 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-1JNUR2R)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (05/05/2021 06:42:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby:
Soubor nebo adresář je porušen a není čitelný.

Error: (05/05/2021 06:41:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby mfevtp bylo dosaženo časového limitu (30000 ms).

Error: (05/05/2021 06:40:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby SystemUsageReportSvc_QUEENCREEK bylo dosaženo časového limitu (30000 ms).

Error: (05/05/2021 06:40:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby mfemms bylo dosaženo časového limitu (30000 ms).

Error: (05/05/2021 06:40:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba User Energy Server Service queencreek byla ukončena s následující chybou:
Ovladač %2 vrátil neplatné číslo ID pro podřízené zařízení (%3).

Error: (05/05/2021 06:39:55 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Windows Update se po přijetí pokynu pro vypnutí neukončila správně.

Error: (05/05/2021 06:39:39 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Energy Server Service queencreek se po přijetí pokynu pro vypnutí neukončila správně.

Error: (05/05/2021 06:39:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8007045b): 2021-04 Kumulativní aktualizace (Preview) pro Windows 10 Version 20H2 pro systémy založené na platformě x64 (KB5001391).


Windows Defender:
================
Date: 2021-03-11 17:13:53
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {892DF1EA-BBD6-461B-A2D3-28C1360D2023}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 15:05:57
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {850DB06C-C932-46F1-B2D0-B4CFE78F6B15}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 14:25:23
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A77881F2-3E65-40E1-A6DB-DF80043B2CCC}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 11:41:20
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {216C81BB-E3D4-4D05-832D-241E3090D571}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 10:55:15
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {8983F09E-E80D-4D52-A7F3-EE3EC51AB444}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-04-13 21:29:07
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.333.160.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17900.7
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2020-11-13 17:03:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2020-11-13 17:03:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2020-11-13 17:03:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2020-11-13 16:49:36
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

CodeIntegrity:
===============
Date: 2021-05-05 18:47:03
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Microsoft signing level requirements.

Date: 2021-05-05 18:46:05
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Windows signing level requirements.

Date: 2021-05-05 18:46:03
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\Endpoint Security\Threat Prevention\amcfg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F4 02/06/2012
Motherboard: Gigabyte Technology Co., Ltd. H55M-D2H
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 80%
Total physical RAM: 3767.49 MB
Available physical RAM: 724.99 MB
Total Virtual: 7479.49 MB
Available Virtual: 2896.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.51 GB) (Free:402.51 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:381.1 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:29.29 GB) (Free:9 GB) FAT32
Drive g: () (Removable) (Total:14.42 GB) (Free:3.45 GB) FAT32

\\?\Volume{f2781714-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{f2781714-0000-0000-0000-40c0e8000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00084F14)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F2781714)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=519 MB) - (Type=27)

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 29.3 GB) (Disk ID: 71D9E4B3)
Partition 1: (Active) - (Size=29.3 GB) - (Type=0C)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 14.4 GB) (Disk ID: E46D6294)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0C)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#2 Příspěvek od Diallix »

Dobry den.

:arrow: Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

bonapart
Návštěvník
Návštěvník
Příspěvky: 87
Registrován: 27 zář 2008 20:43

Re: prosím o kontrolu logu

#3 Příspěvek od bonapart »

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-06-2021
# Duration: 00:00:10
# OS: Windows 10 Pro
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1423 octets] - [06/05/2021 14:11:21]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-28.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-06-2021
# Duration: 00:00:43
# OS: Windows 10 Pro
# Scanned: 31975
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.InstallCore HKCU\Software\csastats

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

bonapart
Návštěvník
Návštěvník
Příspěvky: 87
Registrován: 27 zář 2008 20:43

Re: prosím o kontrolu logu

#4 Příspěvek od bonapart »

zdravim Vás , poslal jsem spravné logy ?

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#5 Příspěvek od Diallix »

Ano, dobre ste to urobil.

Mozete sem, prosim, vlozit nove logy FRST + ADDITION?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

bonapart
Návštěvník
Návštěvník
Příspěvky: 87
Registrován: 27 zář 2008 20:43

Re: prosím o kontrolu logu

#6 Příspěvek od bonapart »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2021
Ran by aaa (administrator) on DESKTOP-1JNUR2R (ATComputers COMFOR DIABLO I65) (13-05-2021 17:18:07)
Running from C:\Users\aaa\Desktop
Loaded Profiles: aaa
Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel(R) System Usage Report -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewch.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\mfeatp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Firewall\mfefw.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfetp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MpCmdRun.exe <2>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(OORT inc. -> oh!soft) C:\Program Files (x86)\oCam\oCamTask.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vicamon.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vmonproc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [IMMON] => C:\Program Files (x86)\IM Magician\Vicamon.exe [143360 2010-09-28] (Vimisoft Studio) [File not signed]
HKLM-x32\...\Run: [IMMONSUPPORT] => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2020-07-10] (Hammer & Chisel Inc. -> Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [654112 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
HKLM-x32\...\Run: [EpicPen] => C:\Program Files (x86)\Epic Pen\EpicPen.exe [779152 2020-02-20] (Tank Studios LTD -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-08-03] (Nero AG -> Nero AG)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [Discord] => C:\Users\aaa\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\XRXS1PC: C:\Windows\System32\spool\prtprocs\x64\xrxs1pc.dll [33792 2007-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\PJLMON.DLL [24064 2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\XRXS1 Langmon: C:\WINDOWS\system32\xrxs1l6.dll [22016 2007-03-23] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
Startup: C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2020-04-07]
ShortcutTarget: Telegram.lnk -> C:\Users\aaa\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F702BDF-0FB3-4179-AC63-8A4262F10CF8} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\Engine\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-06] (McAfee, Inc. -> McAfee, LLC.)
Task: {2504594E-DEC7-4257-BB7A-E5A3D2BCBB9A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {476FD06C-9440-43D5-B420-27FEDC5AE2F1} - System32\Tasks\G2MUploadTask-S-1-5-21-2905597249-1629462600-326273939-1001 => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {71C37E72-5579-4A38-A6E8-566DD5108E9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7257B0EB-FF5C-4072-8F68-9AD114EF6407} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {81795AC2-BBFA-40A9-B4C2-C1A162AC9B67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {86CEED45-B85C-46AE-9FE1-A62CB3214947} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {889AA1FF-880D-4D3B-AF59-A8BDD327FD9D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2905597249-1629462600-326273939-1001 => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {9EF66458-5B74-4E85-A5D2-24D4E8F1C6E5} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {BD5D8378-F11C-4D37-A816-E2F1D77F855F} - System32\Tasks\oCamTask => C:\Program Files (x86)\oCam\oCamTask.exe [148816 2019-09-06] (OORT inc. -> oh!soft)
Task: {C39432B3-5517-49C8-8ACD-F0173769553F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {DB4CBE4B-5881-49C0-9E39-BB296E2059F9} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {DFC4141C-1D5B-4C24-B902-9C7F22207E4C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2905597249-1629462600-326273939-1001.job => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2905597249-1629462600-326273939-1001.job => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{14b0b5df-90a9-4ebf-9aed-aaa7b8c0f122}: [DhcpNameServer] 10.0.0.138

Edge:
=======
DownloadDir: C:\Users\aaa\Desktop
Edge HomeButtonPage: HKU\S-1-5-21-2905597249-1629462600-326273939-1001 -> hxxp://www.seznam.cz/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\aaa\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-13]
Edge DownloadDir: Default -> C:\Users\aaa\Desktop
Edge HomePage: Default -> hxxp://www.seznam.cz/
Edge StartupUrls: Default -> "hxxps://google.com/"
Edge Session Restore: Default -> is enabled.

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-11-13] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Extension: (McAfee Endpoint Security Web Control) - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi [2019-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default [2021-05-13]
CHR DownloadDir: C:\Users\aaa\Desktop
CHR Notifications: Default -> hxxps://app.cryptokingdom.tech
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-30]
CHR Extension: (Dokumenty) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-30]
CHR Extension: (Disk Google) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-08-30]
CHR Extension: (YouTube) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-30]
CHR Extension: (Tabulky) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-21]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2021-04-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-16]
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-08]
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mcchplg.crx [2019-10-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [241456 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [179552 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [956760 2020-11-13] () [File not signed]
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [261640 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R2 mfewc; C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe [319792 2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-11] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2017-06-05] (Sony Mobile Communications AB -> Sony Mobile Communications)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [107440 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2020-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfeepmpk; C:\WINDOWS\System32\drivers\mfeepmpk.sys [226432 2020-10-14] (McAfee, Inc. -> McAfee, LLC.)
S3 MfeEpNfcp; C:\WINDOWS\System32\drivers\MfeEpNfcp.sys [93568 2021-05-04] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfehck; C:\WINDOWS\System32\drivers\mfehck.sys [89520 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [563640 2020-10-14] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107448 2020-10-14] (McAfee, Inc. -> McAfee LLC.)
R1 mfenlfk; C:\WINDOWS\system32\DRIVERS\mfenlfk.sys [82352 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-11] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-11] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-13 17:18 - 2021-05-13 17:22 - 000022875 _____ C:\Users\aaa\Desktop\FRST.txt
2021-05-13 17:17 - 2021-05-13 17:17 - 000000000 ____D C:\Users\aaa\Desktop\FRST-OlderVersion
2021-05-13 17:09 - 2021-05-13 17:09 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2021-05-13 09:52 - 2021-05-13 09:52 - 000000000 ____D C:\Users\aaa\Desktop\ROOM
2021-05-12 20:27 - 2021-05-12 20:28 - 000000000 ____D C:\Users\aaa\Desktop\SESTŘÍHAT
2021-05-12 19:45 - 2021-05-12 19:45 - 004246377 _____ C:\Users\aaa\Desktop\eBook_ReportMetaTrader4_HQ.pdf
2021-05-12 15:10 - 2021-05-12 15:10 - 000001435 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2021-05-12 14:28 - 2021-05-12 14:28 - 000001311 _____ C:\Users\aaa\Desktop\Země nomádů oscar 2021(2020)Cz.Titulky – zástupce.lnk
2021-05-12 10:51 - 2021-05-12 10:51 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-10 17:42 - 2021-05-13 17:05 - 000000000 ____D C:\Users\aaa\Desktop\MOJE OBCHODY
2021-05-10 17:42 - 2021-05-10 09:56 - 000000043 _____ C:\Users\aaa\Desktop\TTW SLOVENSKO.txt
2021-05-09 21:12 - 2021-05-09 21:12 - 000012052 _____ C:\Users\aaa\Desktop\Obchodní deník ADAM.xlsx
2021-05-09 20:28 - 2021-05-12 13:28 - 000000000 ____D C:\Users\aaa\Desktop\HODAN OBCHODY
2021-05-09 12:18 - 2021-05-09 12:18 - 000001285 _____ C:\Users\aaa\Desktop\České fotbalové legendy_ Karel Poborský – zástupce.lnk
2021-05-08 12:22 - 2021-05-08 12:22 - 000000000 ____D C:\Users\aaa\Desktop\Safe telefon
2021-05-07 18:52 - 2021-05-07 18:52 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
2021-05-07 18:08 - 2021-05-07 20:47 - 000000000 ____D C:\Users\aaa\Desktop\Bee Gees
2021-05-06 14:07 - 2021-05-06 14:12 - 000000000 ____D C:\AdwCleaner
2021-05-06 11:21 - 2021-05-06 11:21 - 008534696 _____ (Malwarebytes) C:\Users\aaa\Desktop\adwcleaner_8.2.exe
2021-05-05 20:56 - 2021-05-13 17:20 - 000000000 ____D C:\FRST
2021-05-05 20:44 - 2021-05-13 17:17 - 002299392 _____ (Farbar) C:\Users\aaa\Desktop\FRST64.exe
2021-05-05 19:30 - 2021-05-05 19:30 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-05 19:30 - 2021-05-05 19:30 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-05-05 19:30 - 2021-05-05 19:30 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-05-05 19:29 - 2021-05-05 19:29 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-05 19:29 - 2021-05-05 19:29 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-05 19:29 - 2021-05-05 19:29 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-05 19:29 - 2021-05-05 19:29 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-05 19:28 - 2021-05-05 19:28 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-05 19:27 - 2021-05-05 19:27 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-05 19:27 - 2021-05-05 19:27 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-05 19:27 - 2021-05-05 19:27 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-05 19:27 - 2021-05-05 19:27 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-05 19:26 - 2021-05-05 19:26 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-05 18:39 - 2021-05-05 18:40 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2021-05-03 08:37 - 2021-05-12 10:58 - 000000000 ____D C:\Users\aaa\Desktop\Standa škola
2021-04-29 12:12 - 2021-04-29 12:12 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2021-04-20 21:17 - 2021-04-20 21:17 - 000001458 _____ C:\Users\aaa\Desktop\Korelace Ondry – zástupce.lnk
2021-04-17 16:21 - 2021-04-17 16:21 - 000000892 _____ C:\Users\aaa\Desktop\MT 4 A ZÁLOHA – zástupce.lnk
2021-04-17 16:19 - 2021-04-17 16:19 - 000002042 _____ C:\Users\aaa\Desktop\AE91483A2C1AB18F5CE478007E23752E – zástupce.lnk
2021-04-17 16:07 - 2021-04-17 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purple Trading MT4 A
2021-04-17 16:07 - 2021-04-17 16:07 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4 A
2021-04-14 07:37 - 2021-04-14 07:37 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2021-04-13 22:34 - 2021-04-13 22:34 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-13 21:07 - 2021-04-13 21:07 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2021-04-13 20:49 - 2021-04-13 20:49 - 000000000 ____D C:\WINDOWS\PCHEALTH

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-13 17:27 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-13 17:27 - 2018-03-15 11:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-13 17:14 - 2017-10-01 17:18 - 000000000 ____D C:\Program Files\CCleaner
2021-05-13 17:12 - 2020-10-15 23:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-13 17:11 - 2020-10-15 22:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-13 17:10 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-13 12:42 - 2020-10-15 22:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-13 11:24 - 2018-02-06 15:10 - 000000000 ____D C:\Users\aaa\AppData\Roaming\Telegram Desktop
2021-05-13 09:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-13 09:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-13 09:38 - 2016-12-02 22:53 - 000000000 ___RD C:\Users\aaa\OneDrive
2021-05-12 19:39 - 2017-08-02 13:16 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-12 16:34 - 2020-10-15 23:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-05-12 15:13 - 2020-10-15 22:54 - 000442920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-12 15:13 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-12 15:08 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-12 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-12 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-12 11:01 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 09:24 - 2016-12-03 00:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 09:07 - 2016-12-03 00:25 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-12 06:49 - 2019-07-30 23:28 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-10 17:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-09 12:11 - 2020-05-08 16:07 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-07 20:55 - 2020-10-15 23:12 - 001693204 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-07 20:55 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-07 20:55 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-07 19:06 - 2018-01-30 01:30 - 000000000 ____D C:\Users\aaa\AppData\Local\Packages
2021-05-07 18:56 - 2017-08-11 21:45 - 000000000 ___RD C:\Users\aaa\Desktop\NÁSTROJE
2021-05-07 16:28 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-06 14:07 - 2017-09-13 21:59 - 000000000 ____D C:\Users\aaa\AppData\Local\Microsoft Help
2021-05-06 09:41 - 2020-10-15 23:45 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2905597249-1629462600-326273939-1001
2021-05-06 09:41 - 2020-10-15 22:59 - 000002400 _____ C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-05 22:23 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-05 22:08 - 2019-12-07 16:44 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-05 22:07 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-05 22:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-05 22:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-05 22:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-05 20:13 - 2019-12-07 16:47 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-05 19:49 - 2020-11-22 19:33 - 000000000 ____D C:\Users\aaa\AppData\Roaming\EpicPen
2021-05-04 09:39 - 2020-10-14 18:31 - 000093568 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\MfeEpNfcp.sys
2021-04-30 18:55 - 2018-11-25 23:40 - 000000000 ___HD C:\Users\aaa\Desktop\ACRCallsBackup
2021-04-27 16:27 - 2017-09-12 18:44 - 000000000 ____D C:\Users\aaa\AppData\Roaming\vlc
2021-04-26 09:42 - 2020-10-16 00:21 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a337560a0dc6
2021-04-26 09:42 - 2020-10-15 23:45 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-21 21:11 - 2020-08-23 15:52 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-21 14:50 - 2020-10-15 23:45 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 14:50 - 2020-10-15 23:45 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-21 12:11 - 2018-03-25 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-04-21 12:11 - 2018-03-25 12:44 - 000000000 ____D C:\Program Files (x86)\Java
2021-04-21 12:09 - 2018-03-25 12:45 - 000164640 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-04-17 16:04 - 2019-04-28 18:38 - 000000000 ____D C:\Users\aaa\AppData\Roaming\MetaQuotes
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-13 22:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-13 22:33 - 2020-10-15 23:00 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-13 21:10 - 2020-03-16 18:03 - 000000654 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2905597249-1629462600-326273939-1001.job
2021-04-13 21:10 - 2020-03-16 18:03 - 000000558 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2905597249-1629462600-326273939-1001.job
2021-04-13 20:49 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

==================== Files in the root of some directories ========

2019-05-28 11:03 - 2019-06-23 19:51 - 000004608 _____ () C:\Users\aaa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-13 21:20 - 2017-09-13 21:20 - 000000017 _____ () C:\Users\aaa\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2021
Ran by aaa (13-05-2021 17:34:19)
Running from C:\Users\aaa\Desktop
Windows 10 Pro Version 20H2 19042.985 (X64) (2020-10-15 21:47:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

aaa (S-1-5-21-2905597249-1629462600-326273939-1001 - Administrator - Enabled) => C:\Users\aaa
Administrator (S-1-5-21-2905597249-1629462600-326273939-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2905597249-1629462600-326273939-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2905597249-1629462600-326273939-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2905597249-1629462600-326273939-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2905597249-1629462600-326273939-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Endpoint Security (Disabled - Out of date) {A37DD4B2-BDFF-70DA-DE19-9F9927D6940F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Endpoint Security (Enabled) {9B465597-F790-7182-F546-36ACD905D374}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.11 (HKLM-x32\...\{26CB5429-1141-40FC-A7AA-F13AC1458D10}) (Version: 4.11.3.3420 - Open Media LLC)
Admiral Markets MT5 (HKLM\...\Admiral Markets MT5) (Version: 5.00 - MetaQuotes Software Corp.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
ANTSvc version 1.0.0.0 (HKLM-x32\...\ANTSvc_is1) (Version: 1.0.0.0 - ANTSvc)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
Discord (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: v3.9.29.0 - TANK Studios LTD)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
IM Magician (HKLM-x32\...\{A5742726-2180-4253-83A7-53558486A7A2}) (Version: 1.00.0001 - Vimisoft Studio)
Intel(R) Computing Improvement Program (HKLM\...\{848F0123-CF5D-4192-90EC-A6574D8B1796}) (Version: 2.4.06522 - Intel Corporation)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 291 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
McAfee Agent (HKLM\...\{F01CC7C9-9545-494A-9A8E-F52037F8BE8E}) (Version: 5.6.1.308 - McAfee, Inc.) Hidden
McAfee Agent (HKLM-x32\...\McAfeeAgent) (Version: 5.6.1.308 - McAfee, Inc.)
McAfee Data Exchange Layer for MA (HKLM\...\{FEE8AD9B-C4D7-4F07-89AC-88C28E2B8809}) (Version: 5.0.10249.0 - McAfee LLC) Hidden
McAfee Data Exchange Layer for MA (HKLM-x32\...\{a3f1e826-e1b0-460f-8113-6624beacab1b}) (Version: 5.0.1.249 - McAfee LLC) Hidden
McAfee Endpoint Security Adaptive Threat Protection (HKLM\...\{377DA1C7-79DE-4102-8DB7-5C2296A3E960}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Firewall (HKLM\...\{6F88C6E9-CAD0-4D03-99E1-161383F9AD6F}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Platform (HKLM\...\{B16DE18D-4D5D-45F8-92BD-8DC17225AFD8}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Threat Prevention (HKLM\...\{820D7600-089E-486B-860F-279B8119A893}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Web Control (HKLM\...\{5974413A-8D95-4D64-B9EE-40DF28186445}) (Version: 10.7.0 - McAfee, LLC.)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.56 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}) (Version: 8.0.182 - Nero AG)
NQuotes (HKLM-x32\...\NQuotes) (Version: 1.13 - Brainroom Ltd.)
oCam 버전 515.0 (HKLM-x32\...\oCam_is1) (Version: 515.0 - hxxp://ohsoft.net/)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4 A) (Version: 4.00 - MetaQuotes Ltd.)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4) (Version: 4.00 - MetaQuotes Software Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Slovník Verdict Free (a internetový překladač) (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Verdict Free) (Version: - )
Sonic Foundry Sound Forge 6.0a (HKLM-x32\...\{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}) (Version: 6.0.150 - Sonic Foundry)
Telegram Desktop version 2.7.4 (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.4 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
Video Viewer (HKLM-x32\...\Video Viewer) (Version: 0.1.9.7 - AVTECH Corporation, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VSO Downloader 5.1.1.69 (HKLM-x32\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.1.1.69 - VSO Software)
VSO Image Resizer 1.3.4d (HKLM-x32\...\VSO Image Resizer_is1) (Version: 1.3.4d - VSO-Software)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.157 - McAfee, LLC)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}) (Version: 1.0.30 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
YTD (pepak) (HKLM-x32\...\YTD_Pepak) (Version: - )
Zoom (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\ZoomUMX) (Version: 5.2.2 (45108.0831) - Zoom Video Communications, Inc.)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-01] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
McAfee Endpoint Security Web Control -> C:\Program Files\WindowsApps\5A894077.McAfeeEndpointSecurityWebControl_10.7.3.0_x86__wafk5atnkzcwy [2020-10-14] (McAfee Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-11] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.22101.0_x64__8wekyb3d8bbwe [2021-04-24] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-18] (Netflix, Inc.)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2905597249-1629462600-326273939-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2905597249-1629462600-326273939-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\aaa\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-08-04] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ImageResizer] -> {C6193976-9333-4E73-96BA-7B21CA942187} => C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll [2007-01-24] (VSO Software SARL) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-12-15 14:37 - 2020-12-15 14:37 - 001950208 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2018-01-22 20:50 - 2010-09-26 21:31 - 000073728 ____R (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\exvmuvc.ax
2018-01-22 20:50 - 2010-09-28 13:04 - 000081920 _____ (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\VmicCommonIR.dll
2018-01-22 20:50 - 2010-06-21 16:56 - 000077824 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\FlydCamCtrl.dll
2018-01-22 20:50 - 2010-09-28 14:43 - 000147456 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\Plugins\immirrc.dll
2018-01-22 20:50 - 2010-06-21 16:56 - 000073728 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\TiaDecFac.dll
2018-01-22 20:51 - 2010-06-10 16:10 - 000081920 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydblapl.ax
2018-01-22 20:51 - 2010-05-18 18:23 - 000196608 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydcam.ax

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\ssv.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Toolbar: HKLM-x32 - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2020-01-23 10:01 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2905597249-1629462600-326273939-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "IMMON"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "EpicPen"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\StartupFolder: => "Telegram.lnk"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38F8858B-DD30-4CED-B6A4-9D8A849DE640}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{04101C78-00BA-4BA5-94A8-B4B3C1FC16B3}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{E81ACD9B-9F79-4CA0-82CC-9F976E297C45}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{178C6B30-3CBF-4ECE-9060-ECFE1173B7A0}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{608C9E9E-AE0C-4A8A-B759-EB9423A21412}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{1235A4DE-BEA2-402F-882B-6195C22AE353}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [TCP Query User{FE2B040D-2F2D-4443-B2C0-5587EAB714FF}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [UDP Query User{2BB6BFBA-EA99-4A80-B02C-5150A0A5B261}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CEC3BE18-E637-450B-B5DE-10467C29D7BD}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2FAA2F69-7BA2-4BBB-93D4-E3D9FA529C57}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FF9A6185-44A3-4AAF-B848-28DA8331245E}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{624D843E-3005-4174-A38C-232C59DAE6D1}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{876C1C26-4B4F-4F6F-8F6C-D29CE0751ED2}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{595DF0CA-5356-40B0-9D41-C79748FE4D29}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Block) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [TCP Query User{669FD538-0D37-4D05-A9AF-34F0AF9590EE}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Block) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [UDP Query User{9DED04E5-CBBB-4BE1-92A6-1936398BF5B9}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [TCP Query User{EF6C2B77-156B-48E3-AA55-7B39F06DDBE7}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [UDP Query User{07BE12DB-7DB6-4E76-9076-8713C59F0439}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E032C053-8342-4D02-A5FF-EA1BF4094C92}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{05388E02-D273-4010-9FEC-47A76A9BFCCF}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{51DD86A4-7A3B-4D5B-9A1C-AFB229613AF8}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [{8473AAD1-96D9-4CDB-8F8F-BB181A3D29D5}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{917A3821-484C-4B61-8498-B89208B30163}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{43CC3079-FC02-4D11-8496-A0FA0795E7A4}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{26C8ABBB-C5E4-4EE4-B2DA-5879EA24EA5D}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [UDP Query User{BB0DB695-0B30-443D-B291-451D981C30AA}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe => No File
FirewallRules: [TCP Query User{81A37EFA-7493-4F1C-93FC-92A56DCF6789}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe => No File
FirewallRules: [{BF260DAD-8FD3-43DB-B554-170AAA390C3A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{41B55316-CCE3-4118-B69F-E04AC94C3D3B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [UDP Query User{B28E1106-7C65-4998-973D-6B42C576F506}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FDE4B27C-D078-4CB2-8F86-20447217832D}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BD0A65AF-223E-49BC-9E97-A873F55DE117}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe => No File
FirewallRules: [TCP Query User{807389EF-F73E-498A-8F33-68B9224FB859}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe => No File
FirewallRules: [UDP Query User{0697B737-5D05-4738-ADFA-2E77ECE3178D}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B0743B75-93A8-44EA-A969-92311DDD56CD}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FD769A59-594E-41CE-95FA-D0C6B69CC3D3}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8BF7EB87-E13D-4FE8-8301-564719B0E349}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe => No File
FirewallRules: [UDP Query User{6444DB01-25D1-45AD-9905-8D634C3A9362}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [TCP Query User{0390A106-3AF7-4363-A748-3F4455E14EF7}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [{68EF71F6-AF14-41F2-B131-F7B442CBE9E8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{C9DC3E7B-2870-4617-AB22-AB93F6314765}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{142A2E18-D95F-4C53-AA9D-2CB997F46C1E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{8155F672-63A1-49F9-896E-9511CA903A65}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{99D1E8FB-AAD8-40F0-8EF9-6EE8BD5CA390}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{1D6A71AF-1ADE-46D9-A1F6-FA5F8BF89B33}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{29DBEAF4-1771-4F6C-9FD8-77F5F381E08F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{0E8A3579-2D1D-4BB9-BA79-BCBB4B828C2B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{28C31ACC-F509-44A6-AC1F-D9B690F335E6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{AFC98497-7732-4BEC-BB8E-B08871DBCA2C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [TCP Query User{BB9736D6-BA41-4001-BBDB-81FF6FA7A576}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB12E5DD-F9AA-4DE2-93FA-8C265F94DDF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{79C32572-946E-48CF-90CA-B64E7CB95191}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [UDP Query User{523EC6D2-0E8A-4FB8-A508-A795F55E382E}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [{4F05A4CF-5509-4268-AFB5-EB40A5D085B5}] => (Allow) C:\Program Files\Admiral Markets MT5\metatester64.exe (MetaQuotes Ltd. -> MetaQuotes Ltd.)
FirewallRules: [{A3518309-723E-4FB4-BC64-103B9708AA00}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C3E3B695-92AC-4FD9-964C-CCA5051F02CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FEC2B40D-EB55-41D3-85C1-3AE600561D45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F7F912BC-FB5B-45C8-A67D-3DF4671B80E9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C6847437-B74D-4F00-B801-3F5F89FE1E54}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C07B6C3C-A546-496B-8406-3A40DD561660}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{34F7FAC2-711E-451F-AB7A-7C9A074D9A56}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{B72E368E-EB1A-4A2E-AA28-9CA706034BAE}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{BE4D5273-D152-48A8-8286-0A3D43960B42}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{6603F3F9-089A-46CD-8193-E1D1F212F022}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

27-04-2021 17:16:32 Naplánovaný kontrolní bod
05-05-2021 18:25:09 Instalační služba modulů systému Windows
12-05-2021 09:37:14 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/13/2021 05:27:42 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe, which accessed HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWSDEFENDER, violating the rule "T1060 - New Startup Program Creation". Access was allowed because the rule wasn't configured to block.

Error: (05/13/2021 05:16:51 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-1JNUR2R)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (05/13/2021 05:16:12 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe, which accessed HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWSDEFENDER, violating the rule "T1060 - New Startup Program Creation". Access was allowed because the rule wasn't configured to block.

Error: (05/13/2021 05:16:03 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe, which accessed HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWSDEFENDER, violating the rule "T1060 - New Startup Program Creation". Access was allowed because the rule wasn't configured to block.

Error: (05/12/2021 07:37:16 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/12/2021 07:37:15 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/12/2021 07:37:14 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/12/2021 07:37:12 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.


System errors:
=============
Error: (05/13/2021 05:12:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby:
Soubor nebo adresář je porušen a není čitelný.

Error: (05/13/2021 05:10:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby mfevtp bylo dosaženo časového limitu (30000 ms).

Error: (05/13/2021 05:09:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby mfemms bylo dosaženo časového limitu (30000 ms).

Error: (05/13/2021 05:09:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba User Energy Server Service queencreek byla ukončena s následující chybou:
Ovladač %2 vrátil neplatné číslo ID pro podřízené zařízení (%3).

Error: (05/13/2021 05:09:11 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Energy Server Service queencreek se po přijetí pokynu pro vypnutí neukončila správně.

Error: (05/13/2021 12:43:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1JNUR2R)
Description: Server microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/12/2021 03:12:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby:
Soubor nebo adresář je porušen a není čitelný.

Error: (05/12/2021 03:10:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby mfemms bylo dosaženo časového limitu (30000 ms).


Windows Defender:
================
Date: 2021-03-11 17:13:53
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {892DF1EA-BBD6-461B-A2D3-28C1360D2023}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 15:05:57
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {850DB06C-C932-46F1-B2D0-B4CFE78F6B15}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 14:25:23
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A77881F2-3E65-40E1-A6DB-DF80043B2CCC}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 11:41:20
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {216C81BB-E3D4-4D05-832D-241E3090D571}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 10:55:15
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {8983F09E-E80D-4D52-A7F3-EE3EC51AB444}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-04-13 21:29:07
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.333.160.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17900.7
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2020-11-13 17:03:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2020-11-13 17:03:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2020-11-13 17:03:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2020-11-13 16:49:36
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

CodeIntegrity:
===============
Date: 2021-05-13 17:37:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Windows signing level requirements.

Date: 2021-05-13 17:26:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F4 02/06/2012
Motherboard: Gigabyte Technology Co., Ltd. H55M-D2H
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 73%
Total physical RAM: 3767.49 MB
Available physical RAM: 994.69 MB
Total Virtual: 7863.49 MB
Available Virtual: 4506.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.51 GB) (Free:393.4 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:372.9 GB) NTFS

\\?\Volume{f2781714-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{f2781714-0000-0000-0000-40c0e8000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00084F14)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F2781714)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=519 MB) - (Type=27)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#7 Příspěvek od Diallix »

Mozete sem, prosim, dat obsah suboru : C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs

Chodte do umiestnenia C:\Program Files\Intel\SUR\QUEENCREEK\x64\ , pravym klik na subor task.vbs -> upravit/otvorit v poznamkovom bloku. Sem vlozte obsah bloku.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

bonapart
Návštěvník
Návštěvník
Příspěvky: 87
Registrován: 27 zář 2008 20:43

Re: prosím o kontrolu logu

#8 Příspěvek od bonapart »

nevim jestli je to ono:

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Author>Intel(r) Energy Checker</Author>
</RegistrationInfo>
<Triggers>
<LogonTrigger>
<Repetition>
<Interval>PT3H</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<Enabled>true</Enabled>
<Delay>PT4M</Delay>
</LogonTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>NT AUTHORITY\SYSTEM</UserId>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>false</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT3H</ExecutionTimeLimit>
<Priority>2</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>"C:\WINDOWS\System32\Wscript.exe"</Command>
<Arguments>//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"</Arguments>
<WorkingDirectory>C:\Program Files\Intel\SUR\QUEENCREEK\x64</WorkingDirectory>
</Exec>
</Actions>
</Task>

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#9 Příspěvek od Diallix »

to je .xml subor, ja by som potreboval obsah suboru: C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

bonapart
Návštěvník
Návštěvník
Příspěvky: 87
Registrován: 27 zář 2008 20:43

Re: prosím o kontrolu logu

#10 Příspěvek od bonapart »

Set objShell = CreateObject("WScript.Shell")
objShell.Run("C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.bat"""), 0
Set objShell = Nothing

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#11 Příspěvek od Diallix »

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
Task: {81795AC2-BBFA-40A9-B4C2-C1A162AC9B67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {86CEED45-B85C-46AE-9FE1-A62CB3214947} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {C39432B3-5517-49C8-8ACD-F0173769553F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2905597249-1629462600-326273939-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
FirewallRules: [{E81ACD9B-9F79-4CA0-82CC-9F976E297C45}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{178C6B30-3CBF-4ECE-9060-ECFE1173B7A0}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{2BB6BFBA-EA99-4A80-B02C-5150A0A5B261}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CEC3BE18-E637-450B-B5DE-10467C29D7BD}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2FAA2F69-7BA2-4BBB-93D4-E3D9FA529C57}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FF9A6185-44A3-4AAF-B848-28DA8331245E}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{624D843E-3005-4174-A38C-232C59DAE6D1}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{876C1C26-4B4F-4F6F-8F6C-D29CE0751ED2}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{9DED04E5-CBBB-4BE1-92A6-1936398BF5B9}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [TCP Query User{EF6C2B77-156B-48E3-AA55-7B39F06DDBE7}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [UDP Query User{07BE12DB-7DB6-4E76-9076-8713C59F0439}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E032C053-8342-4D02-A5FF-EA1BF4094C92}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{05388E02-D273-4010-9FEC-47A76A9BFCCF}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{51DD86A4-7A3B-4D5B-9A1C-AFB229613AF8}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BB0DB695-0B30-443D-B291-451D981C30AA}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe => No File
FirewallRules: [TCP Query User{81A37EFA-7493-4F1C-93FC-92A56DCF6789}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B28E1106-7C65-4998-973D-6B42C576F506}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FDE4B27C-D078-4CB2-8F86-20447217832D}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BD0A65AF-223E-49BC-9E97-A873F55DE117}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe => No File
FirewallRules: [TCP Query User{807389EF-F73E-498A-8F33-68B9224FB859}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe => No File
FirewallRules: [UDP Query User{0697B737-5D05-4738-ADFA-2E77ECE3178D}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B0743B75-93A8-44EA-A969-92311DDD56CD}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FD769A59-594E-41CE-95FA-D0C6B69CC3D3}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8BF7EB87-E13D-4FE8-8301-564719B0E349}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe => No File
FirewallRules: [UDP Query User{6444DB01-25D1-45AD-9905-8D634C3A9362}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [TCP Query User{0390A106-3AF7-4363-A748-3F4455E14EF7}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [{68EF71F6-AF14-41F2-B131-F7B442CBE9E8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{C9DC3E7B-2870-4617-AB22-AB93F6314765}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{142A2E18-D95F-4C53-AA9D-2CB997F46C1E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{8155F672-63A1-49F9-896E-9511CA903A65}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{99D1E8FB-AAD8-40F0-8EF9-6EE8BD5CA390}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{1D6A71AF-1ADE-46D9-A1F6-FA5F8BF89B33}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{29DBEAF4-1771-4F6C-9FD8-77F5F381E08F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{0E8A3579-2D1D-4BB9-BA79-BCBB4B828C2B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{28C31ACC-F509-44A6-AC1F-D9B690F335E6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{AFC98497-7732-4BEC-BB8E-B08871DBCA2C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [TCP Query User{79C32572-946E-48CF-90CA-B64E7CB95191}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [UDP Query User{523EC6D2-0E8A-4FB8-A508-A795F55E382E}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [TCP Query User{BB9736D6-BA41-4001-BBDB-81FF6FA7A576}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB12E5DD-F9AA-4DE2-93FA-8C265F94DDF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

bonapart
Návštěvník
Návštěvník
Příspěvky: 87
Registrován: 27 zář 2008 20:43

Re: prosím o kontrolu logu

#12 Příspěvek od bonapart »

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-05-2021
Ran by aaa (13-05-2021 19:29:34) Run:1
Running from C:\Users\aaa\Desktop
Loaded Profiles: defaultuser0 & aaa
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
Task: {81795AC2-BBFA-40A9-B4C2-C1A162AC9B67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
Task: {86CEED45-B85C-46AE-9FE1-A62CB3214947} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {C39432B3-5517-49C8-8ACD-F0173769553F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-30] (Google Inc -> Google LLC)
CustomCLSID: HKU\S-1-5-21-2905597249-1629462600-326273939-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> "C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" -ToastActivated => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
FirewallRules: [{E81ACD9B-9F79-4CA0-82CC-9F976E297C45}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{178C6B30-3CBF-4ECE-9060-ECFE1173B7A0}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{2BB6BFBA-EA99-4A80-B02C-5150A0A5B261}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [TCP Query User{CEC3BE18-E637-450B-B5DE-10467C29D7BD}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2FAA2F69-7BA2-4BBB-93D4-E3D9FA529C57}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FF9A6185-44A3-4AAF-B848-28DA8331245E}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{624D843E-3005-4174-A38C-232C59DAE6D1}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [TCP Query User{876C1C26-4B4F-4F6F-8F6C-D29CE0751ED2}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe => No File
FirewallRules: [UDP Query User{9DED04E5-CBBB-4BE1-92A6-1936398BF5B9}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [TCP Query User{EF6C2B77-156B-48E3-AA55-7B39F06DDBE7}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => No File
FirewallRules: [UDP Query User{07BE12DB-7DB6-4E76-9076-8713C59F0439}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E032C053-8342-4D02-A5FF-EA1BF4094C92}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe => No File
FirewallRules: [UDP Query User{05388E02-D273-4010-9FEC-47A76A9BFCCF}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [TCP Query User{51DD86A4-7A3B-4D5B-9A1C-AFB229613AF8}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BB0DB695-0B30-443D-B291-451D981C30AA}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe => No File
FirewallRules: [TCP Query User{81A37EFA-7493-4F1C-93FC-92A56DCF6789}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B28E1106-7C65-4998-973D-6B42C576F506}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe => No File
FirewallRules: [TCP Query User{FDE4B27C-D078-4CB2-8F86-20447217832D}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe => No File
FirewallRules: [UDP Query User{BD0A65AF-223E-49BC-9E97-A873F55DE117}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe => No File
FirewallRules: [TCP Query User{807389EF-F73E-498A-8F33-68B9224FB859}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe => No File
FirewallRules: [UDP Query User{0697B737-5D05-4738-ADFA-2E77ECE3178D}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B0743B75-93A8-44EA-A969-92311DDD56CD}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FD769A59-594E-41CE-95FA-D0C6B69CC3D3}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe => No File
FirewallRules: [TCP Query User{8BF7EB87-E13D-4FE8-8301-564719B0E349}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe => No File
FirewallRules: [UDP Query User{6444DB01-25D1-45AD-9905-8D634C3A9362}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [TCP Query User{0390A106-3AF7-4363-A748-3F4455E14EF7}C:\program files (x86)\videoviewer\videoviewer.exe] => (Block) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [{68EF71F6-AF14-41F2-B131-F7B442CBE9E8}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{C9DC3E7B-2870-4617-AB22-AB93F6314765}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{142A2E18-D95F-4C53-AA9D-2CB997F46C1E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{8155F672-63A1-49F9-896E-9511CA903A65}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe => No File
FirewallRules: [{99D1E8FB-AAD8-40F0-8EF9-6EE8BD5CA390}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{1D6A71AF-1ADE-46D9-A1F6-FA5F8BF89B33}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{29DBEAF4-1771-4F6C-9FD8-77F5F381E08F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{0E8A3579-2D1D-4BB9-BA79-BCBB4B828C2B}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{28C31ACC-F509-44A6-AC1F-D9B690F335E6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [{AFC98497-7732-4BEC-BB8E-B08871DBCA2C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe => No File
FirewallRules: [TCP Query User{79C32572-946E-48CF-90CA-B64E7CB95191}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [UDP Query User{523EC6D2-0E8A-4FB8-A508-A795F55E382E}C:\program files (x86)\videoviewer\videoviewer.exe] => (Allow) C:\program files (x86)\videoviewer\videoviewer.exe => No File
FirewallRules: [TCP Query User{BB9736D6-BA41-4001-BBDB-81FF6FA7A576}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FB12E5DD-F9AA-4DE2-93FA-8C265F94DDF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)

EmptyTemp:
*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81795AC2-BBFA-40A9-B4C2-C1A162AC9B67}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81795AC2-BBFA-40A9-B4C2-C1A162AC9B67}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86CEED45-B85C-46AE-9FE1-A62CB3214947}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86CEED45-B85C-46AE-9FE1-A62CB3214947}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C39432B3-5517-49C8-8ACD-F0173769553F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C39432B3-5517-49C8-8ACD-F0173769553F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKU\S-1-5-21-2905597249-1629462600-326273939-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145} => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E81ACD9B-9F79-4CA0-82CC-9F976E297C45}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{178C6B30-3CBF-4ECE-9060-ECFE1173B7A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2BB6BFBA-EA99-4A80-B02C-5150A0A5B261}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CEC3BE18-E637-450B-B5DE-10467C29D7BD}C:\program files (x86)\java\jre1.8.0_261\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2FAA2F69-7BA2-4BBB-93D4-E3D9FA529C57}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FF9A6185-44A3-4AAF-B848-28DA8331245E}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{624D843E-3005-4174-A38C-232C59DAE6D1}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{876C1C26-4B4F-4F6F-8F6C-D29CE0751ED2}C:\program files (x86)\java\jre1.8.0_251\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9DED04E5-CBBB-4BE1-92A6-1936398BF5B9}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EF6C2B77-156B-48E3-AA55-7B39F06DDBE7}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{07BE12DB-7DB6-4E76-9076-8713C59F0439}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E032C053-8342-4D02-A5FF-EA1BF4094C92}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{05388E02-D273-4010-9FEC-47A76A9BFCCF}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{51DD86A4-7A3B-4D5B-9A1C-AFB229613AF8}C:\program files (x86)\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BB0DB695-0B30-443D-B291-451D981C30AA}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{81A37EFA-7493-4F1C-93FC-92A56DCF6789}C:\program files (x86)\java\jre1.8.0_201\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B28E1106-7C65-4998-973D-6B42C576F506}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FDE4B27C-D078-4CB2-8F86-20447217832D}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BD0A65AF-223E-49BC-9E97-A873F55DE117}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{807389EF-F73E-498A-8F33-68B9224FB859}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0697B737-5D05-4738-ADFA-2E77ECE3178D}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B0743B75-93A8-44EA-A969-92311DDD56CD}C:\program files (x86)\java\jre1.8.0_171\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FD769A59-594E-41CE-95FA-D0C6B69CC3D3}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8BF7EB87-E13D-4FE8-8301-564719B0E349}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6444DB01-25D1-45AD-9905-8D634C3A9362}C:\program files (x86)\videoviewer\videoviewer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0390A106-3AF7-4363-A748-3F4455E14EF7}C:\program files (x86)\videoviewer\videoviewer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68EF71F6-AF14-41F2-B131-F7B442CBE9E8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9DC3E7B-2870-4617-AB22-AB93F6314765}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{142A2E18-D95F-4C53-AA9D-2CB997F46C1E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8155F672-63A1-49F9-896E-9511CA903A65}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99D1E8FB-AAD8-40F0-8EF9-6EE8BD5CA390}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D6A71AF-1ADE-46D9-A1F6-FA5F8BF89B33}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29DBEAF4-1771-4F6C-9FD8-77F5F381E08F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E8A3579-2D1D-4BB9-BA79-BCBB4B828C2B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28C31ACC-F509-44A6-AC1F-D9B690F335E6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFC98497-7732-4BEC-BB8E-B08871DBCA2C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{79C32572-946E-48CF-90CA-B64E7CB95191}C:\program files (x86)\videoviewer\videoviewer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{523EC6D2-0E8A-4FB8-A508-A795F55E382E}C:\program files (x86)\videoviewer\videoviewer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BB9736D6-BA41-4001-BBDB-81FF6FA7A576}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FB12E5DD-F9AA-4DE2-93FA-8C265F94DDF3}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 272022725 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 728480 B
Edge => 53440 B
Chrome => 512312273 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 57386 B
NetworkService => 65725156 B
defaultuser0 => 65725156 B
aaa => 139226711 B

RecycleBin => 0 B
EmptyTemp: => 1016.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:32:05 ====

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#13 Příspěvek od Diallix »

Dobre.

Poprosim o nove logy FRST + ADDITION
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

bonapart
Návštěvník
Návštěvník
Příspěvky: 87
Registrován: 27 zář 2008 20:43

Re: prosím o kontrolu logu

#14 Příspěvek od bonapart »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021
Ran by aaa (administrator) on DESKTOP-1JNUR2R (ATComputers COMFOR DIABLO I65) (16-05-2021 10:55:34)
Running from C:\Users\aaa\Desktop
Loaded Profiles: aaa
Platform: Windows 10 Pro Version 20H2 19042.985 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\mfeatp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Firewall\mfefw.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfetp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(OORT inc. -> oh!soft) C:\Program Files (x86)\oCam\oCamTask.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vicamon.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vmonproc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IMMON] => C:\Program Files (x86)\IM Magician\Vicamon.exe [143360 2010-09-28] (Vimisoft Studio) [File not signed]
HKLM-x32\...\Run: [IMMONSUPPORT] => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2020-07-10] (Hammer & Chisel Inc. -> Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [654112 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
HKLM-x32\...\Run: [EpicPen] => C:\Program Files (x86)\Epic Pen\EpicPen.exe [779152 2020-02-20] (Tank Studios LTD -> )
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-08-03] (Nero AG -> Nero AG)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [Discord] => C:\Users\aaa\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\XRXS1PC: C:\Windows\System32\spool\prtprocs\x64\xrxs1pc.dll [33792 2007-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\PJLMON.DLL [24064 2021-04-13] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\XRXS1 Langmon: C:\WINDOWS\system32\xrxs1l6.dll [22016 2007-03-23] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
Startup: C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2020-04-07]
ShortcutTarget: Telegram.lnk -> C:\Users\aaa\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2504594E-DEC7-4257-BB7A-E5A3D2BCBB9A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {476FD06C-9440-43D5-B420-27FEDC5AE2F1} - System32\Tasks\G2MUploadTask-S-1-5-21-2905597249-1629462600-326273939-1001 => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {71C37E72-5579-4A38-A6E8-566DD5108E9C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7257B0EB-FF5C-4072-8F68-9AD114EF6407} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {889AA1FF-880D-4D3B-AF59-A8BDD327FD9D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2905597249-1629462600-326273939-1001 => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {9EF66458-5B74-4E85-A5D2-24D4E8F1C6E5} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {BD5D8378-F11C-4D37-A816-E2F1D77F855F} - System32\Tasks\oCamTask => C:\Program Files (x86)\oCam\oCamTask.exe [148816 2019-09-06] (OORT inc. -> oh!soft)
Task: {DB4CBE4B-5881-49C0-9E39-BB296E2059F9} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {DFC4141C-1D5B-4C24-B902-9C7F22207E4C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2905597249-1629462600-326273939-1001.job => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2905597249-1629462600-326273939-1001.job => C:\Users\aaa\AppData\Local\GoToMeeting\19598\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{14b0b5df-90a9-4ebf-9aed-aaa7b8c0f122}: [DhcpNameServer] 10.0.0.138

Edge:
=======
DownloadDir: C:\Users\aaa\Desktop
Edge HomeButtonPage: HKU\S-1-5-21-2905597249-1629462600-326273939-1001 -> hxxp://www.seznam.cz/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\aaa\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-16]
Edge DownloadDir: Default -> C:\Users\aaa\Desktop
Edge HomePage: Default -> hxxp://www.seznam.cz/
Edge StartupUrls: Default -> "hxxps://google.com/"
Edge Session Restore: Default -> is enabled.

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-11-13] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Extension: (McAfee Endpoint Security Web Control) - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi [2019-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default [2021-05-16]
CHR DownloadDir: C:\Users\aaa\Desktop
CHR Notifications: Default -> hxxps://app.cryptokingdom.tech
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-30]
CHR Extension: (Dokumenty) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-30]
CHR Extension: (Disk Google) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2019-08-30]
CHR Extension: (YouTube) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-30]
CHR Extension: (Tabulky) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-30]
CHR Extension: (Dokumenty Google offline) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-21]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2021-04-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-16]
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-05-13]
CHR Profile: C:\Users\aaa\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mcchplg.crx [2019-10-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [241456 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [179552 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [956760 2020-11-13] () [File not signed]
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [261640 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R2 mfewc; C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe [319792 2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-05-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-05-13] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2017-06-05] (Sony Mobile Communications AB -> Sony Mobile Communications)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [107440 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2020-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfeepmpk; C:\WINDOWS\System32\drivers\mfeepmpk.sys [226432 2020-10-14] (McAfee, Inc. -> McAfee, LLC.)
S3 MfeEpNfcp; C:\WINDOWS\System32\drivers\MfeEpNfcp.sys [93568 2021-05-04] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfehck; C:\WINDOWS\System32\drivers\mfehck.sys [89520 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [563640 2020-10-14] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107448 2020-10-14] (McAfee, Inc. -> McAfee LLC.)
R1 mfenlfk; C:\WINDOWS\system32\DRIVERS\mfenlfk.sys [82352 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2020-10-14] (McAfee, Inc. -> McAfee, LLC)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-05-13] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-16 11:07 - 2021-05-16 11:07 - 000000000 ____D C:\Users\aaa\Desktop\siri will
2021-05-16 10:55 - 2021-05-16 11:00 - 000021178 _____ C:\Users\aaa\Desktop\FRST.txt
2021-05-16 10:55 - 2021-05-16 10:55 - 000000000 ____D C:\Users\aaa\Desktop\FRST-OlderVersion
2021-05-15 12:36 - 2021-05-15 12:36 - 000000000 ____D C:\Users\aaa\Desktop\Standa škola
2021-05-15 12:36 - 2021-05-15 12:36 - 000000000 ____D C:\Users\aaa\Desktop\MOJE OBCHODY
2021-05-13 17:09 - 2021-05-13 17:09 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2021-05-13 09:52 - 2021-05-13 18:07 - 000000000 ____D C:\Users\aaa\Desktop\ROOM kopie
2021-05-12 20:27 - 2021-05-12 20:28 - 000000000 ____D C:\Users\aaa\Desktop\SESTŘÍHAT
2021-05-12 19:45 - 2021-05-12 19:45 - 004246377 _____ C:\Users\aaa\Desktop\eBook_ReportMetaTrader4_HQ.pdf
2021-05-12 15:10 - 2021-05-12 15:10 - 000001435 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2021-05-12 14:28 - 2021-05-12 14:28 - 000001311 _____ C:\Users\aaa\Desktop\Země nomádů oscar 2021(2020)Cz.Titulky – zástupce.lnk
2021-05-12 10:51 - 2021-05-12 10:51 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-10 17:42 - 2021-05-10 09:56 - 000000043 _____ C:\Users\aaa\Desktop\TTW SLOVENSKO.txt
2021-05-09 21:12 - 2021-05-09 21:12 - 000012052 _____ C:\Users\aaa\Desktop\Obchodní deník ADAM.xlsx
2021-05-09 20:28 - 2021-05-12 13:28 - 000000000 ____D C:\Users\aaa\Desktop\HODAN OBCHODY
2021-05-09 12:18 - 2021-05-09 12:18 - 000001285 _____ C:\Users\aaa\Desktop\České fotbalové legendy_ Karel Poborský – zástupce.lnk
2021-05-08 12:22 - 2021-05-08 12:22 - 000000000 ____D C:\Users\aaa\Desktop\Safe telefon
2021-05-07 18:52 - 2021-05-07 18:52 - 000001425 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
2021-05-07 18:08 - 2021-05-07 20:47 - 000000000 ____D C:\Users\aaa\Desktop\Bee Gees
2021-05-06 14:07 - 2021-05-06 14:12 - 000000000 ____D C:\AdwCleaner
2021-05-06 11:21 - 2021-05-06 11:21 - 008534696 _____ (Malwarebytes) C:\Users\aaa\Desktop\adwcleaner_8.2.exe
2021-05-05 20:56 - 2021-05-16 10:58 - 000000000 ____D C:\FRST
2021-05-05 20:44 - 2021-05-16 10:55 - 002299392 _____ (Farbar) C:\Users\aaa\Desktop\FRST64.exe
2021-05-05 19:30 - 2021-05-05 19:30 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-05 19:30 - 2021-05-05 19:30 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-05-05 19:30 - 2021-05-05 19:30 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-05-05 19:29 - 2021-05-05 19:29 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-05 19:29 - 2021-05-05 19:29 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-05 19:29 - 2021-05-05 19:29 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-05 19:29 - 2021-05-05 19:29 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-05 19:28 - 2021-05-05 19:28 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-05 19:27 - 2021-05-05 19:27 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-05 19:27 - 2021-05-05 19:27 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-05 19:27 - 2021-05-05 19:27 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-05 19:27 - 2021-05-05 19:27 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-05 19:26 - 2021-05-05 19:26 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-05 18:39 - 2021-05-05 18:40 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2021-04-29 12:12 - 2021-04-29 12:12 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2021-04-20 21:17 - 2021-04-20 21:17 - 000001458 _____ C:\Users\aaa\Desktop\Korelace Ondry – zástupce.lnk
2021-04-17 16:21 - 2021-04-17 16:21 - 000000892 _____ C:\Users\aaa\Desktop\MT 4 A ZÁLOHA – zástupce.lnk
2021-04-17 16:19 - 2021-04-17 16:19 - 000002042 _____ C:\Users\aaa\Desktop\AE91483A2C1AB18F5CE478007E23752E – zástupce.lnk
2021-04-17 16:07 - 2021-05-15 12:14 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4 A
2021-04-17 16:07 - 2021-04-17 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purple Trading MT4 A

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-16 11:08 - 2016-12-02 22:53 - 000000000 ___RD C:\Users\aaa\OneDrive
2021-05-16 10:57 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-16 10:05 - 2020-10-15 23:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-05-16 08:46 - 2017-10-01 17:18 - 000000000 ____D C:\Program Files\CCleaner
2021-05-15 12:08 - 2020-11-16 21:01 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4
2021-05-15 12:04 - 2020-10-15 22:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-15 11:49 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-15 11:25 - 2018-02-06 15:10 - 000000000 ____D C:\Users\aaa\AppData\Roaming\Telegram Desktop
2021-05-15 11:18 - 2020-05-08 16:07 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-15 11:18 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-14 18:43 - 2017-07-30 17:41 - 000000000 ____D C:\Users\aaa\Desktop\Marie Tatrnová
2021-05-14 18:07 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-13 19:35 - 2020-10-15 23:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-13 19:35 - 2020-10-15 22:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-13 19:34 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-13 19:31 - 2017-08-22 19:52 - 000000000 ____D C:\Users\aaa\AppData\LocalLow\Temp
2021-05-13 17:27 - 2018-03-15 11:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-12 19:39 - 2017-08-02 13:16 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-12 15:13 - 2020-10-15 22:54 - 000442920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-12 15:13 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-12 15:08 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-12 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-12 15:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-12 11:01 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 09:24 - 2016-12-03 00:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 09:07 - 2016-12-03 00:25 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-12 06:49 - 2019-07-30 23:28 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-10 17:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-05-07 20:55 - 2020-10-15 23:12 - 001693204 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-07 20:55 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-07 20:55 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-07 19:06 - 2018-01-30 01:30 - 000000000 ____D C:\Users\aaa\AppData\Local\Packages
2021-05-07 18:56 - 2017-08-11 21:45 - 000000000 ___RD C:\Users\aaa\Desktop\NÁSTROJE
2021-05-06 14:07 - 2017-09-13 21:59 - 000000000 ____D C:\Users\aaa\AppData\Local\Microsoft Help
2021-05-06 09:41 - 2020-10-15 23:45 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2905597249-1629462600-326273939-1001
2021-05-06 09:41 - 2020-10-15 22:59 - 000002400 _____ C:\Users\aaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-05 22:23 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-05 22:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-05 22:08 - 2019-12-07 16:44 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-05 22:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-05 22:07 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-05 22:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-05 22:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-05 22:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-05 20:13 - 2019-12-07 16:47 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-05 19:49 - 2020-11-22 19:33 - 000000000 ____D C:\Users\aaa\AppData\Roaming\EpicPen
2021-05-04 09:39 - 2020-10-14 18:31 - 000093568 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\MfeEpNfcp.sys
2021-04-30 18:55 - 2018-11-25 23:40 - 000000000 ___HD C:\Users\aaa\Desktop\ACRCallsBackup
2021-04-27 16:27 - 2017-09-12 18:44 - 000000000 ____D C:\Users\aaa\AppData\Roaming\vlc
2021-04-26 09:42 - 2020-10-16 00:21 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a337560a0dc6
2021-04-26 09:42 - 2020-10-15 23:45 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-21 21:11 - 2020-08-23 15:52 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-21 12:11 - 2018-03-25 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-04-21 12:11 - 2018-03-25 12:44 - 000000000 ____D C:\Program Files (x86)\Java
2021-04-21 12:09 - 2018-03-25 12:45 - 000164640 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-04-17 16:04 - 2019-04-28 18:38 - 000000000 ____D C:\Users\aaa\AppData\Roaming\MetaQuotes

==================== Files in the root of some directories ========

2019-05-28 11:03 - 2019-06-23 19:51 - 000004608 _____ () C:\Users\aaa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-13 21:20 - 2017-09-13 21:20 - 000000017 _____ () C:\Users\aaa\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2021
Ran by aaa (16-05-2021 11:09:58)
Running from C:\Users\aaa\Desktop
Windows 10 Pro Version 20H2 19042.985 (X64) (2020-10-15 21:47:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

aaa (S-1-5-21-2905597249-1629462600-326273939-1001 - Administrator - Enabled) => C:\Users\aaa
Administrator (S-1-5-21-2905597249-1629462600-326273939-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2905597249-1629462600-326273939-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2905597249-1629462600-326273939-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2905597249-1629462600-326273939-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2905597249-1629462600-326273939-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Endpoint Security (Enabled - Up to date) {A37DD4B2-BDFF-70DA-DE19-9F9927D6940F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Endpoint Security (Enabled) {9B465597-F790-7182-F546-36ACD905D374}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.11 (HKLM-x32\...\{26CB5429-1141-40FC-A7AA-F13AC1458D10}) (Version: 4.11.3.3420 - Open Media LLC)
Admiral Markets MT5 (HKLM\...\Admiral Markets MT5) (Version: 5.00 - MetaQuotes Software Corp.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
ANTSvc version 1.0.0.0 (HKLM-x32\...\ANTSvc_is1) (Version: 1.0.0.0 - ANTSvc)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
Discord (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.9 - Poikosoft)
Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: v3.9.29.0 - TANK Studios LTD)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
IM Magician (HKLM-x32\...\{A5742726-2180-4253-83A7-53558486A7A2}) (Version: 1.00.0001 - Vimisoft Studio)
Intel(R) Computing Improvement Program (HKLM\...\{848F0123-CF5D-4192-90EC-A6574D8B1796}) (Version: 2.4.06522 - Intel Corporation)
IrfanView 4.52 (64-bit) (HKLM\...\IrfanView64) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 291 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
McAfee Agent (HKLM\...\{F01CC7C9-9545-494A-9A8E-F52037F8BE8E}) (Version: 5.6.1.308 - McAfee, Inc.) Hidden
McAfee Agent (HKLM-x32\...\McAfeeAgent) (Version: 5.6.1.308 - McAfee, Inc.)
McAfee Data Exchange Layer for MA (HKLM\...\{FEE8AD9B-C4D7-4F07-89AC-88C28E2B8809}) (Version: 5.0.10249.0 - McAfee LLC) Hidden
McAfee Data Exchange Layer for MA (HKLM-x32\...\{a3f1e826-e1b0-460f-8113-6624beacab1b}) (Version: 5.0.1.249 - McAfee LLC) Hidden
McAfee Endpoint Security Adaptive Threat Protection (HKLM\...\{377DA1C7-79DE-4102-8DB7-5C2296A3E960}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Firewall (HKLM\...\{6F88C6E9-CAD0-4D03-99E1-161383F9AD6F}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Platform (HKLM\...\{B16DE18D-4D5D-45F8-92BD-8DC17225AFD8}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Threat Prevention (HKLM\...\{820D7600-089E-486B-860F-279B8119A893}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Web Control (HKLM\...\{5974413A-8D95-4D64-B9EE-40DF28186445}) (Version: 10.7.0 - McAfee, LLC.)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}) (Version: 8.0.182 - Nero AG)
NQuotes (HKLM-x32\...\NQuotes) (Version: 1.13 - Brainroom Ltd.)
oCam 버전 515.0 (HKLM-x32\...\oCam_is1) (Version: 515.0 - hxxp://ohsoft.net/)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4 A) (Version: 4.00 - MetaQuotes Ltd.)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4) (Version: 4.00 - MetaQuotes Software Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Slovník Verdict Free (a internetový překladač) (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\Verdict Free) (Version: - )
Sonic Foundry Sound Forge 6.0a (HKLM-x32\...\{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}) (Version: 6.0.150 - Sonic Foundry)
Telegram Desktop version 2.7.4 (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.7.4 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
Video Viewer (HKLM-x32\...\Video Viewer) (Version: 0.1.9.7 - AVTECH Corporation, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VSO Downloader 5.1.1.69 (HKLM-x32\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.1.1.69 - VSO Software)
VSO Image Resizer 1.3.4d (HKLM-x32\...\VSO Image Resizer_is1) (Version: 1.3.4d - VSO-Software)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.157 - McAfee, LLC)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}) (Version: 1.0.30 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
YTD (pepak) (HKLM-x32\...\YTD_Pepak) (Version: - )
Zoom (HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\ZoomUMX) (Version: 5.2.2 (45108.0831) - Zoom Video Communications, Inc.)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-01] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
McAfee Endpoint Security Web Control -> C:\Program Files\WindowsApps\5A894077.McAfeeEndpointSecurityWebControl_10.7.3.0_x86__wafk5atnkzcwy [2020-10-14] (McAfee Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-11] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.22101.0_x64__8wekyb3d8bbwe [2021-04-24] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-18] (Netflix, Inc.)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2905597249-1629462600-326273939-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\aaa\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-08-04] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ImageResizer] -> {C6193976-9333-4E73-96BA-7B21CA942187} => C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll [2007-01-24] (VSO Software SARL) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2012-12-29] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [71680 2013-02-26] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [65536 2013-02-26] (Beepa P/L) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-12-15 14:37 - 2020-12-15 14:37 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2020-12-15 14:37 - 2020-12-15 14:37 - 001950208 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2018-01-22 20:50 - 2010-09-26 21:31 - 000073728 ____R (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\exvmuvc.ax
2018-01-22 20:50 - 2010-09-28 13:04 - 000081920 _____ (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\VmicCommonIR.dll
2018-01-22 20:50 - 2010-06-21 16:56 - 000077824 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\FlydCamCtrl.dll
2018-01-22 20:50 - 2010-09-28 14:43 - 000147456 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\Plugins\immirrc.dll
2018-01-22 20:50 - 2010-06-21 16:56 - 000073728 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\TiaDecFac.dll
2018-01-22 20:51 - 2010-06-10 16:10 - 000081920 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydblapl.ax
2018-01-22 20:51 - 2010-05-18 18:23 - 000196608 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydcam.ax

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\ssv.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-04-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Toolbar: HKLM-x32 - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2020-01-23 10:01 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2905597249-1629462600-326273939-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "IMMON"
HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "EpicPen"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\StartupFolder: => "Telegram.lnk"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2905597249-1629462600-326273939-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{38F8858B-DD30-4CED-B6A4-9D8A849DE640}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{04101C78-00BA-4BA5-94A8-B4B3C1FC16B3}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{608C9E9E-AE0C-4A8A-B759-EB9423A21412}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{1235A4DE-BEA2-402F-882B-6195C22AE353}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [TCP Query User{FE2B040D-2F2D-4443-B2C0-5587EAB714FF}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Allow) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [UDP Query User{595DF0CA-5356-40B0-9D41-C79748FE4D29}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Block) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [TCP Query User{669FD538-0D37-4D05-A9AF-34F0AF9590EE}C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe] => (Block) C:\program files (x86)\vso\vso downloader\5\vsodownloader.exe (VSO SOFTWARE -> VSO Software)
FirewallRules: [{8473AAD1-96D9-4CDB-8F8F-BB181A3D29D5}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{917A3821-484C-4B61-8498-B89208B30163}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{43CC3079-FC02-4D11-8496-A0FA0795E7A4}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{26C8ABBB-C5E4-4EE4-B2DA-5879EA24EA5D}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{BF260DAD-8FD3-43DB-B554-170AAA390C3A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{41B55316-CCE3-4118-B69F-E04AC94C3D3B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{4F05A4CF-5509-4268-AFB5-EB40A5D085B5}] => (Allow) C:\Program Files\Admiral Markets MT5\metatester64.exe (MetaQuotes Ltd. -> MetaQuotes Ltd.)
FirewallRules: [{A3518309-723E-4FB4-BC64-103B9708AA00}] => (Allow) C:\Users\aaa\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C3E3B695-92AC-4FD9-964C-CCA5051F02CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FEC2B40D-EB55-41D3-85C1-3AE600561D45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F7F912BC-FB5B-45C8-A67D-3DF4671B80E9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C6847437-B74D-4F00-B801-3F5F89FE1E54}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C07B6C3C-A546-496B-8406-3A40DD561660}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{34F7FAC2-711E-451F-AB7A-7C9A074D9A56}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{B72E368E-EB1A-4A2E-AA28-9CA706034BAE}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{BE4D5273-D152-48A8-8286-0A3D43960B42}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{6603F3F9-089A-46CD-8193-E1D1F212F022}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

27-04-2021 17:16:32 Naplánovaný kontrolní bod
05-05-2021 18:25:09 Instalační služba modulů systému Windows
12-05-2021 09:37:14 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/16/2021 10:40:39 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/16/2021 10:40:38 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/16/2021 10:40:38 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/16/2021 10:40:37 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/16/2021 10:40:36 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\0, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/16/2021 10:40:36 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\0, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/16/2021 10:40:35 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060

NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.

Error: (05/15/2021 11:11:58 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-1JNUR2R)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.


System errors:
=============
Error: (05/14/2021 02:45:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/13/2021 07:35:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby:
Soubor nebo adresář je porušen a není čitelný.

Error: (05/13/2021 07:34:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby mfemms bylo dosaženo časového limitu (30000 ms).

Error: (05/13/2021 05:12:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby:
Soubor nebo adresář je porušen a není čitelný.

Error: (05/13/2021 05:10:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby mfevtp bylo dosaženo časového limitu (30000 ms).

Error: (05/13/2021 05:09:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby mfemms bylo dosaženo časového limitu (30000 ms).

Error: (05/13/2021 05:09:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba User Energy Server Service queencreek byla ukončena s následující chybou:
Ovladač %2 vrátil neplatné číslo ID pro podřízené zařízení (%3).

Error: (05/13/2021 05:09:11 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Energy Server Service queencreek se po přijetí pokynu pro vypnutí neukončila správně.


Windows Defender:
================
Date: 2021-05-13 19:33:10
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CC5BF2F0-6C58-41EB-B15B-C1AF3682E491}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-05-13 19:19:57
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F0C00ED3-FC1E-4622-8BE4-95614116B225}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-05-13 19:15:56
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {778405FD-799D-4D16-9E11-2647B5755E59}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-05-13 19:09:54
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {48F4C0D2-F07E-46A2-A11B-21DC2D0D3686}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-05-13 18:52:46
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {56D905AC-7DEE-4F6C-974F-71D493E5AF9F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-04-13 21:29:07
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.333.160.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17900.7
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2020-11-13 17:03:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2020-11-13 17:03:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2020-11-13 17:03:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2020-11-13 16:49:36
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.325.1331.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17500.4
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

CodeIntegrity:
===============
Date: 2021-05-16 08:52:10
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\McAfee\Endpoint Security\Threat Prevention\amcfg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-05-16 08:44:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F4 02/06/2012
Motherboard: Gigabyte Technology Co., Ltd. H55M-D2H
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 79%
Total physical RAM: 3767.49 MB
Available physical RAM: 758.13 MB
Total Virtual: 7863.49 MB
Available Virtual: 4037.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.51 GB) (Free:381.03 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:372.71 GB) NTFS
Drive e: () (Removable) (Total:14.42 GB) (Free:5.8 GB) FAT32

\\?\Volume{f2781714-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{f2781714-0000-0000-0000-40c0e8000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00084F14)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F2781714)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=519 MB) - (Type=27)

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: 1C14CDC9)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0C)

==================== End of Addition.txt =======================

Uživatelský avatar
Diallix
Rádce
Rádce
Příspěvky: 2760
Registrován: 27 dub 2008 10:34
Kontaktovat uživatele:

Re: prosím o kontrolu logu

#15 Příspěvek od Diallix »

Ok, posledne docistenie:

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Preferujte ako je na tom pocitac?
Vyšla moja nová kniha BOTNETY! :173: Informácie o nej nájdete tu: >> BOTNETY <<

¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­¯­­­
---
Obrázek Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << Obrázek
----
Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
Háveťárna - UPLOAD Malwaru: >> upload <<
---
Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.

Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky

Odpovědět