zdravím, prosím o kontrolu logu ,
PC stále naplno spouští procesor bez jakychkoliv spuštenych programů jako kdybych mel v pc nejaký mining
před časem se mi neaktualizoval antivir, po přeinstalaci chodí ok,
děkuji Milan
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by HP (administrator) on DESKTOP-NP6ME1M (HP HP EliteDesk 800 G5 TWR) (21-10-2021 17:33:05)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_65c4bc64f64422d8\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\SysInfoCap.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_c0fd909ca6e7d672\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6eefa7742d2487c3\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6eefa7742d2487c3\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_667c6615c75bd143\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ec81fa442e167535\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ec81fa442e167535\IntelCpHeciSvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\mfeatp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Firewall\mfefw.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfetp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Synaptics Incorporated -> Conexant Systems LLC.) C:\Windows\CxSvc\CxAudioSvc.exe
(Synaptics Incorporated -> Conexant Systems, Inc.) C:\Windows\System32\CxUIUSvc64.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vicamon.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vmonproc.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IMMON] => C:\Program Files (x86)\IM Magician\Vicamon.exe [143360 2010-09-28] (Vimisoft Studio) [File not signed]
HKLM-x32\...\Run: [IMMONSUPPORT] => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [654112 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024 2007-08-03] (Nero AG -> Nero AG)
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\XRXS1PC: C:\Windows\System32\spool\prtprocs\x64\xrxs1pc.dll [33792 2007-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\XRXS1 Langmon: C:\WINDOWS\system32\xrxs1l6.dll [22016 2007-03-23] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-11] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019DF963-52F5-4789-BBA2-4936CAB59C89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {147ED47F-4A11-4BB1-87DD-3B7BB5CBB484} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-09-01] (HP Inc. -> HP Inc.)
Task: {650A9C76-3379-4495-9205-59B749D926D1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {6DB04BB1-6675-4115-9358-E59AD50291B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {B09B964B-E04E-46EC-BC1D-C2EFA59251DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {F6179BE0-CCAC-4362-B464-2DD0DA48FE30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{e52b45c8-1257-4cba-8186-bd5110ce7b9b}: [DhcpNameServer] 10.0.0.138
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-21]
Edge DownloadDir: Default -> C:\Users\HP\Desktop
Edge HomePage: Default -> hxxp//seznam.cz/
Edge StartupUrls: Default -> "hxxps//www.seznam.cz/"
Edge Session Restore: Default -> is enabled.
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Extension: (McAfee Endpoint Security Web Control) - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi [2019-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2021-10-21]
CHR DownloadDir: C:\Users\HP\Desktop
CHR Notifications: Default -> hxxps//www.youtube.com
CHR HomePage: Default -> hxxp//www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-10]
CHR Extension: (Dokumenty) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-10]
CHR Extension: (Disk Google) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-10]
CHR Extension: (Nimbus snímky obrazovky a záznam videa) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2021-09-14]
CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-20]
CHR Extension: (Tabulky) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-10]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-10]
CHR HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mcchplg.crx [2019-10-15]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [85496 2020-07-03] (Synaptics Incorporated -> Conexant Systems LLC.)
R2 CxUIUSvc; C:\WINDOWS\System32\CxUIUSvc64.exe [123232 2020-07-03] (Synaptics Incorporated -> Conexant Systems, Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\AppHelperCap.exe [744016 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\DiagsCap.exe [742480 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\NetworkCap.exe [742480 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\SysInfoCap.exe [743488 2021-08-27] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_65c4bc64f64422d8\x64\TouchpointAnalyticsClientService.exe [489584 2021-06-18] (HP Inc. -> HP Inc.)
R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [241456 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [179552 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [261640 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R2 mfewc; C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe [319792 2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [107440 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2021-09-30] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfeepmpk; C:\WINDOWS\System32\drivers\mfeepmpk.sys [226432 2021-09-30] (McAfee, Inc. -> McAfee, LLC.)
S3 MfeEpNfcp; C:\WINDOWS\System32\drivers\MfeEpNfcp.sys [89848 2021-09-30] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfehck; C:\WINDOWS\System32\drivers\mfehck.sys [89520 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [563640 2021-09-30] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107448 2021-09-30] (McAfee, Inc. -> McAfee LLC.)
R1 mfenlfk; C:\WINDOWS\system32\DRIVERS\mfenlfk.sys [82352 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-07-27] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-10-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [434424 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 17:33 - 2021-10-21 17:33 - 000020150 _____ C:\Users\HP\Desktop\FRST.txt
2021-10-21 16:29 - 2021-10-21 16:41 - 002310656 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2021-10-21 06:56 - 2021-10-21 06:56 - 000000000 ____D C:\Users\HP\Desktop\16.10.2021 nstitucionalky kurz
2021-10-20 21:40 - 2021-10-20 21:40 - 000000000 ____D C:\Users\HP\Desktop\MOJE OBCHODY
2021-10-20 21:30 - 2021-10-20 21:30 - 000000043 _____ C:\Users\HP\Desktop\ttw.txt
2021-10-15 17:13 - 2021-10-15 17:13 - 000309943 _____ C:\Users\HP\Desktop\priloha_957744236_0_Predlozeni_ELDP_Pazoutova_Ivana.pdf
2021-10-15 16:54 - 2021-10-15 16:54 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-15 16:54 - 2021-10-15 16:54 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-15 16:54 - 2021-10-15 16:54 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-15 16:54 - 2021-10-15 16:54 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-15 16:54 - 2021-10-15 16:54 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-15 16:54 - 2021-10-15 16:54 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-15 16:53 - 2021-10-15 16:53 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-15 16:53 - 2021-10-15 16:53 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-15 16:53 - 2021-10-15 16:53 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 16:53 - 2021-10-15 16:53 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-15 16:53 - 2021-10-15 16:53 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 16:53 - 2021-10-15 16:53 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-15 16:49 - 2021-10-15 16:49 - 000000000 ___HD C:\$WinREAgent
2021-10-15 11:08 - 2021-10-15 11:08 - 000001459 _____ C:\Users\HP\Desktop\Eqvalizer 2014 CZ.Dabing Thriller – zástupce.lnk
2021-10-15 10:51 - 2021-10-15 10:51 - 000001657 _____ C:\Users\HP\Desktop\Equalizer 2 _ The Equalizer 2 (2018) Akcni CZ 1920x800p – zástupce.lnk
2021-10-15 10:44 - 2021-10-15 10:44 - 000000000 ____D C:\Users\HP\Desktop\VSA strategie
2021-10-15 08:49 - 2021-10-15 08:49 - 000000704 _____ C:\Users\HP\Desktop\PLOCHA D.lnk
2021-10-15 08:48 - 2021-10-15 08:48 - 000000880 _____ C:\Users\HP\Desktop\AA XP – zástupce.lnk
2021-10-13 22:11 - 2021-10-13 22:11 - 000001385 _____ C:\Users\HP\Desktop\Ochránce_ Veřejný nepřítel – zástupce.lnk
2021-10-12 12:30 - 2021-10-12 12:30 - 000000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics
2021-10-08 12:16 - 2021-10-15 20:31 - 000000000 ____D C:\Users\HP\Desktop\02.10.2021
2021-10-07 19:09 - 2021-10-07 19:09 - 000001387 _____ C:\Users\HP\Desktop\Vyšinutý (2020) CZ dabing – zástupce.lnk
2021-10-01 15:25 - 2021-10-01 15:25 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-01 15:25 - 2021-10-01 15:25 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-30 20:13 - 2021-10-21 09:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-09-30 20:01 - 2021-09-30 20:11 - 000000000 ____D C:\$MfeDeepRem
2021-09-30 19:59 - 2021-10-20 07:49 - 000000000 ____D C:\Quarantine
2021-09-30 19:59 - 2021-09-30 19:59 - 000563640 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencbdc.sys
2021-09-30 19:59 - 2021-09-30 19:59 - 000226432 _____ (McAfee, LLC.) C:\WINDOWS\system32\Drivers\mfeepmpk.sys
2021-09-30 19:59 - 2021-09-30 19:59 - 000107448 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencrk.sys
2021-09-30 19:59 - 2021-09-30 19:59 - 000030136 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfeclnrk.sys
2021-09-30 19:59 - 2021-09-30 04:19 - 000089848 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\MfeEpNfcp.sys
2021-09-30 19:56 - 2021-09-30 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-09-30 19:56 - 2021-09-30 19:56 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-09-30 19:55 - 2021-09-30 19:56 - 000000000 ____D C:\Program Files\McAfee
2021-09-30 19:55 - 2021-09-30 19:55 - 000993712 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfehidk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000549568 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
2021-09-30 19:55 - 2021-09-30 19:55 - 000521648 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeaack.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000517040 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfefirek.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000379824 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000252336 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfewfpk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000116656 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeplk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000107440 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfedisk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000089520 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfehck.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000085928 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeelamk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000082352 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfenlfk.sys
2021-09-29 22:09 - 2021-09-29 22:09 - 000002070 _____ C:\Users\HP\Desktop\24-9-2021_ZEROer_1 – zástupce.lnk
2021-09-27 13:01 - 2021-09-27 13:01 - 000001213 _____ C:\Users\HP\Desktop\Michal Hrůza v Rudolfinu (2) – zástupce ().lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 17:33 - 2021-08-20 17:14 - 000000000 ____D C:\FRST
2021-10-21 17:30 - 2021-07-05 14:21 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-21 17:25 - 2021-07-10 12:42 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-21 17:25 - 2020-12-15 18:21 - 000000000 __SHD C:\Users\HP\IntelGraphicsProfiles
2021-10-21 16:10 - 2021-08-30 09:52 - 000000000 ___RD C:\Users\HP\OneDrive
2021-10-21 16:01 - 2021-04-05 18:58 - 001693656 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-21 16:01 - 2019-12-07 16:43 - 000716894 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-21 16:01 - 2019-12-07 16:43 - 000145072 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-21 16:01 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-21 15:59 - 2021-07-05 19:10 - 000000000 ____D C:\Program Files\CCleaner
2021-10-21 15:57 - 2021-04-05 18:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-21 15:57 - 2021-04-05 18:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-21 15:57 - 2020-12-15 18:22 - 000004742 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-10-21 15:57 - 2020-12-15 18:22 - 000000000 ____D C:\WINDOWS\CxSvc
2021-10-21 15:57 - 2020-12-15 18:21 - 000000000 ____D C:\Intel
2021-10-21 15:57 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-21 15:56 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-21 13:26 - 2021-04-05 18:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-21 11:35 - 2021-07-05 16:43 - 000000000 ____D C:\Users\HP\AppData\Roaming\Telegram Desktop
2021-10-21 09:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-21 09:58 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-21 07:27 - 2021-07-05 16:45 - 000000000 ____D C:\Users\HP\Downloads\Telegram Desktop
2021-10-19 20:47 - 2020-12-15 18:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-19 13:58 - 2021-07-23 17:06 - 000000000 ____D C:\Users\HP\Desktop\GIF
2021-10-17 16:53 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-10-16 09:05 - 2020-12-15 18:13 - 000000000 ____D C:\Users\HP\AppData\Local\Packages
2021-10-16 08:43 - 2021-03-17 15:33 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-15 17:22 - 2021-04-05 18:54 - 000476720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-15 17:22 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-15 16:55 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-15 11:07 - 2021-07-10 14:42 - 000000000 ____D C:\Users\HP\AppData\Roaming\vlc
2021-10-15 10:16 - 2021-07-10 16:32 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4
2021-10-15 08:56 - 2021-07-27 13:18 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4A
2021-10-14 21:01 - 2020-12-15 18:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-14 20:59 - 2020-12-15 18:30 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-13 19:40 - 2021-07-05 16:53 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-11 22:01 - 2021-07-05 14:22 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-11 07:07 - 2021-04-05 18:56 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1259765519-2013090550-2787584750-1001
2021-10-11 07:07 - 2021-04-05 18:50 - 000002372 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-10 20:36 - 2020-12-15 18:32 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-10 08:35 - 2021-04-05 18:56 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-10 08:35 - 2021-04-05 18:56 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-09-30 20:03 - 2021-07-08 09:28 - 000000000 ____D C:\ProgramData\McAfee
2021-09-30 19:59 - 2021-07-08 09:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-09-30 19:56 - 2021-07-05 19:02 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-30 19:55 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-30 19:16 - 2020-12-15 18:16 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-26 21:55 - 2021-08-11 20:34 - 000000000 ____D C:\Users\HP\Desktop\AUTAŘI
2021-09-26 21:54 - 2021-07-05 17:02 - 000000000 ___RD C:\Users\HP\Desktop\NÁSTROJE
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by HP (21-10-2021 17:35:55)
Running from C:\Users\HP\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2021-04-05 16:57:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1259765519-2013090550-2787584750-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1259765519-2013090550-2787584750-503 - Limited - Disabled)
Guest (S-1-5-21-1259765519-2013090550-2787584750-501 - Limited - Disabled)
HP (S-1-5-21-1259765519-2013090550-2787584750-1001 - Administrator - Enabled) => C:\Users\HP
WDAGUtilityAccount (S-1-5-21-1259765519-2013090550-2787584750-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Endpoint Security (Enabled - Up to date) {A37DD4B2-BDFF-70DA-DE19-9F9927D6940F}
FW: McAfee Endpoint Security (Enabled) {9B465597-F790-7182-F546-36ACD905D374}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader (HKLM\...\{560E7B2D-43A3-4A2C-B578-44525724B639}) (Version: 4.16.4.4300 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{6919d361-5a00-4c44-a3be-f5033ff85337}) (Version: 4.16.4.4300 - Open Media LLC)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
Apowersoft Video Stahovač V6.4.7 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.4.7 - APOWERSOFT LIMITED)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
IM Magician (HKLM-x32\...\{A5742726-2180-4253-83A7-53558486A7A2}) (Version: 1.00.0001 - Vimisoft Studio)
Java 8 Update 301 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
McAfee Agent (HKLM\...\{F01CC7C9-9545-494A-9A8E-F52037F8BE8E}) (Version: 5.6.1.308 - McAfee, Inc.) Hidden
McAfee Agent (HKLM-x32\...\McAfeeAgent) (Version: 5.6.1.308 - McAfee, Inc.)
McAfee Data Exchange Layer for MA (HKLM\...\{FEE8AD9B-C4D7-4F07-89AC-88C28E2B8809}) (Version: 5.0.10249.0 - McAfee LLC) Hidden
McAfee Data Exchange Layer for MA (HKLM-x32\...\{a3f1e826-e1b0-460f-8113-6624beacab1b}) (Version: 5.0.1.249 - McAfee LLC) Hidden
McAfee Endpoint Security Adaptive Threat Protection (HKLM\...\{377DA1C7-79DE-4102-8DB7-5C2296A3E960}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Firewall (HKLM\...\{6F88C6E9-CAD0-4D03-99E1-161383F9AD6F}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Platform (HKLM\...\{B16DE18D-4D5D-45F8-92BD-8DC17225AFD8}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Threat Prevention (HKLM\...\{820D7600-089E-486B-860F-279B8119A893}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Web Control (HKLM\...\{5974413A-8D95-4D64-B9EE-40DF28186445}) (Version: 10.7.0 - McAfee, LLC.)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\OneDriveSetup.exe) (Version: 21.196.0921.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}) (Version: 8.0.182 - Nero AG)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4) (Version: 4.00 - MetaQuotes Ltd.)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4A) (Version: 4.00 - MetaQuotes Ltd.)
Sonic Foundry Sound Forge 6.0a (HKLM-x32\...\{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}) (Version: 6.0.150 - Sonic Foundry)
Telegram Desktop version 3.1.8 (HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.1.8 - Telegram FZ-LLC)
TLauncher (HKLM-x32\...\TLauncher2.8) (Version: 2.8 - TLauncher Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VSO Image Resizer 1.3.4d (HKLM-x32\...\VSO Image Resizer_is1) (Version: 1.3.4d - VSO-Software)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
Zoom (HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\ZoomUMX) (Version: 5.7.1 (543) - Zoom Video Communications, Inc.)
Packages:
=========
Audio Controls -> C:\Program Files\WindowsApps\22094SynapticsIncorporate.AudioControls_1.3.97.0_x64__qt57b6kdvhcfw [2020-12-15] (Synaptics Hong Kong Limited, Taiwan Branch (H.K.))
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.9.58.0_x64__v10z8vjag6ke6 [2021-10-07] (HP Inc.)
McAfee Endpoint Security Web Control -> C:\Program Files\WindowsApps\5A894077.McAfeeEndpointSecurityWebControl_10.7.3.0_x86__wafk5atnkzcwy [2021-09-30] (McAfee Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-07] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-08] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-21] (INTEL CORP) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1259765519-2013090550-2787584750-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-08-04] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ImageResizer] -> {C6193976-9333-4E73-96BA-7B21CA942187} => C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll [2007-01-24] (VSO Software SARL) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-07-21 20:48 - 2021-07-21 20:48 - 042803200 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.dll
2021-07-06 13:08 - 2010-09-26 20:31 - 000073728 ____R (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\exvmuvc.ax
2021-07-06 13:08 - 2010-09-28 12:04 - 000081920 _____ (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\VmicCommonIR.dll
2021-07-06 13:08 - 2010-06-21 15:56 - 000077824 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\FlydCamCtrl.dll
2021-07-06 13:08 - 2010-09-28 13:43 - 000147456 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\Plugins\immirrc.dll
2021-07-06 13:08 - 2010-06-21 15:56 - 000073728 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\TiaDecFac.dll
2021-07-06 13:08 - 2010-06-10 15:10 - 000081920 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydblapl.ax
2021-07-06 13:08 - 2010-05-18 17:23 - 000196608 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydcam.ax
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
BHO: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2020-12-15] (HP Inc. -> HP Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssv.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2020-12-15] (HP Inc. -> HP Inc.)
Toolbar: HKLM - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Toolbar: HKLM-x32 - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "IMMON"
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CB976A41-BBB7-4AAE-A372-C7E3BCD7549D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{76891230-6DD7-46C6-86CB-35E274CA52E1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{FC6E8F25-FE40-4F58-AE25-50EB2C679ED6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{D7FD6108-CCEF-4A15-A060-838E4D2D76C8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{3973047C-6555-49B5-A26E-EA5862F24F25}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FAB2E1B4-0B8F-4C68-B20D-C0DE3615B73A}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{8195DA2D-AD9D-4950-ABA4-5D0E6A5CC99E}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{AF8BC8C7-D886-4315-8A1F-B2BB47E2B682}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{CCFF77A0-78F2-46D7-BAB0-9DB3144653F1}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{67300863-E246-407D-8DC4-5548CBDB1E43}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{E801902F-F82A-4D35-A059-4262424DD5F8}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{FB55E9A4-59A7-4DB5-AD64-A6C0B65C28BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77400F50-F131-4E9B-98B4-B861511289CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{948905F4-5204-48E1-ABA5-1FCFF82E701E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8CCA5F8E-02CB-4D97-80FD-A3716C2C020A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{007AED66-5AD8-4CBE-A6E5-13B005D9632D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
30-09-2021 19:18:10 Removed McAfee Agent.
10-10-2021 08:57:17 Naplánovaný kontrolní bod
14-10-2021 20:59:16 Instalační služba modulů systému Windows
15-10-2021 16:49:28 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Kompatibilní myš PS/2
Description: Kompatibilní myš PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/21/2021 11:50:52 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 11:50:52 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 11:50:52 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 11:50:52 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 11:50:52 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\0, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 11:50:52 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 11:45:23 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 11:45:23 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
System errors:
=============
Error: (10/21/2021 10:34:33 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NP6ME1M)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/21/2021 10:34:33 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NP6ME1M)
Description: Server Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider se v daném časovém limitu neregistroval u služby DCOM.
Error: (10/19/2021 09:49:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CxUIUSvc Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/19/2021 07:02:35 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (10/19/2021 08:58:34 AM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14
Error: (10/11/2021 04:59:24 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (10/10/2021 10:10:13 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.
Error: (09/30/2021 09:39:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby CxUIUSvc bylo dosaženo časového limitu (30000 ms).
Windows Defender:
================
Date: 2021-10-20 08:15:52
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe; containerfile:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe; file:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe->(nsis-instdata); file:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel:
Název procesu: C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
Verze bezpečnostních informací: AV: 1.351.702.0, AS: 1.351.702.0, NIS: 1.351.702.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4
Date: 2021-10-20 07:48:34
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe; containerfile:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe; file:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe->(nsis-instdata); file:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
Verze bezpečnostních informací: AV: 1.351.702.0, AS: 1.351.702.0, NIS: 1.351.702.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4
Date: 2021-10-20 06:04:55
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe; file:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
Verze bezpečnostních informací: AV: 1.351.702.0, AS: 1.351.702.0, NIS: 1.351.702.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4
Date: 2021-10-19 20:59:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3DF7CD4F-5CD3-4118-9F6F-87F9AF780E67}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-10-19 20:52:18
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {33AE562B-F0F1-49AD-BC88-3A59052087FE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-07-05 14:30:19
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
CodeIntegrity:
===============
Date: 2021-10-21 16:00:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Microsoft signing level requirements.
Date: 2021-10-21 15:59:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: HP R01 Ver. 02.09.00 04/15/2021
Motherboard: HP 8591
Processor: Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz
Percentage of memory in use: 13%
Total physical RAM: 32542.29 MB
Available physical RAM: 28203.55 MB
Total Virtual: 37406.29 MB
Available Virtual: 31551.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:953.24 GB) (Free:480.99 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:309.46 GB) NTFS
\\?\Volume{a5d7af93-f056-4206-aa41-e825abf07910}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{b439ff86-770c-486c-a989-8a1f3b93c28e}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00084F14)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosim o kontrolu logu FRST
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosim o kontrolu logu FRST
Dobry den.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.
► Vyšla moja nová kniha BOTNETY! 
Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosim o kontrolu logu FRST
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-08.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-21-2021
# Duration: 00:00:04
# OS: Windows 10 Pro
# Scanned: 31986
# Detected: 9
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\HP\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
AdwCleaner[S00].txt - [2523 octets] - [22/08/2021 18:24:19]
AdwCleaner[S01].txt - [2584 octets] - [22/08/2021 18:27:01]
AdwCleaner[S02].txt - [2645 octets] - [22/08/2021 18:27:58]
AdwCleaner[S03].txt - [2706 octets] - [22/08/2021 18:30:36]
AdwCleaner[C03].txt - [3011 octets] - [22/08/2021 18:31:03]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-08.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-21-2021
# Duration: 00:00:04
# OS: Windows 10 Pro
# Scanned: 31986
# Detected: 9
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\HP\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
AdwCleaner[S00].txt - [2523 octets] - [22/08/2021 18:24:19]
AdwCleaner[S01].txt - [2584 octets] - [22/08/2021 18:27:01]
AdwCleaner[S02].txt - [2645 octets] - [22/08/2021 18:27:58]
AdwCleaner[S03].txt - [2706 octets] - [22/08/2021 18:30:36]
AdwCleaner[C03].txt - [3011 octets] - [22/08/2021 18:31:03]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
Re: prosim o kontrolu logu FRST
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Kód: Vybrat vše
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
EmptyTemp:
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosim o kontrolu logu FRST
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by HP (21-10-2021 19:55:57) Run:2
Running from C:\Users\HP\Desktop
Loaded Profiles: HP
Boot Mode: Normal
==============================================
fixlist content:
*****************
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
EmptyTemp:
*****************
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
"HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" => removed successfully
"HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 649144401 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 19760949 B
Edge => 0 B
Chrome => 664587731 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 108792 B
NetworkService => 122132 B
HP => 36345020 B
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:56:43 ====
Ran by HP (21-10-2021 19:55:57) Run:2
Running from C:\Users\HP\Desktop
Loaded Profiles: HP
Boot Mode: Normal
==============================================
fixlist content:
*****************
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
EmptyTemp:
*****************
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
"HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Search Page" => removed successfully
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" => removed successfully
"HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 649144401 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 19760949 B
Edge => 0 B
Chrome => 664587731 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 108792 B
NetworkService => 122132 B
HP => 36345020 B
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:56:43 ====
Re: prosim o kontrolu logu FRST
Ako je na tom pocitac?
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosim o kontrolu logu FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2021
Ran by HP (administrator) on DESKTOP-NP6ME1M (HP HP EliteDesk 800 G5 TWR) (21-10-2021 20:53:01)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_65c4bc64f64422d8\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\SysInfoCap.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_c0fd909ca6e7d672\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6eefa7742d2487c3\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6eefa7742d2487c3\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_667c6615c75bd143\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ec81fa442e167535\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ec81fa442e167535\IntelCpHeciSvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewch.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\mfeatp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Firewall\mfefw.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfetp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Synaptics Incorporated -> Conexant Systems LLC.) C:\Windows\CxSvc\CxAudioSvc.exe
(Synaptics Incorporated -> Conexant Systems, Inc.) C:\Windows\System32\CxUIUSvc64.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vicamon.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vmonproc.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IMMON] => C:\Program Files (x86)\IM Magician\Vicamon.exe [143360 2010-09-28] (Vimisoft Studio) [File not signed]
HKLM-x32\...\Run: [IMMONSUPPORT] => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [654112 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\XRXS1PC: C:\Windows\System32\spool\prtprocs\x64\xrxs1pc.dll [33792 2007-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\XRXS1 Langmon: C:\WINDOWS\system32\xrxs1l6.dll [22016 2007-03-23] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-11] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019DF963-52F5-4789-BBA2-4936CAB59C89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {147ED47F-4A11-4BB1-87DD-3B7BB5CBB484} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-09-01] (HP Inc. -> HP Inc.)
Task: {5A7ECAEA-1711-4967-BD19-B070210DD150} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {650A9C76-3379-4495-9205-59B749D926D1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {6DB04BB1-6675-4115-9358-E59AD50291B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {7AEEE73C-31A0-4C19-AFD6-6AB414C02319} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {966B7949-FBB3-4C77-B0FD-1BD46631F380} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A01BC958-DEA0-4F6E-81C8-397AB2B34C0B} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\Engine\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-09-30] (McAfee, Inc. -> McAfee, LLC.)
Task: {B09B964B-E04E-46EC-BC1D-C2EFA59251DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {C1639F52-395D-4B7E-9C3F-A69639E4114C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6179BE0-CCAC-4362-B464-2DD0DA48FE30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{e52b45c8-1257-4cba-8186-bd5110ce7b9b}: [DhcpNameServer] 10.0.0.138
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-21]
Edge DownloadDir: Default -> C:\Users\HP\Desktop
Edge HomePage: Default -> hxxp//seznam.cz/
Edge StartupUrls: Default -> "hxxps//www.seznam.cz/"
Edge Session Restore: Default -> is enabled.
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Extension: (McAfee Endpoint Security Web Control) - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi [2019-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2021-10-21]
CHR DownloadDir: C:\Users\HP\Desktop
CHR Notifications: Default -> hxxps//www.youtube.com
CHR HomePage: Default -> hxxp//www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-10]
CHR Extension: (Dokumenty) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-10]
CHR Extension: (Disk Google) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-10]
CHR Extension: (Nimbus snímky obrazovky a záznam videa) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2021-09-14]
CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-20]
CHR Extension: (Tabulky) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-10]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-10]
CHR HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mcchplg.crx [2019-10-15]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [85496 2020-07-03] (Synaptics Incorporated -> Conexant Systems LLC.)
R2 CxUIUSvc; C:\WINDOWS\System32\CxUIUSvc64.exe [123232 2020-07-03] (Synaptics Incorporated -> Conexant Systems, Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\AppHelperCap.exe [744016 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\DiagsCap.exe [742480 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\NetworkCap.exe [742480 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\SysInfoCap.exe [743488 2021-08-27] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_65c4bc64f64422d8\x64\TouchpointAnalyticsClientService.exe [489584 2021-06-18] (HP Inc. -> HP Inc.)
R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [241456 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [179552 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [261640 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R2 mfewc; C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe [319792 2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [107440 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2021-09-30] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfeepmpk; C:\WINDOWS\System32\drivers\mfeepmpk.sys [226432 2021-09-30] (McAfee, Inc. -> McAfee, LLC.)
S3 MfeEpNfcp; C:\WINDOWS\System32\drivers\MfeEpNfcp.sys [89848 2021-09-30] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfehck; C:\WINDOWS\System32\drivers\mfehck.sys [89520 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [563640 2021-09-30] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107448 2021-09-30] (McAfee, Inc. -> McAfee LLC.)
R1 mfenlfk; C:\WINDOWS\system32\DRIVERS\mfenlfk.sys [82352 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-07-27] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-10-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 20:52 - 2021-10-21 20:52 - 000000000 ____D C:\Users\HP\Desktop\Nová složka
2021-10-21 19:55 - 2021-10-21 19:56 - 000007537 _____ C:\Users\HP\Desktop\Fixlog.txt
2021-10-21 18:49 - 2021-10-21 18:49 - 008553680 _____ (Malwarebytes) C:\Users\HP\Desktop\adwcleaner_8.3.0.exe
2021-10-21 17:33 - 2021-10-21 20:53 - 000021041 _____ C:\Users\HP\Desktop\FRST.txt
2021-10-21 16:29 - 2021-10-21 16:41 - 002310656 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2021-10-21 06:56 - 2021-10-21 06:56 - 000000000 ____D C:\Users\HP\Desktop\16.10.2021 nstitucionalky kurz
2021-10-20 21:40 - 2021-10-20 21:40 - 000000000 ____D C:\Users\HP\Desktop\MOJE OBCHODY
2021-10-20 21:30 - 2021-10-20 21:30 - 000000043 _____ C:\Users\HP\Desktop\ttw.txt
2021-10-15 17:13 - 2021-10-15 17:13 - 000309943 _____ C:\Users\HP\Desktop\priloha_957744236_0_Predlozeni_ELDP_Pazoutova_Ivana.pdf
2021-10-15 16:54 - 2021-10-15 16:54 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-15 16:54 - 2021-10-15 16:54 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-15 16:54 - 2021-10-15 16:54 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-15 16:54 - 2021-10-15 16:54 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-15 16:54 - 2021-10-15 16:54 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-15 16:54 - 2021-10-15 16:54 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-15 16:53 - 2021-10-15 16:53 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-15 16:53 - 2021-10-15 16:53 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-15 16:53 - 2021-10-15 16:53 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 16:53 - 2021-10-15 16:53 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-15 16:53 - 2021-10-15 16:53 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 16:53 - 2021-10-15 16:53 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-15 16:49 - 2021-10-15 16:49 - 000000000 ___HD C:\$WinREAgent
2021-10-15 11:08 - 2021-10-15 11:08 - 000001459 _____ C:\Users\HP\Desktop\Eqvalizer 2014 CZ.Dabing Thriller – zástupce.lnk
2021-10-15 10:51 - 2021-10-15 10:51 - 000001657 _____ C:\Users\HP\Desktop\Equalizer 2 _ The Equalizer 2 (2018) Akcni CZ 1920x800p – zástupce.lnk
2021-10-15 10:44 - 2021-10-15 10:44 - 000000000 ____D C:\Users\HP\Desktop\VSA strategie
2021-10-15 08:49 - 2021-10-15 08:49 - 000000704 _____ C:\Users\HP\Desktop\PLOCHA D.lnk
2021-10-15 08:48 - 2021-10-15 08:48 - 000000880 _____ C:\Users\HP\Desktop\AA XP – zástupce.lnk
2021-10-13 22:11 - 2021-10-13 22:11 - 000001385 _____ C:\Users\HP\Desktop\Ochránce_ Veřejný nepřítel – zástupce.lnk
2021-10-12 12:30 - 2021-10-12 12:30 - 000000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics
2021-10-08 12:16 - 2021-10-15 20:31 - 000000000 ____D C:\Users\HP\Desktop\02.10.2021
2021-10-07 19:09 - 2021-10-07 19:09 - 000001387 _____ C:\Users\HP\Desktop\Vyšinutý (2020) CZ dabing – zástupce.lnk
2021-10-01 15:25 - 2021-10-01 15:25 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-01 15:25 - 2021-10-01 15:25 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-30 20:13 - 2021-10-21 20:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-09-30 20:01 - 2021-09-30 20:11 - 000000000 ____D C:\$MfeDeepRem
2021-09-30 19:59 - 2021-10-20 07:49 - 000000000 ____D C:\Quarantine
2021-09-30 19:59 - 2021-09-30 19:59 - 000563640 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencbdc.sys
2021-09-30 19:59 - 2021-09-30 19:59 - 000226432 _____ (McAfee, LLC.) C:\WINDOWS\system32\Drivers\mfeepmpk.sys
2021-09-30 19:59 - 2021-09-30 19:59 - 000107448 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencrk.sys
2021-09-30 19:59 - 2021-09-30 19:59 - 000030136 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfeclnrk.sys
2021-09-30 19:59 - 2021-09-30 04:19 - 000089848 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\MfeEpNfcp.sys
2021-09-30 19:56 - 2021-09-30 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-09-30 19:56 - 2021-09-30 19:56 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-09-30 19:55 - 2021-09-30 19:56 - 000000000 ____D C:\Program Files\McAfee
2021-09-30 19:55 - 2021-09-30 19:55 - 000993712 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfehidk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000549568 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
2021-09-30 19:55 - 2021-09-30 19:55 - 000521648 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeaack.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000517040 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfefirek.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000379824 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000252336 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfewfpk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000116656 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeplk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000107440 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfedisk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000089520 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfehck.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000085928 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeelamk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000082352 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfenlfk.sys
2021-09-29 22:09 - 2021-09-29 22:09 - 000002070 _____ C:\Users\HP\Desktop\24-9-2021_ZEROer_1 – zástupce.lnk
2021-09-27 13:01 - 2021-09-27 13:01 - 000001213 _____ C:\Users\HP\Desktop\Michal Hrůza v Rudolfinu (2) – zástupce ().lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 20:53 - 2021-08-20 17:14 - 000000000 ____D C:\FRST
2021-10-21 20:52 - 2020-12-15 18:36 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-10-21 20:49 - 2021-04-05 18:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-21 20:30 - 2021-07-05 14:21 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-21 20:10 - 2021-04-05 18:58 - 001693656 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-21 20:10 - 2019-12-07 16:43 - 000716894 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-21 20:10 - 2019-12-07 16:43 - 000145072 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-21 20:10 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-21 20:08 - 2021-07-05 19:10 - 000000000 ____D C:\Program Files\CCleaner
2021-10-21 20:06 - 2021-07-10 12:42 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-21 20:06 - 2021-04-05 18:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-21 20:06 - 2021-04-05 18:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-21 20:06 - 2020-12-15 18:22 - 000006096 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-10-21 20:06 - 2020-12-15 18:22 - 000000000 ____D C:\WINDOWS\CxSvc
2021-10-21 20:06 - 2020-12-15 18:21 - 000000000 __SHD C:\Users\HP\IntelGraphicsProfiles
2021-10-21 20:06 - 2020-12-15 18:21 - 000000000 ____D C:\Intel
2021-10-21 20:06 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-21 20:05 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-21 19:05 - 2021-03-17 15:16 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-10-21 19:05 - 2020-12-15 18:36 - 000000000 ____D C:\Users\HP\AppData\Roaming\Hewlett-Packard
2021-10-21 19:05 - 2020-12-15 18:22 - 000000000 ____D C:\ProgramData\HP
2021-10-21 16:10 - 2021-08-30 09:52 - 000000000 ___RD C:\Users\HP\OneDrive
2021-10-21 11:35 - 2021-07-05 16:43 - 000000000 ____D C:\Users\HP\AppData\Roaming\Telegram Desktop
2021-10-21 09:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-21 09:58 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-21 07:27 - 2021-07-05 16:45 - 000000000 ____D C:\Users\HP\Downloads\Telegram Desktop
2021-10-19 20:47 - 2020-12-15 18:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-19 13:58 - 2021-07-23 17:06 - 000000000 ____D C:\Users\HP\Desktop\GIF
2021-10-17 16:53 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-10-16 09:05 - 2020-12-15 18:13 - 000000000 ____D C:\Users\HP\AppData\Local\Packages
2021-10-16 08:43 - 2021-03-17 15:33 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-15 17:22 - 2021-04-05 18:54 - 000476720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-15 17:22 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-15 16:55 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-15 11:07 - 2021-07-10 14:42 - 000000000 ____D C:\Users\HP\AppData\Roaming\vlc
2021-10-15 10:16 - 2021-07-10 16:32 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4
2021-10-15 08:56 - 2021-07-27 13:18 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4A
2021-10-14 21:01 - 2020-12-15 18:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-14 20:59 - 2020-12-15 18:30 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-13 19:40 - 2021-07-05 16:53 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-11 22:01 - 2021-07-05 14:22 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-11 07:07 - 2021-04-05 18:56 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1259765519-2013090550-2787584750-1001
2021-10-11 07:07 - 2021-04-05 18:50 - 000002372 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-10 20:36 - 2020-12-15 18:32 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-10 08:35 - 2021-04-05 18:56 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-10 08:35 - 2021-04-05 18:56 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-09-30 20:03 - 2021-07-08 09:28 - 000000000 ____D C:\ProgramData\McAfee
2021-09-30 19:59 - 2021-07-08 09:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-09-30 19:56 - 2021-07-05 19:02 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-30 19:55 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-30 19:16 - 2020-12-15 18:16 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-26 21:55 - 2021-08-11 20:34 - 000000000 ____D C:\Users\HP\Desktop\AUTAŘI
2021-09-26 21:54 - 2021-07-05 17:02 - 000000000 ___RD C:\Users\HP\Desktop\NÁSTROJE
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by HP (21-10-2021 20:54:02)
Running from C:\Users\HP\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2021-04-05 16:57:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1259765519-2013090550-2787584750-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1259765519-2013090550-2787584750-503 - Limited - Disabled)
Guest (S-1-5-21-1259765519-2013090550-2787584750-501 - Limited - Disabled)
HP (S-1-5-21-1259765519-2013090550-2787584750-1001 - Administrator - Enabled) => C:\Users\HP
WDAGUtilityAccount (S-1-5-21-1259765519-2013090550-2787584750-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Endpoint Security (Disabled - Out of date) {A37DD4B2-BDFF-70DA-DE19-9F9927D6940F}
FW: McAfee Endpoint Security (Enabled) {9B465597-F790-7182-F546-36ACD905D374}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader (HKLM\...\{560E7B2D-43A3-4A2C-B578-44525724B639}) (Version: 4.16.4.4300 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{6919d361-5a00-4c44-a3be-f5033ff85337}) (Version: 4.16.4.4300 - Open Media LLC)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
Apowersoft Video Stahovač V6.4.7 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.4.7 - APOWERSOFT LIMITED)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
IM Magician (HKLM-x32\...\{A5742726-2180-4253-83A7-53558486A7A2}) (Version: 1.00.0001 - Vimisoft Studio)
Java 8 Update 301 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
McAfee Agent (HKLM\...\{F01CC7C9-9545-494A-9A8E-F52037F8BE8E}) (Version: 5.6.1.308 - McAfee, Inc.) Hidden
McAfee Agent (HKLM-x32\...\McAfeeAgent) (Version: 5.6.1.308 - McAfee, Inc.)
McAfee Data Exchange Layer for MA (HKLM\...\{FEE8AD9B-C4D7-4F07-89AC-88C28E2B8809}) (Version: 5.0.10249.0 - McAfee LLC) Hidden
McAfee Data Exchange Layer for MA (HKLM-x32\...\{a3f1e826-e1b0-460f-8113-6624beacab1b}) (Version: 5.0.1.249 - McAfee LLC) Hidden
McAfee Endpoint Security Adaptive Threat Protection (HKLM\...\{377DA1C7-79DE-4102-8DB7-5C2296A3E960}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Firewall (HKLM\...\{6F88C6E9-CAD0-4D03-99E1-161383F9AD6F}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Platform (HKLM\...\{B16DE18D-4D5D-45F8-92BD-8DC17225AFD8}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Threat Prevention (HKLM\...\{820D7600-089E-486B-860F-279B8119A893}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Web Control (HKLM\...\{5974413A-8D95-4D64-B9EE-40DF28186445}) (Version: 10.7.0 - McAfee, LLC.)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\OneDriveSetup.exe) (Version: 21.196.0921.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}) (Version: 8.0.182 - Nero AG)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4) (Version: 4.00 - MetaQuotes Ltd.)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4A) (Version: 4.00 - MetaQuotes Ltd.)
Sonic Foundry Sound Forge 6.0a (HKLM-x32\...\{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}) (Version: 6.0.150 - Sonic Foundry)
Telegram Desktop version 3.1.8 (HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.1.8 - Telegram FZ-LLC)
TLauncher (HKLM-x32\...\TLauncher2.8) (Version: 2.8 - TLauncher Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VSO Image Resizer 1.3.4d (HKLM-x32\...\VSO Image Resizer_is1) (Version: 1.3.4d - VSO-Software)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
Zoom (HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\ZoomUMX) (Version: 5.7.1 (543) - Zoom Video Communications, Inc.)
Packages:
=========
Audio Controls -> C:\Program Files\WindowsApps\22094SynapticsIncorporate.AudioControls_1.3.97.0_x64__qt57b6kdvhcfw [2020-12-15] (Synaptics Hong Kong Limited, Taiwan Branch (H.K.))
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.9.58.0_x64__v10z8vjag6ke6 [2021-10-07] (HP Inc.)
McAfee Endpoint Security Web Control -> C:\Program Files\WindowsApps\5A894077.McAfeeEndpointSecurityWebControl_10.7.3.0_x86__wafk5atnkzcwy [2021-09-30] (McAfee Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-07] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-08] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-21] (INTEL CORP) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1259765519-2013090550-2787584750-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-08-04] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ImageResizer] -> {C6193976-9333-4E73-96BA-7B21CA942187} => C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll [2007-01-24] (VSO Software SARL) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-07-21 20:48 - 2021-07-21 20:48 - 042803200 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.dll
2021-07-06 13:08 - 2010-09-26 20:31 - 000073728 ____R (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\exvmuvc.ax
2021-07-06 13:08 - 2010-09-28 12:04 - 000081920 _____ (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\VmicCommonIR.dll
2021-07-06 13:08 - 2010-06-21 15:56 - 000077824 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\FlydCamCtrl.dll
2021-07-06 13:08 - 2010-09-28 13:43 - 000147456 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\Plugins\immirrc.dll
2021-07-06 13:08 - 2010-06-21 15:56 - 000073728 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\TiaDecFac.dll
2021-07-06 13:08 - 2010-06-10 15:10 - 000081920 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydblapl.ax
2021-07-06 13:08 - 2010-05-18 17:23 - 000196608 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydcam.ax
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssv.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Toolbar: HKLM-x32 - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "IMMON"
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CB976A41-BBB7-4AAE-A372-C7E3BCD7549D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{76891230-6DD7-46C6-86CB-35E274CA52E1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{FC6E8F25-FE40-4F58-AE25-50EB2C679ED6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{D7FD6108-CCEF-4A15-A060-838E4D2D76C8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{3973047C-6555-49B5-A26E-EA5862F24F25}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FAB2E1B4-0B8F-4C68-B20D-C0DE3615B73A}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{8195DA2D-AD9D-4950-ABA4-5D0E6A5CC99E}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{AF8BC8C7-D886-4315-8A1F-B2BB47E2B682}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{CCFF77A0-78F2-46D7-BAB0-9DB3144653F1}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{67300863-E246-407D-8DC4-5548CBDB1E43}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{E801902F-F82A-4D35-A059-4262424DD5F8}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{FB55E9A4-59A7-4DB5-AD64-A6C0B65C28BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77400F50-F131-4E9B-98B4-B861511289CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{948905F4-5204-48E1-ABA5-1FCFF82E701E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8CCA5F8E-02CB-4D97-80FD-A3716C2C020A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{007AED66-5AD8-4CBE-A6E5-13B005D9632D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
30-09-2021 19:18:10 Removed McAfee Agent.
10-10-2021 08:57:17 Naplánovaný kontrolní bod
14-10-2021 20:59:16 Instalační služba modulů systému Windows
15-10-2021 16:49:28 Instalační služba modulů systému Windows
21-10-2021 19:05:33 AdwCleaner_BeforeCleaning_21/10/2021_19:05:32
==================== Faulty Device Manager Devices ============
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Kompatibilní myš PS/2
Description: Kompatibilní myš PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\0, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:13 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:13 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\0, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
System errors:
=============
Error: (10/21/2021 07:05:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CxUIUSvc Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Analytics service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Graphics Command Center Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth Driver Management Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Content Protection HECI Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Sound Research SECOMN Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
================
Date: 2021-10-21 20:49:17
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {372B5BA3-695A-4165-AAD3-3D86D7C9B5D5}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-10-21 20:23:42
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B597656C-2356-40B6-A5DD-9C16DFB29023}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-10-20 08:15:52
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe; containerfile:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe; file:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe->(nsis-instdata); file:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel:
Název procesu: C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
Verze bezpečnostních informací: AV: 1.351.702.0, AS: 1.351.702.0, NIS: 1.351.702.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4
Date: 2021-10-20 07:48:34
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe; containerfile:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe; file:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe->(nsis-instdata); file:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
Verze bezpečnostních informací: AV: 1.351.702.0, AS: 1.351.702.0, NIS: 1.351.702.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4
Date: 2021-10-20 06:04:55
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe; file:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
Verze bezpečnostních informací: AV: 1.351.702.0, AS: 1.351.702.0, NIS: 1.351.702.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4
Date: 2021-07-05 14:30:19
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
CodeIntegrity:
===============
Date: 2021-10-21 20:49:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Windows signing level requirements.
Date: 2021-10-21 20:23:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: HP R01 Ver. 02.09.00 04/15/2021
Motherboard: HP 8591
Processor: Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz
Percentage of memory in use: 13%
Total physical RAM: 32542.29 MB
Available physical RAM: 28023.87 MB
Total Virtual: 37406.29 MB
Available Virtual: 31168.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:953.24 GB) (Free:480.29 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:309.46 GB) NTFS
\\?\Volume{a5d7af93-f056-4206-aa41-e825abf07910}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{b439ff86-770c-486c-a989-8a1f3b93c28e}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00084F14)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
zatím počítač vypadá ok, ale pozna se to po 1 dni provozu,
byla tam nějaká havěť ?
Ran by HP (administrator) on DESKTOP-NP6ME1M (HP HP EliteDesk 800 G5 TWR) (21-10-2021 20:53:01)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_65c4bc64f64422d8\x64\TouchpointAnalyticsClientService.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\SysInfoCap.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_c0fd909ca6e7d672\LMS.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6eefa7742d2487c3\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6eefa7742d2487c3\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_667c6615c75bd143\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ec81fa442e167535\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_ec81fa442e167535\IntelCpHeciSvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewch.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\mfeatp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Firewall\mfefw.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeensppl.exe
(McAfee, Inc. -> McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfetp.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(Synaptics Incorporated -> Conexant Systems LLC.) C:\Windows\CxSvc\CxAudioSvc.exe
(Synaptics Incorporated -> Conexant Systems, Inc.) C:\Windows\System32\CxUIUSvc64.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vicamon.exe
(Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vmonproc.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [IMMON] => C:\Program Files (x86)\IM Magician\Vicamon.exe [143360 2010-09-28] (Vimisoft Studio) [File not signed]
HKLM-x32\...\Run: [IMMONSUPPORT] => "C:\Program Files (x86)\IM Magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [654112 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\XRXS1PC: C:\Windows\System32\spool\prtprocs\x64\xrxs1pc.dll [33792 2007-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Print\Monitors\XRXS1 Langmon: C:\WINDOWS\system32\xrxs1l6.dll [22016 2007-03-23] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-11] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {019DF963-52F5-4789-BBA2-4936CAB59C89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {147ED47F-4A11-4BB1-87DD-3B7BB5CBB484} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-09-01] (HP Inc. -> HP Inc.)
Task: {5A7ECAEA-1711-4967-BD19-B070210DD150} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {650A9C76-3379-4495-9205-59B749D926D1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {6DB04BB1-6675-4115-9358-E59AD50291B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {7AEEE73C-31A0-4C19-AFD6-6AB414C02319} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {966B7949-FBB3-4C77-B0FD-1BD46631F380} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A01BC958-DEA0-4F6E-81C8-397AB2B34C0B} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\Engine\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-09-30] (McAfee, Inc. -> McAfee, LLC.)
Task: {B09B964B-E04E-46EC-BC1D-C2EFA59251DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {C1639F52-395D-4B7E-9C3F-A69639E4114C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6179BE0-CCAC-4362-B464-2DD0DA48FE30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{e52b45c8-1257-4cba-8186-bd5110ce7b9b}: [DhcpNameServer] 10.0.0.138
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\HP\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-21]
Edge DownloadDir: Default -> C:\Users\HP\Desktop
Edge HomePage: Default -> hxxp//seznam.cz/
Edge StartupUrls: Default -> "hxxps//www.seznam.cz/"
Edge Session Restore: Default -> is enabled.
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Extension: (McAfee Endpoint Security Web Control) - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi [2019-10-15]
FF HKLM-x32\...\Firefox\Extensions: [{cb40da56-497a-4add-955d-3377cae4c33b}] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\e10swcffplg.xpi
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2021-10-21]
CHR DownloadDir: C:\Users\HP\Desktop
CHR Notifications: Default -> hxxps//www.youtube.com
CHR HomePage: Default -> hxxp//www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-10]
CHR Extension: (Dokumenty) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-07-10]
CHR Extension: (Disk Google) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-10]
CHR Extension: (Nimbus snímky obrazovky a záznam videa) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2021-09-14]
CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-20]
CHR Extension: (Tabulky) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-10]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-07-10]
CHR HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jjkchpdmjjdmalgembblgafllbpcjlei] - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mcchplg.crx [2019-10-15]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [85496 2020-07-03] (Synaptics Incorporated -> Conexant Systems LLC.)
R2 CxUIUSvc; C:\WINDOWS\System32\CxUIUSvc64.exe [123232 2020-07-03] (Synaptics Incorporated -> Conexant Systems, Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\AppHelperCap.exe [744016 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\DiagsCap.exe [742480 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\NetworkCap.exe [742480 2021-08-27] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_cac5689265dc40ee\x64\SysInfoCap.exe [743488 2021-08-27] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_65c4bc64f64422d8\x64\TouchpointAnalyticsClientService.exe [489584 2021-06-18] (HP Inc. -> HP Inc.)
R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [241456 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [179552 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [261640 2019-07-11] (McAfee, Inc. -> McAfee LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R2 mfewc; C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe [319792 2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG -> Nero AG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [107440 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2021-09-30] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfeepmpk; C:\WINDOWS\System32\drivers\mfeepmpk.sys [226432 2021-09-30] (McAfee, Inc. -> McAfee, LLC.)
S3 MfeEpNfcp; C:\WINDOWS\System32\drivers\MfeEpNfcp.sys [89848 2021-09-30] (McAfee, Inc. -> McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfehck; C:\WINDOWS\System32\drivers\mfehck.sys [89520 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [563640 2021-09-30] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\system32\DRIVERS\mfencrk.sys [107448 2021-09-30] (McAfee, Inc. -> McAfee LLC.)
R1 mfenlfk; C:\WINDOWS\system32\DRIVERS\mfenlfk.sys [82352 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2021-09-30] (McAfee, Inc. -> McAfee, LLC)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2018-07-27] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-10-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 20:52 - 2021-10-21 20:52 - 000000000 ____D C:\Users\HP\Desktop\Nová složka
2021-10-21 19:55 - 2021-10-21 19:56 - 000007537 _____ C:\Users\HP\Desktop\Fixlog.txt
2021-10-21 18:49 - 2021-10-21 18:49 - 008553680 _____ (Malwarebytes) C:\Users\HP\Desktop\adwcleaner_8.3.0.exe
2021-10-21 17:33 - 2021-10-21 20:53 - 000021041 _____ C:\Users\HP\Desktop\FRST.txt
2021-10-21 16:29 - 2021-10-21 16:41 - 002310656 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2021-10-21 06:56 - 2021-10-21 06:56 - 000000000 ____D C:\Users\HP\Desktop\16.10.2021 nstitucionalky kurz
2021-10-20 21:40 - 2021-10-20 21:40 - 000000000 ____D C:\Users\HP\Desktop\MOJE OBCHODY
2021-10-20 21:30 - 2021-10-20 21:30 - 000000043 _____ C:\Users\HP\Desktop\ttw.txt
2021-10-15 17:13 - 2021-10-15 17:13 - 000309943 _____ C:\Users\HP\Desktop\priloha_957744236_0_Predlozeni_ELDP_Pazoutova_Ivana.pdf
2021-10-15 16:54 - 2021-10-15 16:54 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-15 16:54 - 2021-10-15 16:54 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-15 16:54 - 2021-10-15 16:54 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-15 16:54 - 2021-10-15 16:54 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-15 16:54 - 2021-10-15 16:54 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-15 16:54 - 2021-10-15 16:54 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-15 16:54 - 2021-10-15 16:54 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-15 16:53 - 2021-10-15 16:53 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-15 16:53 - 2021-10-15 16:53 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-15 16:53 - 2021-10-15 16:53 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 16:53 - 2021-10-15 16:53 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-15 16:53 - 2021-10-15 16:53 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 16:53 - 2021-10-15 16:53 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-15 16:49 - 2021-10-15 16:49 - 000000000 ___HD C:\$WinREAgent
2021-10-15 11:08 - 2021-10-15 11:08 - 000001459 _____ C:\Users\HP\Desktop\Eqvalizer 2014 CZ.Dabing Thriller – zástupce.lnk
2021-10-15 10:51 - 2021-10-15 10:51 - 000001657 _____ C:\Users\HP\Desktop\Equalizer 2 _ The Equalizer 2 (2018) Akcni CZ 1920x800p – zástupce.lnk
2021-10-15 10:44 - 2021-10-15 10:44 - 000000000 ____D C:\Users\HP\Desktop\VSA strategie
2021-10-15 08:49 - 2021-10-15 08:49 - 000000704 _____ C:\Users\HP\Desktop\PLOCHA D.lnk
2021-10-15 08:48 - 2021-10-15 08:48 - 000000880 _____ C:\Users\HP\Desktop\AA XP – zástupce.lnk
2021-10-13 22:11 - 2021-10-13 22:11 - 000001385 _____ C:\Users\HP\Desktop\Ochránce_ Veřejný nepřítel – zástupce.lnk
2021-10-12 12:30 - 2021-10-12 12:30 - 000000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics
2021-10-08 12:16 - 2021-10-15 20:31 - 000000000 ____D C:\Users\HP\Desktop\02.10.2021
2021-10-07 19:09 - 2021-10-07 19:09 - 000001387 _____ C:\Users\HP\Desktop\Vyšinutý (2020) CZ dabing – zástupce.lnk
2021-10-01 15:25 - 2021-10-01 15:25 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-01 15:25 - 2021-10-01 15:25 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-30 20:13 - 2021-10-21 20:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-09-30 20:01 - 2021-09-30 20:11 - 000000000 ____D C:\$MfeDeepRem
2021-09-30 19:59 - 2021-10-20 07:49 - 000000000 ____D C:\Quarantine
2021-09-30 19:59 - 2021-09-30 19:59 - 000563640 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencbdc.sys
2021-09-30 19:59 - 2021-09-30 19:59 - 000226432 _____ (McAfee, LLC.) C:\WINDOWS\system32\Drivers\mfeepmpk.sys
2021-09-30 19:59 - 2021-09-30 19:59 - 000107448 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfencrk.sys
2021-09-30 19:59 - 2021-09-30 19:59 - 000030136 _____ (McAfee LLC.) C:\WINDOWS\system32\Drivers\mfeclnrk.sys
2021-09-30 19:59 - 2021-09-30 04:19 - 000089848 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\MfeEpNfcp.sys
2021-09-30 19:56 - 2021-09-30 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-09-30 19:56 - 2021-09-30 19:56 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-09-30 19:55 - 2021-09-30 19:56 - 000000000 ____D C:\Program Files\McAfee
2021-09-30 19:55 - 2021-09-30 19:55 - 000993712 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfehidk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000549568 _____ (McAfee, LLC) C:\WINDOWS\system32\mfevtps.exe
2021-09-30 19:55 - 2021-09-30 19:55 - 000521648 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeaack.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000517040 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfefirek.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000379824 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000252336 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfewfpk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000116656 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeplk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000107440 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfedisk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000089520 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfehck.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000085928 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfeelamk.sys
2021-09-30 19:55 - 2021-09-30 19:55 - 000082352 _____ (McAfee, LLC) C:\WINDOWS\system32\Drivers\mfenlfk.sys
2021-09-29 22:09 - 2021-09-29 22:09 - 000002070 _____ C:\Users\HP\Desktop\24-9-2021_ZEROer_1 – zástupce.lnk
2021-09-27 13:01 - 2021-09-27 13:01 - 000001213 _____ C:\Users\HP\Desktop\Michal Hrůza v Rudolfinu (2) – zástupce ().lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 20:53 - 2021-08-20 17:14 - 000000000 ____D C:\FRST
2021-10-21 20:52 - 2020-12-15 18:36 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-10-21 20:49 - 2021-04-05 18:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-21 20:30 - 2021-07-05 14:21 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-21 20:10 - 2021-04-05 18:58 - 001693656 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-21 20:10 - 2019-12-07 16:43 - 000716894 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-21 20:10 - 2019-12-07 16:43 - 000145072 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-21 20:10 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-21 20:08 - 2021-07-05 19:10 - 000000000 ____D C:\Program Files\CCleaner
2021-10-21 20:06 - 2021-07-10 12:42 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-21 20:06 - 2021-04-05 18:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-21 20:06 - 2021-04-05 18:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-21 20:06 - 2020-12-15 18:22 - 000006096 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2021-10-21 20:06 - 2020-12-15 18:22 - 000000000 ____D C:\WINDOWS\CxSvc
2021-10-21 20:06 - 2020-12-15 18:21 - 000000000 __SHD C:\Users\HP\IntelGraphicsProfiles
2021-10-21 20:06 - 2020-12-15 18:21 - 000000000 ____D C:\Intel
2021-10-21 20:06 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-21 20:05 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-21 19:05 - 2021-03-17 15:16 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-10-21 19:05 - 2020-12-15 18:36 - 000000000 ____D C:\Users\HP\AppData\Roaming\Hewlett-Packard
2021-10-21 19:05 - 2020-12-15 18:22 - 000000000 ____D C:\ProgramData\HP
2021-10-21 16:10 - 2021-08-30 09:52 - 000000000 ___RD C:\Users\HP\OneDrive
2021-10-21 11:35 - 2021-07-05 16:43 - 000000000 ____D C:\Users\HP\AppData\Roaming\Telegram Desktop
2021-10-21 09:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-21 09:58 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-21 07:27 - 2021-07-05 16:45 - 000000000 ____D C:\Users\HP\Downloads\Telegram Desktop
2021-10-19 20:47 - 2020-12-15 18:11 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-19 13:58 - 2021-07-23 17:06 - 000000000 ____D C:\Users\HP\Desktop\GIF
2021-10-17 16:53 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-10-16 09:05 - 2020-12-15 18:13 - 000000000 ____D C:\Users\HP\AppData\Local\Packages
2021-10-16 08:43 - 2021-03-17 15:33 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-15 17:22 - 2021-04-05 18:54 - 000476720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-15 17:22 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-15 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-15 16:55 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-15 11:07 - 2021-07-10 14:42 - 000000000 ____D C:\Users\HP\AppData\Roaming\vlc
2021-10-15 10:16 - 2021-07-10 16:32 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4
2021-10-15 08:56 - 2021-07-27 13:18 - 000000000 ____D C:\Program Files (x86)\Purple Trading MT4A
2021-10-14 21:01 - 2020-12-15 18:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-14 20:59 - 2020-12-15 18:30 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-13 19:40 - 2021-07-05 16:53 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-10-11 22:01 - 2021-07-05 14:22 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-11 07:07 - 2021-04-05 18:56 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1259765519-2013090550-2787584750-1001
2021-10-11 07:07 - 2021-04-05 18:50 - 000002372 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-10 20:36 - 2020-12-15 18:32 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-10 08:35 - 2021-04-05 18:56 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-10 08:35 - 2021-04-05 18:56 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-09-30 20:03 - 2021-07-08 09:28 - 000000000 ____D C:\ProgramData\McAfee
2021-09-30 19:59 - 2021-07-08 09:28 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-09-30 19:56 - 2021-07-05 19:02 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-30 19:55 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-30 19:16 - 2020-12-15 18:16 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-26 21:55 - 2021-08-11 20:34 - 000000000 ____D C:\Users\HP\Desktop\AUTAŘI
2021-09-26 21:54 - 2021-07-05 17:02 - 000000000 ___RD C:\Users\HP\Desktop\NÁSTROJE
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by HP (21-10-2021 20:54:02)
Running from C:\Users\HP\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2021-04-05 16:57:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1259765519-2013090550-2787584750-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1259765519-2013090550-2787584750-503 - Limited - Disabled)
Guest (S-1-5-21-1259765519-2013090550-2787584750-501 - Limited - Disabled)
HP (S-1-5-21-1259765519-2013090550-2787584750-1001 - Administrator - Enabled) => C:\Users\HP
WDAGUtilityAccount (S-1-5-21-1259765519-2013090550-2787584750-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Endpoint Security (Disabled - Out of date) {A37DD4B2-BDFF-70DA-DE19-9F9927D6940F}
FW: McAfee Endpoint Security (Enabled) {9B465597-F790-7182-F546-36ACD905D374}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4K Video Downloader (HKLM\...\{560E7B2D-43A3-4A2C-B578-44525724B639}) (Version: 4.16.4.4300 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{6919d361-5a00-4c44-a3be-f5033ff85337}) (Version: 4.16.4.4300 - Open Media LLC)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
Apowersoft Video Stahovač V6.4.7 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.4.7 - APOWERSOFT LIMITED)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Components Setup (HKLM-x32\...\{31187E06-E131-4709-9285-7D105D77AA89}) (Version: 1.00.0000 - Vimicro Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
IM Magician (HKLM-x32\...\{A5742726-2180-4253-83A7-53558486A7A2}) (Version: 1.00.0001 - Vimisoft Studio)
Java 8 Update 301 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
McAfee Agent (HKLM\...\{F01CC7C9-9545-494A-9A8E-F52037F8BE8E}) (Version: 5.6.1.308 - McAfee, Inc.) Hidden
McAfee Agent (HKLM-x32\...\McAfeeAgent) (Version: 5.6.1.308 - McAfee, Inc.)
McAfee Data Exchange Layer for MA (HKLM\...\{FEE8AD9B-C4D7-4F07-89AC-88C28E2B8809}) (Version: 5.0.10249.0 - McAfee LLC) Hidden
McAfee Data Exchange Layer for MA (HKLM-x32\...\{a3f1e826-e1b0-460f-8113-6624beacab1b}) (Version: 5.0.1.249 - McAfee LLC) Hidden
McAfee Endpoint Security Adaptive Threat Protection (HKLM\...\{377DA1C7-79DE-4102-8DB7-5C2296A3E960}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Firewall (HKLM\...\{6F88C6E9-CAD0-4D03-99E1-161383F9AD6F}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Platform (HKLM\...\{B16DE18D-4D5D-45F8-92BD-8DC17225AFD8}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Threat Prevention (HKLM\...\{820D7600-089E-486B-860F-279B8119A893}) (Version: 10.7.0 - McAfee, LLC.)
McAfee Endpoint Security Web Control (HKLM\...\{5974413A-8D95-4D64-B9EE-40DF28186445}) (Version: 10.7.0 - McAfee, LLC.)
MediaInfo 18.05 (HKLM\...\MediaInfo) (Version: 18.05 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\OneDriveSetup.exe) (Version: 21.196.0921.0007 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}) (Version: 8.0.182 - Nero AG)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4) (Version: 4.00 - MetaQuotes Ltd.)
Purple Trading MT4 (HKLM-x32\...\Purple Trading MT4A) (Version: 4.00 - MetaQuotes Ltd.)
Sonic Foundry Sound Forge 6.0a (HKLM-x32\...\{6CDC68BB-C997-4ADC-9BA0-6293FB88521E}) (Version: 6.0.150 - Sonic Foundry)
Telegram Desktop version 3.1.8 (HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 3.1.8 - Telegram FZ-LLC)
TLauncher (HKLM-x32\...\TLauncher2.8) (Version: 2.8 - TLauncher Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VSO Image Resizer 1.3.4d (HKLM-x32\...\VSO Image Resizer_is1) (Version: 1.3.4d - VSO-Software)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.0.1.1219 - Xilisoft)
Zoom (HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\ZoomUMX) (Version: 5.7.1 (543) - Zoom Video Communications, Inc.)
Packages:
=========
Audio Controls -> C:\Program Files\WindowsApps\22094SynapticsIncorporate.AudioControls_1.3.97.0_x64__qt57b6kdvhcfw [2020-12-15] (Synaptics Hong Kong Limited, Taiwan Branch (H.K.))
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.9.58.0_x64__v10z8vjag6ke6 [2021-10-07] (HP Inc.)
McAfee Endpoint Security Web Control -> C:\Program Files\WindowsApps\5A894077.McAfeeEndpointSecurityWebControl_10.7.3.0_x86__wafk5atnkzcwy [2021-09-30] (McAfee Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-07-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-07-07] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-08] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-07-21] (INTEL CORP) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1259765519-2013090550-2787584750-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [2007-08-04] (Nero AG -> Nero AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ImageResizer] -> {C6193976-9333-4E73-96BA-7B21CA942187} => C:\Program Files (x86)\VSO\Image Resizer\RSZShell64.dll [2007-01-24] (VSO Software SARL) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Drivers32: [VIDC.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [420240 2001-05-11] (Microsoft Corporation -> Microsoft Corporation)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2021-07-21 20:48 - 2021-07-21 20:48 - 042803200 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\IGCC.dll
2021-07-06 13:08 - 2010-09-26 20:31 - 000073728 ____R (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\exvmuvc.ax
2021-07-06 13:08 - 2010-09-28 12:04 - 000081920 _____ (Vimicro Corporation) [File not signed] C:\Program Files (x86)\Common Files\Vimisoft Studio\VmicCommonIR.dll
2021-07-06 13:08 - 2010-06-21 15:56 - 000077824 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\FlydCamCtrl.dll
2021-07-06 13:08 - 2010-09-28 13:43 - 000147456 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\Plugins\immirrc.dll
2021-07-06 13:08 - 2010-06-21 15:56 - 000073728 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\TiaDecFac.dll
2021-07-06 13:08 - 2010-06-10 15:10 - 000081920 _____ (VimiSoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydblapl.ax
2021-07-06 13:08 - 2010-05-18 17:23 - 000196608 _____ (Vimisoft Studio) [File not signed] C:\Program Files (x86)\IM Magician\vflydcam.ax
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssv.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee Endpoint Security Web Control (Browser Help Object) -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Toolbar: HKLM-x32 - McAfee Endpoint Security Web Control (Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [2008-05-23] (Microsoft Corporation) [File not signed]
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\McIEPlugin.dll [2019-10-15] (McAfee, Inc. -> McAfee, LLC.)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "IMMON"
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{CB976A41-BBB7-4AAE-A372-C7E3BCD7549D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{76891230-6DD7-46C6-86CB-35E274CA52E1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{FC6E8F25-FE40-4F58-AE25-50EB2C679ED6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{D7FD6108-CCEF-4A15-A060-838E4D2D76C8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe (Apowersoft Ltd -> )
FirewallRules: [{3973047C-6555-49B5-A26E-EA5862F24F25}] => (Allow) C:\Users\HP\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FAB2E1B4-0B8F-4C68-B20D-C0DE3615B73A}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{8195DA2D-AD9D-4950-ABA4-5D0E6A5CC99E}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{AF8BC8C7-D886-4315-8A1F-B2BB47E2B682}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{CCFF77A0-78F2-46D7-BAB0-9DB3144653F1}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{67300863-E246-407D-8DC4-5548CBDB1E43}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{E801902F-F82A-4D35-A059-4262424DD5F8}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc. -> McAfee LLC.)
FirewallRules: [{FB55E9A4-59A7-4DB5-AD64-A6C0B65C28BA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77400F50-F131-4E9B-98B4-B861511289CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{948905F4-5204-48E1-ABA5-1FCFF82E701E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8CCA5F8E-02CB-4D97-80FD-A3716C2C020A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{007AED66-5AD8-4CBE-A6E5-13B005D9632D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
30-09-2021 19:18:10 Removed McAfee Agent.
10-10-2021 08:57:17 Naplánovaný kontrolní bod
14-10-2021 20:59:16 Instalační služba modulů systému Windows
15-10-2021 16:49:28 Instalační služba modulů systému Windows
21-10-2021 19:05:33 AdwCleaner_BeforeCleaning_21/10/2021_19:05:32
==================== Faulty Device Manager Devices ============
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Kompatibilní myš PS/2
Description: Kompatibilní myš PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\COUNT, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\0, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:58 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:13 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\NEXTINSTANCE, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
Error: (10/21/2021 08:09:13 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY)
Description: EventID=18060
NT AUTHORITY\SYSTEM ran System\System, which accessed HKLM\SYSTEM\CONTROLSET001\SERVICES\USBSTOR\ENUM\0, violating the rule "USB Storage Device Inserted". Access was allowed because the rule wasn't configured to block.
System errors:
=============
Error: (10/21/2021 07:05:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CxUIUSvc Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP Analytics service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Graphics Command Center Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth Driver Management Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Content Protection HECI Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (10/21/2021 07:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Sound Research SECOMN Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
================
Date: 2021-10-21 20:49:17
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {372B5BA3-695A-4165-AAD3-3D86D7C9B5D5}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-10-21 20:23:42
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B597656C-2356-40B6-A5DD-9C16DFB29023}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-10-20 08:15:52
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe; containerfile:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe; file:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe->(nsis-instdata); file:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel:
Název procesu: C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
Verze bezpečnostních informací: AV: 1.351.702.0, AS: 1.351.702.0, NIS: 1.351.702.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4
Date: 2021-10-20 07:48:34
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe; containerfile:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe; file:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe->(nsis-instdata); file:_C:\PLOCHA C\INSTALOVÁNO\NAINSTALOVAT\rcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
Verze bezpečnostních informací: AV: 1.351.702.0, AS: 1.351.702.0, NIS: 1.351.702.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4
Date: 2021-10-20 06:04:55
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUABundler:Win32/PiriformBundler
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: containerfile:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe; file:_C:\PLOCHA C\AA XP\Programy\rcsetup153.exe->(nsis-instdata)
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
Verze bezpečnostních informací: AV: 1.351.702.0, AS: 1.351.702.0, NIS: 1.351.702.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4
Date: 2021-07-05 14:30:19
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80240016
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
Date: 2021-07-05 14:29:40
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.335.272.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18000.5
Kód chyby: 0x80090305
Popis chyby: Požadovaný balíček zabezpečení neexistuje.
CodeIntegrity:
===============
Date: 2021-10-21 20:49:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Windows signing level requirements.
Date: 2021-10-21 20:23:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\McAfee\Endpoint Security\Threat Prevention\MfeAmsiProvider.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: HP R01 Ver. 02.09.00 04/15/2021
Motherboard: HP 8591
Processor: Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz
Percentage of memory in use: 13%
Total physical RAM: 32542.29 MB
Available physical RAM: 28023.87 MB
Total Virtual: 37406.29 MB
Available Virtual: 31168.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:953.24 GB) (Free:480.29 GB) NTFS
Drive d: () (Fixed) (Total:931.41 GB) (Free:309.46 GB) NTFS
\\?\Volume{a5d7af93-f056-4206-aa41-e825abf07910}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{b439ff86-770c-486c-a989-8a1f3b93c28e}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 00084F14)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
zatím počítač vypadá ok, ale pozna se to po 1 dni provozu,
byla tam nějaká havěť ?
Re: prosim o kontrolu logu FRST
este posledne docistenie:
Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
Do poznamkoveho bloku skopirujte obsah dole:
Kód: Vybrat vše
Task: {6DB04BB1-6675-4115-9358-E59AD50291B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {B09B964B-E04E-46EC-BC1D-C2EFA59251DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {F6179BE0-CCAC-4362-B464-2DD0DA48FE30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosim o kontrolu logu FRST
v systeme nebol malware, len beziace zbytocnosti
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosim o kontrolu logu FRST
tak to je ono ci mi stale spina procesor, dalo by se říct co to je ( hp nesmysly) abych to nadobro odinstaloval? nic ze softu hp nepoužívam
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by HP (21-10-2021 21:19:06) Run:3
Running from C:\Users\HP\Desktop
Loaded Profiles: HP
Boot Mode: Normal
==============================================
fixlist content:
*****************
Task: {6DB04BB1-6675-4115-9358-E59AD50291B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {B09B964B-E04E-46EC-BC1D-C2EFA59251DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {F6179BE0-CCAC-4362-B464-2DD0DA48FE30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
*****************
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DB04BB1-6675-4115-9358-E59AD50291B9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DB04BB1-6675-4115-9358-E59AD50291B9}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B09B964B-E04E-46EC-BC1D-C2EFA59251DF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B09B964B-E04E-46EC-BC1D-C2EFA59251DF}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6179BE0-CCAC-4362-B464-2DD0DA48FE30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6179BE0-CCAC-4362-B464-2DD0DA48FE30}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
=========== EmptyTemp: ==========
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14709800 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 18974 B
Edge => 0 B
Chrome => 134251668 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3908 B
NetworkService => 7038 B
HP => 65252 B
RecycleBin => 108626 B
EmptyTemp: => 143 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:19:19 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 20-10-2021
Ran by HP (21-10-2021 21:19:06) Run:3
Running from C:\Users\HP\Desktop
Loaded Profiles: HP
Boot Mode: Normal
==============================================
fixlist content:
*****************
Task: {6DB04BB1-6675-4115-9358-E59AD50291B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {B09B964B-E04E-46EC-BC1D-C2EFA59251DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {F6179BE0-CCAC-4362-B464-2DD0DA48FE30} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
*****************
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DB04BB1-6675-4115-9358-E59AD50291B9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DB04BB1-6675-4115-9358-E59AD50291B9}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B09B964B-E04E-46EC-BC1D-C2EFA59251DF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B09B964B-E04E-46EC-BC1D-C2EFA59251DF}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6179BE0-CCAC-4362-B464-2DD0DA48FE30}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6179BE0-CCAC-4362-B464-2DD0DA48FE30}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKU\S-1-5-21-1259765519-2013090550-2787584750-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
=========== EmptyTemp: ==========
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14709800 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 18974 B
Edge => 0 B
Chrome => 134251668 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3908 B
NetworkService => 7038 B
HP => 65252 B
RecycleBin => 108626 B
EmptyTemp: => 143 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:19:19 ====
Re: prosim o kontrolu logu FRST
Ok podla mna ok.
Skuste pocitac odsledovat a v pripade problemov tu napiste.
Skuste pocitac odsledovat a v pripade problemov tu napiste.
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Re: prosim o kontrolu logu FRST
děkuji za pomoc, vypadá to OK,
rád přispěju na forum
(dalo by se napsat co byly ty běžící zbytečnosti abych je odinstaloval,
protože tento problém nemam poprvé.)
rád přispěju na forum
(dalo by se napsat co byly ty běžící zbytečnosti abych je odinstaloval,
protože tento problém nemam poprvé.)
Re: prosim o kontrolu logu FRST
V systeme bezali moduly aplikacii ako google, adobe. tie sa neodinstaluju, len sa odmazu zavedene moduly, ktore su jednak zbytocne a jednak zatazuju system. V pocitaci dalej boli chybne hodnoty, ktore neviedli nikam, pre tieto ucely doporucujem precistit pocitac s programom CCleaner.
Za prispevok dakujeme :]]
Za prispevok dakujeme :]]
► Vyšla moja nová kniha BOTNETY! Informácie o nej nájdete tu: >> BOTNETY <<
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT <<
----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Informácie o nej nájdete tu: >> BOTNETY << ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
---
Hľadáme nové posily do nášej CyberSecurity UNIT jednotky. Viac informácií o tom, čo to obnáša a ako sa pripojiť nájdete tu: >> CyberSecurity UNIT << ----
► Nízkoúrovňový, Vysokoúrovňový programátor - profilová karta tu: card <<
----
► Háveťárna - UPLOAD Malwaru: >> upload <<
---
► Ak sa Vám ľúbi moja práca a ste sňou spokojný, môžete ma kontaktovať na: diallix@centrum.sk, info@diallix.net alebo diallix@forum.viry.cz .
---
Momentálne aktívny ako:
- konzultant, vývojár a tutor výskumu inteligentného malwaru.
- tutor v oblasti dotazovacích jazykoch SQL (TSQL, PLSQL), objektového programovania (c++,c#,php) pre študentov.
Na fóre pôsobím ako:
- Bezpečnostná autorita viry.cz
- Zástupca tutora pre vzdelávanie nováčikov
- Zakladateľ Cyber Security jednotky
Přispějete na provoz fóra?