Eset mi zachytil : CoinMiner.AP Dostal sem ho z PC tímto prográmkem:antimalware-vrgn. Tak jestli ještě pro jistotu kontrolu, Děkuji
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2022 01
Ran by kaPL74 (administrator) on PCKAPL (Gigabyte Technology Co., Ltd. B250M-D3H) (19-02-2022 16:50:27)
Running from C:\Users\kaPL74\Desktop
Loaded Profiles: kaPL74
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\kaPL74\AppData\Roaming\uTorrent\uninstall.exe ->) (uTorrent.CZ -> BitTorrent, Inc.) [File not signed] C:\Users\kaPL74\AppData\Roaming\uTorrent\utorrent.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIUNE.EXE
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(explorer.exe ->) (uTorrent.CZ -> emc) [File not signed] C:\Users\kaPL74\AppData\Roaming\uTorrent\uninstall.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Winstep Software Technologies) [File not signed] C:\Program Files (x86)\Winstep\Nexus.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_4ef17f85da2b0fa5\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(services.exe ->) (Winstep Software Technologies) [File not signed] C:\Program Files (x86)\Winstep\WsxService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [167496 2022-01-22] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1675680 2021-09-24] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1319208 2019-05-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [18012288 2020-10-28] (Winstep Software Technologies) [File not signed]
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4268456 2022-01-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112187784 2022-02-04] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" (No File)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIUNE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [Gaijin.Net Updater] => C:\Users\kaPL74\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {4606e602-6249-11ec-ab87-1c1b0da4b7b8} - "G:\HonorSuiteOnlineInstaller.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {817c3898-6009-11ec-ab87-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\padbury.scr [2560816 2020-06-06] (ICOFX SOFTWARE SRL -> icofx software srl)
HKLM\...\Print\Monitors\EPSON L3150 Series 64MonitorBE: C:\Windows\system32\E_YLMBUNE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
Startup: C:\Users\kaPL74\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2020-02-29]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02CE0F15-226D-4355-AB31-F269CC1B1E9C} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {233FB242-E3C5-4A40-826A-2A2E4E232AE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6469008 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {26CA65D1-7B46-4C9F-A96C-4AE5D73D0151} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {38694CBE-242F-48B4-935B-5DBD49CBB8E7} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {39420B2E-FD2A-4020-9358-EDF697DE1B1A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22882216 2022-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {3BD25B2B-8415-41DF-9CFF-03CD90EB8D27} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110968 2022-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {3CFD13DC-C560-4EFD-9CF5-7E4907A9785D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110968 2022-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {42347994-DF70-4AA1-B492-9309D9F4E5F7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1009872 2021-11-02] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {489C7E94-6BB6-4137-8F90-D999E7B2203F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {55A557CB-D824-4D00-909D-4595CD3EB9E5} - System32\Tasks\IZHECETIROJMEFOS_run => C:\Users\kaPL74\AppData\Roaming\Ashampoo\Ashampoo Burning Studio 21\IZHECETIROJMEFOS.exe (No File)
Task: {5CF28CBA-BFDA-4370-800A-F1D6C32F6374} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {7D10DD9C-CCF9-4431-B7FE-FB8543AC9C4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6469008 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {933D8ED1-9629-446A-B082-A9BB21FED4A0} - System32\Tasks\ELZWSOJFXZNZVFJF_run => C:\Users\kaPL74\AppData\Roaming\Adobe\CameraRaw\ELZWSOJFXZNZVFJF.exe (No File)
Task: {AEB78506-86E7-4488-A9E5-FA196B7F48A7} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4487904 2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
Task: {AED806D2-C191-4F4E-9AD6-732DB5760B53} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647376 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B1DBCFA5-4A38-4710-B1CC-EF415E6DBEDA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339472 2022-02-03] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C72E0F3F-D6A7-4A9D-B5BB-FFBAD298142A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C7B06D35-84E3-4DBE-AD51-33302C31E940} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CD03A155-5B1A-4F49-871D-3E36C2CBDB17} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {E2DE8347-155A-4804-BDA6-0415593CE923} - System32\Tasks\EPSON L3150 Series Update {250D2C85-A398-4683-BBC4-5BDE47BA1485} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {E3EF4EDE-27B2-45B4-B1F8-DCF82029D332} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F7AB4AB2-AA32-4484-99AA-E2674E0EAC46} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22882216 2022-02-04] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON L3150 Series Update {250D2C85-A398-4683-BBC4-5BDE47BA1485}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE:/EXE:{250D2C85-A398-4683-BBC4-5BDE47BA1485} /F:UpdateWORKGROUP\PCKAPL$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{04687598-79ac-424b-a997-68cfe11fc2ae}: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Default
FireFox:
========
FF DefaultProfile: suv7x4pj.default
FF ProfilePath: C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\suv7x4pj.default [2022-02-02]
FF Homepage: Mozilla\Firefox\Profiles\suv7x4pj.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\suv7x4pj.default -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\suv7x4pj.default -> hxxps://www.slevomat.cz
FF Extension: (Blokátor reklam AdGuard) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\suv7x4pj.default\Extensions\adguardadblocker@adguard.com.xpi [2020-01-05]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\suv7x4pj.default\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2019-01-05]
FF Extension: (To Google Translate) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\suv7x4pj.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-12-07]
FF ProfilePath: C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release [2022-02-19]
FF Homepage: Mozilla\Firefox\Profiles\bdftw427.default-release -> hxxps://www.seznam.cz/
FF NewTab: Mozilla\Firefox\Profiles\bdftw427.default-release -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\bdftw427.default-release -> hxxps://www.slevomat.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\bdftw427.default-release -> Enabled: wikipedia@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\bdftw427.default-release -> Enabled: google@search.mozilla.org
FF Extension: (Blokátor reklam AdGuard) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release\Extensions\adguardadblocker@adguard.com.xpi [2021-12-18]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-06-23]
FF Extension: (Firefox Color) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release\Extensions\FirefoxColor@mozilla.com.xpi [2021-11-20]
FF Extension: (To Google Translate) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2021-06-23]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2020-03-18] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3640345311-2590231575-3648685039-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2022-02-19]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-22] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-22] (ESET, spol. s r.o. -> ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2018-01-29] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-02] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2020-02-29] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService.exe [777216 2019-10-29] (Winstep Software Technologies) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_4ef17f85da2b0fa5\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_4ef17f85da2b0fa5\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [184464 2022-01-22] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [122944 2022-01-22] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [201976 2022-01-22] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43904 2022-01-22] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [69704 2022-01-22] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [110560 2022-01-22] (ESET, spol. s r.o. -> ESET)
S3 gdrv; C:\WINDOWS\gdrv.sys [25640 2021-09-24] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-02] (Malwarebytes Inc -> Malwarebytes)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R0 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [133944 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-10-24] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-24] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S4 GSDriver; \SystemRoot\System32\drivers\GSDriver64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-02-19 16:50 - 2022-02-19 16:50 - 000024395 _____ C:\Users\kaPL74\Desktop\FRST.txt
2022-02-19 16:50 - 2022-02-19 16:50 - 000000000 ____D C:\FRST
2022-02-19 16:45 - 2022-02-19 16:45 - 002312192 _____ (Farbar) C:\Users\kaPL74\Desktop\FRST64.exe
2022-02-19 15:31 - 2022-02-19 15:32 - 000000000 ____D C:\Users\kaPL74\AppData\LocalLow\IGDump
2022-02-19 13:58 - 2022-02-19 14:00 - 000000000 ___HD C:\adobeTemp
2022-02-19 13:57 - 2022-02-19 13:57 - 000003356 _____ C:\WINDOWS\system32\Tasks\IZHECETIROJMEFOS_run
2022-02-19 13:57 - 2022-02-19 13:57 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-16 18:21 - 2022-02-16 18:23 - 3526063341 _____ C:\Users\kaPL74\Desktop\Cernobyl - Chernobyl.2020.1080p.BluRay.CZ-SK.dabing.mkv
2022-02-10 14:35 - 2022-02-18 09:43 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-08 21:54 - 2022-02-08 21:54 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-08 21:54 - 2022-02-08 21:54 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2022-02-08 21:54 - 2022-02-08 21:54 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-02-08 21:54 - 2022-02-08 21:54 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-02-08 21:54 - 2022-02-08 21:54 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-08 21:50 - 2022-02-08 21:50 - 000000000 ___HD C:\$WinREAgent
2022-02-06 14:34 - 2022-02-06 14:35 - 000000000 ____D C:\Users\kaPL74\AppData\Local\Adobe
2022-02-02 20:32 - 2022-02-02 21:37 - 000000000 ____D C:\Users\kaPL74\AppData\Local\AMSDK
2022-02-02 20:29 - 2022-02-02 20:29 - 000000000 ____D C:\Users\kaPL74\AppData\Local\PeerDistRepub
2022-02-02 20:28 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001905912 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001905912 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001478392 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001478392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001466000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001432304 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001432304 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001207440 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001145592 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001145592 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-02-02 13:59 - 2022-01-29 00:29 - 000796328 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-02-02 13:59 - 2022-01-29 00:29 - 000715944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-02-02 13:59 - 2022-01-29 00:29 - 000638936 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 002121360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 001602728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 001529512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 001178544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 000985024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 000795616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 000709760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-02-02 13:59 - 2022-01-29 00:27 - 008611496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 007716320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 005727376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 005099152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 002933928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 000456848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-02-02 13:59 - 2022-01-29 00:26 - 000851904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-02-02 13:59 - 2022-01-29 00:24 - 006458912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-02-02 13:59 - 2022-01-28 12:28 - 000089185 _____ C:\WINDOWS\system32\nvinfo.pb
2022-02-02 10:58 - 2022-02-02 11:00 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\WinRAR
2022-02-02 10:58 - 2022-02-02 11:00 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-02-02 10:58 - 2022-02-02 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-02-02 10:57 - 2022-02-02 10:57 - 000160766 _____ C:\WINDOWS\WinRAR Uninstaller.exe
2022-02-02 10:57 - 2022-02-02 10:57 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR v.6.02 64bit CZ
2022-02-02 10:57 - 2022-02-02 10:57 - 000000000 ____D C:\Program Files\WinRAR
2022-02-02 10:28 - 2022-02-02 10:28 - 000000000 ____D C:\ProgramData\GridinSoft
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-02-19 16:50 - 2020-05-26 19:23 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\uTorrent
2022-02-19 16:41 - 2020-02-29 22:17 - 000000000 ____D C:\Program Files (x86)\Steam
2022-02-19 16:29 - 2020-02-29 18:31 - 000000000 ____D C:\Users\kaPL74\AppData\LocalLow\Mozilla
2022-02-19 16:26 - 2020-03-08 20:47 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-19 14:42 - 2020-03-01 10:15 - 000000000 ____D C:\Tiskárna EPSON
2022-02-19 14:42 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-02-19 14:41 - 2020-03-01 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2022-02-19 14:41 - 2020-03-01 10:07 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2022-02-19 14:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-19 14:32 - 2020-03-01 00:22 - 000000000 ____D C:\Program Files\Adobe
2022-02-19 14:26 - 2020-08-23 10:32 - 001693204 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-19 14:26 - 2019-12-07 15:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2022-02-19 14:26 - 2019-12-07 15:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2022-02-19 14:19 - 2020-08-23 10:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-19 14:19 - 2020-08-23 10:23 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-19 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-19 14:19 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-19 14:10 - 2020-02-29 20:33 - 000000000 ____D C:\Users\kaPL74\AppData\Local\CrashDumps
2022-02-19 14:01 - 2020-02-29 18:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-02-19 14:00 - 2020-02-29 22:10 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-02-19 13:59 - 2020-02-29 22:09 - 000000000 ____D C:\ProgramData\Adobe
2022-02-19 13:57 - 2020-02-29 22:10 - 000000000 ____D C:\Users\kaPL74\AppData\Local\D3DSCache
2022-02-19 13:55 - 2021-10-05 23:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-02-19 13:48 - 2020-08-23 10:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-19 13:18 - 2020-02-29 22:49 - 000000000 ___RD C:\Users\kaPL74\Documents\Euro Truck Simulator 2
2022-02-18 19:24 - 2020-06-07 12:06 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-18 19:24 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-18 19:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-18 14:44 - 2020-02-29 20:05 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\vlc
2022-02-18 09:40 - 2020-02-29 22:35 - 000000000 ____D C:\Users\kaPL74\Documents\American Truck Simulator
2022-02-17 21:54 - 2020-08-21 19:16 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-17 17:31 - 2020-08-23 10:27 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-02-29 18:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-02-17 17:31 - 2020-02-29 17:58 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-02-17 17:31 - 2020-02-29 17:58 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-02-17 10:21 - 2020-02-29 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-02-16 21:32 - 2020-02-29 17:59 - 000000000 ____D C:\Users\kaPL74\AppData\Local\Packages
2022-02-16 21:17 - 2020-02-29 18:02 - 000000000 ____D C:\Users\kaPL74\AppData\Local\PlaceholderTileLogoFolder
2022-02-16 21:17 - 2020-02-29 17:59 - 000000000 ____D C:\Users\kaPL74\AppData\Local\Publishers
2022-02-16 20:20 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-11 20:06 - 2020-02-29 19:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-02-11 10:59 - 2020-02-29 20:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-11 10:58 - 2020-02-29 20:12 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-10 11:25 - 2021-11-27 16:23 - 000000000 ____D C:\Users\kaPL74\AppData\Local\WarThunder
2022-02-08 23:04 - 2020-08-23 10:23 - 000446296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-08 23:03 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-08 23:03 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2022-02-08 21:54 - 2020-08-23 10:25 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-08 17:46 - 2020-03-01 10:58 - 000000000 ____D C:\Users\kaPL74\Documents\ConvertXToDVD
2022-02-08 17:39 - 2020-04-13 16:19 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\dvdcss
2022-02-02 21:37 - 2021-11-20 19:11 - 000920540 _____ C:\WINDOWS\ZAM.krnl.trace
2022-02-02 14:01 - 2020-02-29 18:17 - 000000000 ____D C:\Users\kaPL74\AppData\Local\NVIDIA
2022-01-30 21:52 - 2020-02-29 19:58 - 000000000 ____D C:\Users\Public\Documents\Winstep
2022-01-30 11:18 - 2020-08-23 10:27 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-30 11:18 - 2020-08-23 10:27 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-29 00:24 - 2020-11-02 09:27 - 007612344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-01-28 12:50 - 2020-03-08 20:47 - 002859520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2022-01-28 12:50 - 2020-03-08 20:47 - 002201800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2022-01-28 12:50 - 2020-03-08 20:47 - 001295872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2022-01-24 19:47 - 2020-08-23 09:43 - 000000000 ____D C:\Users\kaPL74
2022-01-22 11:58 - 2020-10-26 09:28 - 000201976 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000184464 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000122944 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000110560 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000069704 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000043904 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2022-01-21 13:22 - 2020-10-27 11:16 - 000082432 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2022-01-21 13:22 - 2020-10-27 11:16 - 000071168 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
==================== Files in the root of some directories ========
2020-03-01 10:59 - 2020-03-01 10:59 - 000007859 _____ () C:\Users\kaPL74\AppData\Roaming\pcouffin.cat
2020-03-01 10:59 - 2020-03-01 10:59 - 000001167 _____ () C:\Users\kaPL74\AppData\Roaming\pcouffin.inf
2020-03-01 10:59 - 2020-03-01 10:59 - 000082816 _____ (VSO Software) C:\Users\kaPL74\AppData\Roaming\pcouffin.sys
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by kaPL74 (19-02-2022 16:51:24)
Running from C:\Users\kaPL74\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) (2020-08-23 09:27:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3640345311-2590231575-3648685039-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3640345311-2590231575-3648685039-503 - Limited - Disabled)
Guest (S-1-5-21-3640345311-2590231575-3648685039-501 - Limited - Disabled)
kaPL74 (S-1-5-21-3640345311-2590231575-3648685039-1001 - Administrator - Enabled) => C:\Users\kaPL74
WDAGUtilityAccount (S-1-5-21-3640345311-2590231575-3648685039-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
Ashampoo Burning Studio 21 (HKLM-x32\...\{91B33C97-3390-FD9A-8E0F-3F6BA7865E46}_is1) (Version: 21.6.0 - Ashampoo GmbH & Co. KG)
CrystalDiskInfo 8.9.0a (HKLM\...\CrystalDiskInfo_is1) (Version: 8.9.0a - Crystal Dew World)
Easy Photo Scan (HKLM-x32\...\{9E3F2EC3-7E4F-4F20-A56F-7A24D6E3D39B}) (Version: 1.00.0017 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{49048EBF-3803-4AA4-8943-675E6E8D5B30}) (Version: 3.11.0030 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L3150 Series Printer Uninstall (HKLM\...\EPSON L3150 Series) (Version: - Seiko Epson Corporation)
Epson Photo+ (HKLM-x32\...\{15000BAD-6D4B-4330-824E-3712C0DF4F9A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{C4D8E138-C67B-41D5-B493-F54BB72B43E0}) (Version: 3.3.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson ScanSmart (HKLM-x32\...\{BF35B9D9-C4A1-40DD-B13C-46F35BD35282}) (Version: 3.5.2 - Seiko Epson Corporation)
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 15.0.23.0 - ESET, spol. s r.o.)
Fliqlo Screen Saver (HKLM-x32\...\Fliqlo) (Version: - )
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.56 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.14827.20192 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{16E50919-B07A-4B4E-994A-476D4773F5BF}) (Version: 3.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.10 (x64) (HKLM-x32\...\{db36836f-11c3-4087-8f9c-daa0086ac619}) (Version: 3.1.10.29419 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 97.0.1 (x64 cs)) (Version: 97.0.1 - Mozilla)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft)
Nexus (HKLM-x32\...\Winstep Xtreme_is1) (Version: - )
NVIDIA FrameView SDK 1.2.7321.30900954 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7321.30900954 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.0.84 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 511.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.65 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Padbury Clock Screensaver 1.2 (HKLM-x32\...\Padbury Clock Screensaver_is1) (Version: 1.2 - IcoFX Software S.R.L.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.317.1 - Tracker Software Products Ltd)
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
Samsung NVM Express Driver 3.3.0.2003 (HKLM\...\{89D55DD5-FE94-497B-B5E5-91915D52DBF2}) (Version: 3.3.0.2003 - Samsung Electronics Co., Ltd) Hidden
Skype verze 8.80 (HKLM-x32\...\Skype_is1) (Version: 8.80 - Skype Technologies S.A.)
Slovenská lokalizácia hry Call of Duty: Modern Warfare Remastered (HKLM-x32\...\Lokalizacia CoDMWR) (Version: 1.0 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.56 - VSO Software)
War Thunder Launcher 1.0.3.295 (HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
WinRAR (HKLM-x32\...\WinRAR) (Version: v.6.02 64bit CZ - 15.06.2021 - libbi)
Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-24] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-29] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-02-02] (NVIDIA Corp.)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.0.30181.0_x64__8wekyb3d8bbwe [2022-02-11] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2020-08-23] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-22] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-22] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_4ef17f85da2b0fa5\nvshext.dll [2022-01-29] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-22] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-03-27 10:20 - 2021-10-06 02:30 - 126961152 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2020-03-27 10:20 - 2021-10-06 02:30 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2020-03-27 10:20 - 2021-10-06 02:30 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2020-03-27 10:20 - 2021-10-06 02:30 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2020-02-29 19:58 - 2017-11-24 17:43 - 000026624 _____ (Winstep Software Technologies) [File not signed] C:\Program Files (x86)\Winstep\WsxMMTimer.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 05:49 - 2022-02-02 20:14 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kaPL74\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Snowraner 29.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "DisplayTune.exe"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B741A4D3-2B14-45FA-B169-FA9045EE0D7A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B0196ADA-A7D6-4B38-8B9D-94E86AC02BEB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{89CD64DC-A193-486C-BCAA-F104D7AE91BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{2FC008B7-0095-48D9-98CE-C2DBE243E117}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{831072C7-BAF4-40F6-AB8B-355336447349}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{83863D5C-4185-4E37-BFAB-E273A99C823E}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{57A952ED-4D02-45BB-844A-6999ACEB261B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{5D4C55C2-E162-43DE-87A5-9C75400F39A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{D9A94214-C8E8-4230-80EE-5C782497DB7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{88E16755-3D9B-41FD-B3B8-2D85A857C763}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{B4B4FC33-2AD5-442C-8083-B74880E57049}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE34723E-2B6D-4FFC-B3AE-B250CEBECB60}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{792FDF47-5350-4D52-8CAE-4521924497EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{91C71BB2-0159-465F-ACCE-610835CDBC98}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{047C5850-B00E-4B3B-91C7-4F3947BC516E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8ED4530F-DCC9-4418-BB56-DED07ABDE113}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{758E4BF8-8362-4229-B955-D8FAA50BC644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{FC235BF2-8819-4797-9AFF-B03CEB4A2EBD}] => (Allow) LPort=26789
FirewallRules: [{63A62958-2DE5-4A07-AD58-C6706FD38EFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
FirewallRules: [{9668C1FC-5CA9-4073-9E73-CD66211B9828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
FirewallRules: [{850C34E6-130E-4E08-838B-A1565E6A98F8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8ED789BF-3563-4752-9749-3C55E1CA3A96}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{891624B6-595E-43BF-B7A8-E1279441EA43}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{BB4EB234-5A14-4381-AC92-BAF39DD27CDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [{83942E71-D923-42D2-971F-429A0B676410}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [{E3147C6B-20AD-4E4E-8C79-18B54CCE3D2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0744D746-23F8-47BD-B963-3CAB5A5A7520}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20C60E59-09BF-4F22-8D22-5FCFEE274F33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D4284B86-043E-443C-9971-AA0C4B355569}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed]
FirewallRules: [{8A916C70-E380-4FBC-8CF3-4ECF1BD257D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed]
FirewallRules: [{1937B838-BF08-49D2-A7C0-1C2221E31160}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{420B3194-365A-4EBD-99BF-09432337A8AA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFF08AC3-53AB-444D-A08F-9603C4B38C98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{A2583A65-DF0A-4BC4-9657-B17B14DF0FE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{40741816-ABC5-41BA-B3E4-67DC43164154}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{94275A9C-8282-4C68-A711-3066B71CE943}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{ABE41C56-B0A9-4E60-B98F-1D1F685A9401}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{BA30417E-4198-47C7-8EC8-69061006C06E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{169D75D9-E874-4A83-A8B7-2FBB004F2F8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{FFBDA307-C873-4CDC-AAA1-D2FCD5C0EA8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{43E82424-0188-4D8B-854D-008042CBEB6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{FFE98138-0A84-4688-B181-6DCD8CB766D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
==================== Restore Points =========================
16-02-2022 17:39:30 Naplánovaný kontrolní bod
16-02-2022 20:19:55 Instalační služba modulů systému Windows
19-02-2022 13:57:20 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
19-02-2022 14:40:38 Installed Epson Printer Connection Checker
19-02-2022 14:41:38 Installed Epson Printer Connection Checker
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/19/2022 02:48:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.19041.546, časové razítko: 0x5da7ab91
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x80131623
Posun chyby: 0x00007ffe8371200f
ID chybujícího procesu: 0x1840
Čas spuštění chybující aplikace: 0x01d8259763af5875
Cesta k chybující aplikaci: C:\WINDOWS\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 2e08d603-f6f0-40dd-8b7c-969364ae6dca
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (02/19/2022 02:48:35 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()
Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)
Error: (02/19/2022 02:48:34 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (02/19/2022 02:48:34 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
Error: (02/19/2022 02:48:34 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
Error: (02/19/2022 02:40:50 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 - 0000000000000264,0x00530194,0000000000000000,0,00000218C0808860,4096,[0]). hr = 0x800701b1, Bylo zadáno zařízení, které neexistuje.
.
Operace:
Dotaz na stínové kopie
Error: (02/19/2022 02:19:19 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Službu nelze spustit. System.NullReferenceException: Odkaz na objekt není nastaven na instanci objektu.
v SetupAfterRebootService.SetupARService.OnStart(String[] args)
v System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (02/19/2022 02:10:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IZHECETIROJMEFOS.exe, verze: 1.1.17640.0, časové razítko: 0x8e795bdf
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.1466, časové razítko: 0xe2f8ca76
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000ff199
ID chybujícího procesu: 0x33d0
Čas spuštění chybující aplikace: 0x01d82591fe40ba08
Cesta k chybující aplikaci: C:\Users\kaPL74\AppData\Roaming\Ashampoo\Ashampoo Burning Studio 21\IZHECETIROJMEFOS.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: fae5794a-b976-4d21-8be3-5146922cb3e0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (02/12/2022 05:11:03 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.
Error: (02/12/2022 05:11:03 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.
Error: (02/12/2022 05:11:02 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.
Error: (02/12/2022 05:11:02 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.
Error: (02/12/2022 05:11:01 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.
Error: (02/12/2022 12:11:36 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Vzájemné ověření mezi místním adaptérem Bluetooth a zařízením s adresou adaptéru Bluetooth (2c:4d:79:c5:24:65) se nezdařilo.
Error: (02/12/2022 12:11:30 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Vzájemné ověření mezi místním adaptérem Bluetooth a zařízením s adresou adaptéru Bluetooth (2c:4d:79:c5:24:65) se nezdařilo.
Error: (02/12/2022 12:09:55 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Vzájemné ověření mezi místním adaptérem Bluetooth a zařízením s adresou adaptéru Bluetooth (2c:4d:79:c5:24:65) se nezdařilo.
Windows Defender:
================
Date: 2020-12-09 18:49:27
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/CloudCar_Test_File
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\kaPL74\Desktop\cloudcar.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: PCKAPL\kaPL74
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.327.2236.0, AS: 1.327.2236.0, NIS: 1.327.2236.0
Verze modulu: AM: 1.1.17600.5, NIS: 1.1.17600.5
CodeIntegrity:
===============
Date: 2022-02-19 14:21:20
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F10 12/14/2018
Motherboard: Gigabyte Technology Co., Ltd. B250M-D3H-CF
Processor: Intel(R) Core(TM) i5-7600 CPU @ 3.50GHz
Percentage of memory in use: 25%
Total physical RAM: 32727.8 MB
Available physical RAM: 24333.14 MB
Total Virtual: 34775.8 MB
Available Virtual: 25769.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.88 GB) (Free:682.13 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:931.51 GB) (Free:470.53 GB) NTFS
Drive e: () (Fixed) (Total:930.56 GB) (Free:685.07 GB) NTFS
\\?\Volume{61d92415-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{b5d0499e-b828-4e1c-9bed-e82b27d3d91a}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{61d92415-0000-0000-0000-60c3e8000000}\ () (Fixed) (Total:0.46 GB) (Free:0.03 GB) NTFS
\\?\Volume{14fdb315-38db-40bd-8c62-8f40fe6f7fce}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2EFF3D7B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 61D92415)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=469 MB) - (Type=27)
==========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o preventivku
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118272
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o preventivku
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\Users\kaPL74\Desktop jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" (No File)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {4606e602-6249-11ec-ab87-1c1b0da4b7b8} - "G:\HonorSuiteOnlineInstaller.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {817c3898-6009-11ec-ab87-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {55A557CB-D824-4D00-909D-4595CD3EB9E5} - System32\Tasks\IZHECETIROJMEFOS_run => C:\Users\kaPL74\AppData\Roaming\Ashampoo\Ashampoo Burning Studio 21\IZHECETIROJMEFOS.exe (No File)
Task: {933D8ED1-9629-446A-B082-A9BB21FED4A0} - System32\Tasks\ELZWSOJFXZNZVFJF_run => C:\Users\kaPL74\AppData\Roaming\Adobe\CameraRaw\ELZWSOJFXZNZVFJF.exe (No File)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [{63A62958-2DE5-4A07-AD58-C6706FD38EFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
FirewallRules: [{9668C1FC-5CA9-4073-9E73-CD66211B9828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
C:\Users\kaPL74\Desktop\cloudcar.exe
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o preventivku
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by kaPL74 (21-02-2022 09:01:52) Run:1
Running from C:\Users\kaPL74\Desktop
Loaded Profiles: kaPL74
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" (No File)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {4606e602-6249-11ec-ab87-1c1b0da4b7b8} - "G:\HonorSuiteOnlineInstaller.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {817c3898-6009-11ec-ab87-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {55A557CB-D824-4D00-909D-4595CD3EB9E5} - System32\Tasks\IZHECETIROJMEFOS_run => C:\Users\kaPL74\AppData\Roaming\Ashampoo\Ashampoo Burning Studio 21\IZHECETIROJMEFOS.exe (No File)
Task: {933D8ED1-9629-446A-B082-A9BB21FED4A0} - System32\Tasks\ELZWSOJFXZNZVFJF_run => C:\Users\kaPL74\AppData\Roaming\Adobe\CameraRaw\ELZWSOJFXZNZVFJF.exe (No File)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [{63A62958-2DE5-4A07-AD58-C6706FD38EFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
FirewallRules: [{9668C1FC-5CA9-4073-9E73-CD66211B9828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
C:\Users\kaPL74\Desktop\cloudcar.exe
EmptyTemp:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCXProcess" => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4606e602-6249-11ec-ab87-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{817c3898-6009-11ec-ab87-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55A557CB-D824-4D00-909D-4595CD3EB9E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55A557CB-D824-4D00-909D-4595CD3EB9E5}" => removed successfully
C:\WINDOWS\System32\Tasks\IZHECETIROJMEFOS_run => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IZHECETIROJMEFOS_run" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{933D8ED1-9629-446A-B082-A9BB21FED4A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{933D8ED1-9629-446A-B082-A9BB21FED4A0}" => removed successfully
C:\WINDOWS\System32\Tasks\ELZWSOJFXZNZVFJF_run => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ELZWSOJFXZNZVFJF_run" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63A62958-2DE5-4A07-AD58-C6706FD38EFE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9668C1FC-5CA9-4073-9E73-CD66211B9828}" => removed successfully
"C:\Users\kaPL74\Desktop\cloudcar.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 183282293 B
Java, Flash, Steam htmlcache => 671100205 B
Windows/system/drivers => 692580 B
Edge => 0 B
Firefox => 1194657223 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 30758 B
NetworkService => 30758 B
kaPL74 => 7572440 B
RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:04:25 ====
Ran by kaPL74 (21-02-2022 09:01:52) Run:1
Running from C:\Users\kaPL74\Desktop
Loaded Profiles: kaPL74
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" (No File)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {4606e602-6249-11ec-ab87-1c1b0da4b7b8} - "G:\HonorSuiteOnlineInstaller.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {817c3898-6009-11ec-ab87-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {55A557CB-D824-4D00-909D-4595CD3EB9E5} - System32\Tasks\IZHECETIROJMEFOS_run => C:\Users\kaPL74\AppData\Roaming\Ashampoo\Ashampoo Burning Studio 21\IZHECETIROJMEFOS.exe (No File)
Task: {933D8ED1-9629-446A-B082-A9BB21FED4A0} - System32\Tasks\ELZWSOJFXZNZVFJF_run => C:\Users\kaPL74\AppData\Roaming\Adobe\CameraRaw\ELZWSOJFXZNZVFJF.exe (No File)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [{63A62958-2DE5-4A07-AD58-C6706FD38EFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
FirewallRules: [{9668C1FC-5CA9-4073-9E73-CD66211B9828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
C:\Users\kaPL74\Desktop\cloudcar.exe
EmptyTemp:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCXProcess" => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4606e602-6249-11ec-ab87-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{817c3898-6009-11ec-ab87-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55A557CB-D824-4D00-909D-4595CD3EB9E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55A557CB-D824-4D00-909D-4595CD3EB9E5}" => removed successfully
C:\WINDOWS\System32\Tasks\IZHECETIROJMEFOS_run => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IZHECETIROJMEFOS_run" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{933D8ED1-9629-446A-B082-A9BB21FED4A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{933D8ED1-9629-446A-B082-A9BB21FED4A0}" => removed successfully
C:\WINDOWS\System32\Tasks\ELZWSOJFXZNZVFJF_run => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ELZWSOJFXZNZVFJF_run" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63A62958-2DE5-4A07-AD58-C6706FD38EFE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9668C1FC-5CA9-4073-9E73-CD66211B9828}" => removed successfully
"C:\Users\kaPL74\Desktop\cloudcar.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 183282293 B
Java, Flash, Steam htmlcache => 671100205 B
Windows/system/drivers => 692580 B
Edge => 0 B
Firefox => 1194657223 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 30758 B
NetworkService => 30758 B
kaPL74 => 7572440 B
RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 09:04:25 ====
-
Rudy
- Site Admin
- Příspěvky: 118272
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o preventivku
Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o preventivku
Děkuji moc.
-
Rudy
- Site Admin
- Příspěvky: 118272
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o preventivku
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?