Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Problem Trojan Win32/Guloader

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
pivak
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 úno 2008 12:52

Problem Trojan Win32/Guloader

#1 Příspěvek od pivak »

Zdravim, bohuzel jsem nesmyslne otevrel prilohu emailu *.img. Od te doby mi defender i Malwarebytes hlasi pokusy o komunikaci ven. Scan ovsem nic nenajde.
Zatim jsem se propracoval k "C:\Program Files (x86)\V3fkdw\igfxfxo.exe" a nejspis k "C:\Users\Pivson\AppData\Roaming\Effektueringers" o kterym nemam vedomi, ze by melo k necemu patrit.
Dekuji za pripadnou radu a pridavam logy z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-08-2022
Ran by Pivson (administrator) on DESKTOP-22AHP5V (LENOVO 20T8000TCK) (23-09-2022 08:51:08)
Running from C:\Users\Pivson\Desktop
Loaded Profiles: Pivson
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1889 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSSrcExt.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
(C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe ->) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngineProcess.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAF04E~1.INF\DAX3API.exe
(DriverStore\FileRepository\fn.inf_amd64_fdfe9d3e2da006b0\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FNA157~1.INF\driver\shtctky.exe
(DriverStore\FileRepository\fn.inf_amd64_fdfe9d3e2da006b0\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FNA157~1.INF\driver\tposd.exe
(DriverStore\FileRepository\u0376010.inf_amd64_6f43fa43bfd061b1\B375210\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376010.inf_amd64_6f43fa43bfd061b1\B375210\atieclxx.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <23>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376010.inf_amd64_6f43fa43bfd061b1\B375210\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Users\Pivson\AppData\Local\Temp\mDNSResponder.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_fdfe9d3e2da006b0\driver\tphkload.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\ibmpmsvc.exe
(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\LITSSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.GALAXYRS\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bbb0597391852f64\RtkAudUService64.exe <3>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22062.543.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1940_none_7dd80d767cb5c7b0\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HCWebControl] => C:\Program Files\HCWebControl\HCWebControlService.exe [251944 2021-11-25] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\Run: [SmartPSS-AC] => C:\Program Files (x86)\ToolBox\App\SmartPSS-AC\SmartPSSAC.exe [388608 2021-12-23] (SmartPSS-AC) [File not signed]
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\Run: [DJOX2T2HUB] => C:\Program Files (x86)\V3fkdw\igfxfxo.exe [252608 2022-09-15] (Access Denied) [File not signed]
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Uninstall 22.166.0807.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\22.166.0807.0002" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Uninstall 22.171.0814.0004] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\22.171.0814.0004" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Uninstall 22.176.0821.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\22.176.0821.0003" (No File)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01321483-F5B7-43B5-9E7C-45081FB1D06C} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [128976 2022-05-17] (Lenovo -> Lenovo)
Task: {0E61D9D6-06B6-4212-88AC-10533FD3A23C} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64408 2022-09-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {21167DF7-1A34-481E-A1B2-7CAC431BD6C7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\42a2b463-44f8-4a09-9b69-37b8bfce0e87 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {240199D2-14DA-4EA3-BF93-EF8E5A892557} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2CF93B07-C43B-4A0C-986F-17E3FF00E075} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [147864 2022-05-12] (Lenovo -> Lenovo Group Ltd.)
Task: {4F0FD34E-8C44-4B8D-A901-C370D5620E8C} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {58D276AC-FCE2-49C8-B9C6-47E12B60BC00} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {5D7A81D5-B8B2-4571-9980-5098A72234BA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {5FE9C4D3-672A-4A50-8CAE-94A72585DC0F} - System32\Tasks\update-S-1-5-21-3558388990-1469384061-1361614495-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {6144753A-8F2A-4C26-89D2-8C99A854229F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7c8ea253-1758-4470-be44-4687d69fc2ce => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {61827E42-2663-4F95-938E-95C462E2960A} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {820568F5-9FD2-4D22-A930-B8A68F13FCCB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23709120 2022-09-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {94A609FD-21D9-4D28-8933-4B5F6B65BAA6} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [184656 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {A7270575-EE21-48BD-AD7C-8DD84C4C4FF6} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bbb0597391852f64\RtkAudUService64.exe [3495904 2022-05-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {AC830E73-C298-4657-A2FD-E108A77EABFE} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [89408 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {BA740DE6-7194-4900-A73C-D9CF90C280C0} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {C53C2965-4B9B-4C65-ACF7-8711761AA5E4} - System32\Tasks\Process Explorer-DESKTOP-22AHP5V-Pivson => C:\PROCESSEXPLORER\PROCEXP64.EXE [1509768 2021-08-18] (Microsoft Corporation -> Sysinternals - www.sysinternals.com)
Task: {D113E6D9-7BFF-4816-A15A-F8138CA18DE4} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {DEC20F67-0930-4B9A-A61B-5535719F7183} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f8853b18-ae30-44c7-a552-540a39eec871 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {DEC21234-FF31-4481-B9FA-AFBC3A2B5D1F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E513D720-8758-4C0E-8359-F396D0BBAD3B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142208 2022-09-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F078B1E3-5180-40B8-A8A5-2CD3CD362CE9} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [64984 2022-05-17] (Lenovo -> )
Task: {F98DAD3B-F78E-402D-A06D-67AABE9E3243} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c170e8ef-e598-4a25-97d5-f7861367afce => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-3558388990-1469384061-1361614495-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.116.250 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{4c691773-6b5f-42c2-9a76-b222df26cb81}: [DhcpNameServer] 192.168.116.250 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{6783e6b9-c8cb-49a5-8d09-79f3636a5b1e}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pivson\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-26]
Edge HomePage: Default -> hxxp://www.msn.com/?pc=LCTE
Edge Session Restore: Default -> is enabled.

FireFox:
========
FF DefaultProfile: pm5kfv63.default
FF ProfilePath: C:\Users\Pivson\AppData\Roaming\Mozilla\Firefox\Profiles\pm5kfv63.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\Pivson\AppData\Roaming\Mozilla\Firefox\Profiles\9s0m34ew.default-release [2022-09-23]
FF Session Restore: Mozilla\Firefox\Profiles\9s0m34ew.default-release -> is enabled.
FF Extension: (uBlock Origin) - C:\Users\Pivson\AppData\Roaming\Mozilla\Firefox\Profiles\9s0m34ew.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-09-20]
FF Plugin: @java.com/DTPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\dtplugin\npDeployJava1.dll [2022-02-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.321.2 -> C:\Program Files\Java\jre1.8.0_321\bin\plugin2\npjp2.dll [2022-02-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @DVR/npmedia,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npmedia.dll [2017-10-24] () [File not signed]
FF Plugin-x32: @DVR/npplugin,version=3.1.0.4_l -> C:\Program Files (x86)\webrec\WEB30\WebView_L\npPlugin.dll [2018-12-26] () [File not signed]
FF Plugin-x32: @DVR/npTimeGrid,version=3.1.0.4 -> C:\Program Files (x86)\webrec\WEB30\WebPlugin\npTimeGrid.dll [2017-10-24] (Unauthorized copy) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2021-09-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2021-09-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2021-09-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2021-09-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2021-09-27] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @IPC/npmedia3.0.0.3,version=3.0.0.3 -> C:\Program Files\webrec\Torch\3.0.0.3\npmedia3.0.0.3.dll [2018-04-25] (Zhejiang Dahua Technology CO.,LTD. -> )
FF Plugin-x32: @IPC/npmedia3.3.192509.0,version=3.3.192509.0 -> C:\Program Files\webrec\Torch\3.3.192509.0\npmedia3.3.192509.0.dll [2019-07-25] (Zhejiang Dahua Technology CO.,LTD. -> )
FF Plugin-x32: @IPC/npmedia3.3.977837.0,version=3.3.977837.0 -> C:\Program Files\webrec\Torch\3.3.977837.0\npmedia3.3.977837.0.dll [2020-03-24] (Zhejiang Dahua Technology CO.,LTD. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @NVR/npmedia4.1.511.0,version=4.1.511.0 -> C:\Program Files (x86)\webrec\Torch\4.1.511.0\npmedia.dll [2020-09-29] (Zhejiang Dahua Technology CO.,LTD. -> )
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2018-12-20] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FF Plugin-x32: Web Manager Components -> C:\Program Files (x86)\Web Manager Components\npWebManagerComponents.dll [2017-11-20] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> HIKVISION)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Users\Pivson\AppData\Local\Temp\mDNSResponder.exe [390504 2022-07-21] (Apple Inc. -> Apple Inc.) <==== ATTENTION
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12131256 2022-09-23] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe [2305576 2021-12-08] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [437680 2022-01-24] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2363000 2021-09-24] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\Windows\System32\LITSSvc.exe [1217488 2022-04-12] (Lenovo -> Lenovo.)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [906216 2022-03-27] (Lenovo -> Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-15] (Malwarebytes Inc. -> Malwarebytes)
R2 MSSQL$GALAXYRS; c:\Program Files\Microsoft SQL Server\MSSQL11.GALAXYRS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$GALAXYRS; c:\Program Files\Microsoft SQL Server\MSSQL11.GALAXYRS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16241056 2022-07-13] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_fdfe9d3e2da006b0\driver\TPHKLOAD.exe [490768 2022-07-28] (Lenovo -> Lenovo Group Limited)
R2 UDCService; C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe [71504 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0376010.inf_amd64_6f43fa43bfd061b1\B375210\amdkmdag.sys [80559984 2022-01-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2022-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 honeywell_enum; C:\Windows\System32\drivers\honeywell_enum.sys [90296 2015-03-27] (Honeywell International Inc. -> Jungo)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193488 2022-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [75216 2022-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181992 2022-09-15] (Malwarebytes Inc. -> Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [36600 2017-11-20] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R1 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38888 2022-03-27] (Lenovo -> Lenovo)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SER2AT; C:\Windows\system32\DRIVERS\SER2AT64.sys [225128 2021-02-03] (WDKTestCert charles-yeh,131345514351795974 -> ATEN)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49576 2022-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [453904 2022-09-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-23 08:45 - 2022-09-23 08:45 - 000000000 ___HD C:\$WinREAgent
2022-09-20 22:52 - 2022-09-23 08:47 - 000000000 ____D C:\Users\Pivson\AppData\LocalLow\IGDump
2022-09-20 22:21 - 2022-09-23 08:51 - 000026270 _____ C:\Users\Pivson\Desktop\FRST.txt
2022-09-20 22:21 - 2022-09-23 08:51 - 000000000 ____D C:\FRST
2022-09-20 22:20 - 2022-09-20 22:20 - 002371072 _____ (Farbar) C:\Users\Pivson\Desktop\FRST64.exe
2022-09-20 08:44 - 2022-09-20 08:44 - 000139755 _____ C:\Users\Pivson\Downloads\EVO192_V6_90_005.PUF
2022-09-20 08:44 - 2022-09-20 08:44 - 000112680 _____ C:\Users\Pivson\Downloads\ACM12_V4_72_003.pef
2022-09-19 18:46 - 2022-09-19 18:47 - 000000000 ____D C:\AdwCleaner
2022-09-19 18:46 - 2022-09-19 18:46 - 008791352 _____ (Malwarebytes) C:\Users\Pivson\Downloads\adwcleaner.exe
2022-09-15 11:18 - 2022-09-15 11:18 - 002542014 _____ C:\Users\Pivson\Downloads\(2777) Q80S CZ DD Technik.pdf
2022-09-15 11:12 - 2022-09-15 11:12 - 000000000 ____D C:\Users\Pivson\AppData\Local\mbam
2022-09-15 11:11 - 2022-09-15 11:11 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-09-15 11:11 - 2022-09-15 11:11 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-09-15 11:11 - 2022-09-15 11:11 - 000193488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-09-15 11:11 - 2022-09-15 11:11 - 000181992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-09-15 11:11 - 2022-09-15 11:11 - 000158640 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-09-15 11:11 - 2022-09-15 11:11 - 000075216 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-09-15 11:11 - 2022-09-15 11:11 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-09-15 11:11 - 2022-09-15 11:11 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-09-15 11:11 - 2022-09-15 11:11 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-09-15 11:11 - 2022-09-15 11:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-09-15 11:11 - 2022-09-15 11:11 - 000000000 ____D C:\Program Files\Malwarebytes
2022-09-15 11:10 - 2022-09-15 11:10 - 002638472 _____ (Malwarebytes) C:\Users\Pivson\Downloads\MBSetup-37335.37335.exe
2022-09-15 10:25 - 2022-09-15 10:25 - 000000884 _____ C:\Users\Pivson\Desktop\HTTrack Website Copier.lnk
2022-09-15 10:25 - 2022-09-15 10:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2022-09-15 10:25 - 2022-09-15 10:25 - 000000000 ____D C:\Program Files\WinHTTrack
2022-09-15 10:24 - 2022-09-15 10:24 - 004513224 _____ (HTTrack ) C:\Users\Pivson\Downloads\httrack_x64-3.49.2.exe
2022-09-13 19:06 - 2022-09-13 19:06 - 000000000 ____D C:\Program Files (x86)\V3fkdw
2022-09-13 18:56 - 2022-09-13 18:56 - 001245184 _____ C:\Users\Pivson\Downloads\list_01562.img
2022-09-13 18:54 - 2022-09-13 18:54 - 000000000 ____D C:\Users\Pivson\AppData\Roaming\Effektueringers
2022-09-12 23:46 - 2022-09-12 23:46 - 000614525 _____ C:\Users\Pivson\Downloads\grandstream.zip
2022-09-12 19:56 - 2022-09-12 19:56 - 000000000 ____D C:\Users\Pivson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grandstream
2022-09-12 19:56 - 2022-09-12 19:56 - 000000000 ____D C:\Program Files (x86)\Grandstream
2022-09-12 19:55 - 2022-09-12 19:55 - 011195972 _____ C:\Users\Pivson\Downloads\GWNDiscoveryTool.zip
2022-09-12 19:55 - 2022-09-12 19:55 - 000000000 ____D C:\Users\Pivson\Downloads\GWNDiscoveryTool
2022-09-12 19:52 - 2022-09-12 19:52 - 004293978 _____ C:\Users\Pivson\Downloads\gwn76xx_usermanual.pdf
2022-09-12 19:05 - 2022-09-12 19:05 - 000915128 _____ (Riverbed Technology, Inc.) C:\Users\Pivson\Downloads\WinPcap_4_1_3.exe
2022-09-12 19:05 - 2022-09-12 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2022-09-12 19:05 - 2022-09-12 19:05 - 000000000 ____D C:\Program Files (x86)\WinPcap
2022-09-12 18:44 - 2022-09-12 18:44 - 002658385 _____ C:\Users\Pivson\Downloads\IPQuery.zip
2022-09-12 18:44 - 2022-09-12 18:44 - 000000000 ____D C:\Users\Pivson\Downloads\IPQuery
2022-09-10 09:04 - 2022-06-21 00:13 - 017388440 _____ C:\Windows\system32\RsEyeContactCorrection_Assets.dll
2022-09-10 09:04 - 2022-06-21 00:13 - 015824800 _____ C:\Windows\system32\RsDMFT_Assets.dll
2022-09-10 09:04 - 2022-06-21 00:13 - 013411752 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsDMFT64.dll
2022-09-05 10:52 - 2022-09-05 10:52 - 000003332 _____ C:\Users\Pivson\Documents\Otavska 17 zadni.csv
2022-09-05 10:43 - 2022-09-05 10:43 - 000003331 _____ C:\Users\Pivson\Documents\Otavska 17.csv
2022-09-02 10:17 - 2022-09-02 10:18 - 003853384 _____ (AnyDesk Software GmbH) C:\Users\Pivson\Downloads\AnyDesk.exe
2022-08-26 11:20 - 2022-08-26 11:20 - 000000000 ____D C:\Users\Pivson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlugin3.3.192509.0
2022-08-26 11:19 - 2022-08-26 11:19 - 000000000 ____D C:\Users\Pivson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlugin

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-09-23 08:50 - 2022-01-21 11:16 - 000000000 ____D C:\Users\Pivson\AppData\LocalLow\Mozilla
2022-09-23 08:50 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2022-09-23 08:44 - 2022-01-22 03:15 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3558388990-1469384061-1361614495-1001
2022-09-23 08:44 - 2022-01-22 03:10 - 000002391 _____ C:\Users\Pivson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-09-23 08:44 - 2022-01-21 11:42 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3558388990-1469384061-1361614495-1001
2022-09-23 08:44 - 2022-01-21 11:15 - 000000000 ____D C:\Windows\system32\MRT
2022-09-23 08:44 - 2021-03-07 05:07 - 000000000 ____D C:\Program Files\Microsoft Office
2022-09-23 08:41 - 2022-01-21 11:15 - 141646296 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-09-23 08:40 - 2020-05-06 20:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-09-23 08:40 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-09-21 09:54 - 2022-01-21 11:16 - 000000000 ____D C:\ProgramData\Mozilla
2022-09-21 06:42 - 2022-02-02 11:43 - 000000000 ____D C:\Users\Pivson\AppData\Roaming\vlc
2022-09-20 23:31 - 2022-02-14 15:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-09-20 23:30 - 2022-01-27 20:41 - 000000000 ____D C:\_Old NB
2022-09-20 22:54 - 2022-01-21 11:16 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-09-20 22:54 - 2022-01-21 11:16 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-09-20 22:54 - 2022-01-21 11:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-09-20 22:54 - 2022-01-21 11:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-09-20 20:53 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2022-09-20 09:01 - 2021-03-07 04:53 - 000770580 _____ C:\Windows\system32\perfh005.dat
2022-09-20 09:01 - 2021-03-07 04:53 - 000172038 _____ C:\Windows\system32\perfc005.dat
2022-09-20 09:01 - 2020-05-06 20:41 - 001853820 _____ C:\Windows\system32\PerfStringBackup.INI
2022-09-20 09:01 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2022-09-20 08:54 - 2022-01-28 11:47 - 000000000 ____D C:\Users\Public\Documents\Paradox Security Systems
2022-09-20 06:24 - 2021-03-07 05:03 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-20 06:24 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-09-19 18:17 - 2022-06-20 19:31 - 000000000 ____D C:\Tmp
2022-09-19 12:33 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-09-15 11:11 - 2022-01-22 03:13 - 000000000 ____D C:\Users\Pivson\AppData\Local\D3DSCache
2022-09-15 11:11 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-09-15 10:24 - 2022-01-22 03:13 - 000000000 ____D C:\Users\Pivson\AppData\Local\Packages
2022-09-13 19:11 - 2022-04-20 13:09 - 000000000 ____D C:\Program Files\TeamViewer
2022-09-13 19:11 - 2022-01-27 23:21 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2022-09-13 19:11 - 2020-05-06 20:33 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-13 19:11 - 2020-05-06 20:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-09-13 19:11 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2022-09-13 19:11 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2022-09-13 19:11 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2022-09-13 19:10 - 2022-03-14 12:07 - 001055271 _____ C:\Users\Pivson\Documents\Cemex Brno.fdb
2022-09-12 18:53 - 2022-01-22 09:40 - 000000000 ____D C:\Program Files (x86)\ToolBox
2022-09-12 18:52 - 2022-01-26 11:45 - 000000000 ____D C:\ProgramData\Package Cache
2022-09-10 09:05 - 2020-05-06 20:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-09-09 12:31 - 2022-01-22 03:10 - 000000000 ____D C:\Users\Pivson
2022-09-02 09:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns

==================== Files in the root of some directories ========

2022-03-22 10:57 - 2022-03-22 10:57 - 000000003 _____ () C:\Users\Pivson\AppData\Local\updater.log
2022-03-22 10:57 - 2022-03-22 10:57 - 000000424 _____ () C:\Users\Pivson\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


A zde je log Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by Pivson (23-09-2022 08:51:46)
Running from C:\Users\Pivson\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1889 (X64) (2022-01-22 00:53:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3558388990-1469384061-1361614495-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3558388990-1469384061-1361614495-503 - Limited - Disabled)
Guest (S-1-5-21-3558388990-1469384061-1361614495-501 - Limited - Disabled)
Pivson (S-1-5-21-3558388990-1469384061-1361614495-1001 - Administrator - Enabled) => C:\Users\Pivson
WDAGUtilityAccount (S-1-5-21-3558388990-1469384061-1361614495-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2N® Network Scanner version 3.0.4 (HKLM-x32\...\{480AA7C4-E8B1-41E2-80F3-C9A7A1D0B97E}_is1) (Version: 3.0.4 - 2N TELEKOMUNIKACE a. s.)
BabyWare v5.4.26 (HKLM\...\BabyWare v5.4.26) (Version: 5.4.26 - Paradox Security Systems)
DLOADX v1.20.004 (HKLM-x32\...\DLOADX_is1) (Version: - Satel sp. z o.o.)
Fire Site Installer v3.0.7.20 (HKLM-x32\...\Fire Site Installer_is1) (Version: 3.0.7.20 - Eaton)
F-Link 2.5.3.1267 (HKLM-x32\...\F-Link 2.5.3.1267_is1) (Version: F-Link 2.5.3.1267 - Jablotron Alarms a.s.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 11.1.0.52543 - Foxit Software Inc.)
GalaxyRS (HKLM-x32\...\{77CC863B-5E65-4FE6-BE1C-987217718CD3}) (Version: 3.54.01 - Honeywell)
GWNDiscoveryTool (HKLM-x32\...\Grandstream GWNDiscoveryTool) (Version: 1.1.0.1 - Grandstream)
HCWebControl (HKLM\...\{9B50759B-4B6A-4FE5-9F48-073BC8B86002}_is1) (Version: 2.2.0.0 - Hangzhou Hikvision Digital Technology Co., Ltd.)
HikCentral Professional Control Client (HKLM-x32\...\{E4197C07-D076-43DE-8122-0F96E1A6A516}) (Version: 2.1.1 - Hangzhou Hikvision Digital Technology Co., Ltd.)
Honeywell HSM USB Serial Driver x64 ver 3.4.9 (HKLM\...\{548F2383-4FAB-413E-98BA-63CDC3387925}) (Version: 3.4.9 - Honeywell)
iVMS-4200 (HKLM-x32\...\{CE2F96D0-63D2-4B9C-A8D6-0D1A60840BD8}) (Version: 3.7.0.5 - Hangzhou Hikvision Digital Technology Co., Ltd.)
Java 8 Update 321 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180321F0}) (Version: 8.0.3210.7 - Oracle Corporation)
J-Link 2.2.0.1129 (HKLM-x32\...\J-Link 2.2.0.1129_is1) (Version: J-Link 2.2.0.1129 - Jablotron Alarms a.s.)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
LibreOffice 7.2.5.2 (HKLM\...\{4EF63F1E-7ADF-4D6E-8F9F-5E1D5CE231D1}) (Version: 7.2.5.2 - The Document Foundation)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.15601.20148 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.42 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\OneDriveSetup.exe) (Version: 22.181.0828.0002 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 RsFx Driver (HKLM\...\{A0F05048-7653-4FCD-9F3A-C740E4052ACE}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 CSY (HKLM\...\{F0E39311-E741-4374-963A-8E899DC2C7B6}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29112 (HKLM-x32\...\{526B224D-6B70-4A2A-9D03-CE304B5125D6}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29112 (HKLM-x32\...\{42163859-095F-469B-A0B0-7748500570D1}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 105.0 (x64 cs)) (Version: 105.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.5.1 - Mozilla)
Mozilla Thunderbird (x64 cs) (HKLM\...\Mozilla Thunderbird 91.13.0 (x64 cs)) (Version: 91.13.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15601.20064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15601.20148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
OLink 2.0.5.829 (HKLM-x32\...\OLink 2.0.5.829_is1) (Version: OLink 2.0.5 - Jablotron Alarms a.s.)
OWL Reporter (HKLM-x32\...\OWL Reporter) (Version: - )
PSReader x64 4.11.6.0 (HKLM-x32\...\PSReader x64_is1) (Version: 4.11.6.0 - ELEKTRO-FA. PAVELEK, s.r.o.)
SADP (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 3.0.4.9 - Hangzhou Hikvision Digital Technology Co., Ltd.)
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
TeamViewer (HKLM\...\TeamViewer) (Version: 15.32.3 - TeamViewer)
ToolBox (HKLM-x32\...\ToolBox) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.00 - Ghisler Software GmbH)
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version: - )
UC232A_Win 10_64bit (HKLM-x32\...\{680FF7B7-9645-48D3-9DCA-B8C756CC9E35}) (Version: 1.0.087 - Aten International Co., Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VTxx Setup verze 7.0 (HKLM-x32\...\{37E136C1-3004-45B4-BA0F-F1C000BB869E}_is1) (Version: 7.0 - )
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.7.500 - )
Web Manager Components (HKLM-x32\...\{D6936FE5-0307-4673-AAEE-41DA99B8C88A}_is1) (Version: 3.3.7.1.23333 - Hangzhou Hikvision Digital Technology Co., Ltd.)
Windows Driver Package - Optical Wavelength Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM\...\CB343B0459332EA7D2C94A2EFD5DDA5E7B294B77) (Version: 12/10/2012 6.6.1.0 - Optical Wavelength Laboratories)
WinHTTrack Website Copier 3.49-2 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.49.2 - HTTrack)
WinLoad 5.71 (HKLM-x32\...\WinLoad 5.71_is1) (Version: - Paradox Security Systems)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
X600 Commissioning Application V5.0.0.20 (HKLM-x32\...\{46C75864-3B46-4562-A312-FF2601E66B2E}_is1) (Version: V5.0.0.20 - Protec Fire Detection Plc)

Packages:
=========
AI Meeting Manager -> C:\Program Files\WindowsApps\E046963F.AIMeetingManager_3.0.45.0_x64__k1h2ywk1493x8 [2022-09-15] (LENOVO INC.)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2022-04-07] (Advanced Micro Devices Inc.) [Startup Task]
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52074.0_x64__8wekyb3d8bbwe [2022-08-16] (Microsoft Corporation)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.30201.210.0_x64__rz1tebttyb220 [2022-07-26] (Dolby Laboratories)
ELAN Touchpad for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadforThinkpad_24.121.15.0_x64__stws0m115j6hg [2022-09-13] (ELAN Microelectronics Corporation)
ELAN TrackPoint for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTrackPointforThinkpa_24.121.18.0_x64__stws0m115j6hg [2022-09-13] (ELAN Microelectronics Corporation)
Glance by Mirametrix -> C:\Program Files\WindowsApps\MirametrixInc.GlancebyMirametrix_9.22.1332.0_x64__17mer8kcn3j54 [2022-07-28] (Mirametrix Inc.) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9020.0_x64__8wekyb3d8bbwe [2022-09-15] (Microsoft Studios) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.36.273.0_x64__dt26b99r8h8gj [2022-07-26] (Realtek Semiconductor Corp)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-06] (Microsoft Corporation)
Task Manager Free -> C:\Program Files\WindowsApps\55591DelaireDamien.TaskManagerFree_1.0.0.41_x64__823pgb98jhb94 [2022-05-25] (Delaire Damien)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3558388990-1469384061-1361614495-1001_Classes\CLSID\{521345A5-D9B2-48DB-954A-51B92C80C9D8}\InprocServer32 -> C:\Program Files\Mozilla Firefox\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-15] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2022-01-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-09-15] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-04-07 10:01 - 2022-04-07 10:01 - 000438784 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\amdlinkremoteserver.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000017920 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\libEGL.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 003567616 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\libGLESv2.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000258560 _____ () [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\WirelessVR-windesktop64.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 004396032 _____ (Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\D3DCompiler_47.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qgif.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qicns.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000031232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qico.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000415232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qjpeg.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qsvg.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qtga.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwbmp.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwebp.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 001455104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\platforms\qwindows.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 001227776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\sqldrivers\qsqlite.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\styles\qwindowsvistastyle.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Core.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 006947328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Gui.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000740352 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Multimedia.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000123392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5MultimediaQuick.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 001110528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Network.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Positioning.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 003798528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Qml.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000440832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QmlModels.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000054784 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QmlWorkerScript.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 004255744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Quick.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000171520 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickControls2.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 001128448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickTemplates2.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000206336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Sql.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000334336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Svg.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000396800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngine.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 102854656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngineCore.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000133120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebChannel.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 005611008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Widgets.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WinExtras.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000210432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Xml.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 002877440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5XmlPatterns.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000056832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000267776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtMultimedia\declarative_multimedia.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQml\qmlplugin.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick.2\qtquick2plugin.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000290816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000336896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls\qtquickcontrolsplugin.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000134144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Dialogs\dialogplugin.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000106496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Layouts\qquicklayoutsplugin.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Window.2\windowplugin.dll
2022-04-07 10:01 - 2022-04-07 10:01 - 000093184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-3558388990-1469384061-1361614495-1001 -> DefaultScope {66D66BCB-2ED0-470F-809C-99606F8F8F39} URL =
SearchScopes: HKU\S-1-5-21-3558388990-1469384061-1361614495-1001 -> {66D66BCB-2ED0-470F-809C-99606F8F8F39} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll [2022-02-11] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll [2022-02-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-09] (Microsoft Corporation -> Microsoft Corporation)
IE Session Restore: HKU\S-1-5-21-3558388990-1469384061-1361614495-1001 -> is enabled.
DPF: HKLM-x32 {5EFE5C15-4691-400B-94E9-85E8ABA1ECEC} hxxp://192.168.1.100/LiveAx.cab
DPF: HKLM-x32 {ED4850BF-32D8-4E73-A231-52560EE27A5E} hxxp://192.168.1.10/WatSearCtrl.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-09-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-09-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\DTS\Binn\
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Lenovo\ThinkPad-ThinkCentre_wallpaper.png
DNS Servers: 192.168.116.250 - 62.129.50.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9B550223-E4B1-41A5-B779-6F0B67EC79C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6BB4C555-7981-4DC4-8453-C403CC4DB5C6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{E02A2643-A8F7-4268-9A3F-CA79EE3C4BD8}C:\program files (x86)\toolbox\mintray.exe] => (Allow) C:\program files (x86)\toolbox\mintray.exe () [File not signed]
FirewallRules: [UDP Query User{FB02A884-9E36-42C1-AE19-F5FB6D93EF92}C:\program files (x86)\toolbox\mintray.exe] => (Allow) C:\program files (x86)\toolbox\mintray.exe () [File not signed]
FirewallRules: [TCP Query User{181E0727-767C-414A-89A2-5DF5076E5FC9}C:\program files (x86)\toolbox\toolbox.exe] => (Allow) C:\program files (x86)\toolbox\toolbox.exe () [File not signed]
FirewallRules: [UDP Query User{A6DB6D2F-BB68-41F8-9F81-0EFA14263677}C:\program files (x86)\toolbox\toolbox.exe] => (Allow) C:\program files (x86)\toolbox\toolbox.exe () [File not signed]
FirewallRules: [TCP Query User{E0247F74-1991-4457-8B65-8546D94EF355}C:\program files (x86)\toolbox\app\configtool\configtool.exe] => (Allow) C:\program files (x86)\toolbox\app\configtool\configtool.exe () [File not signed]
FirewallRules: [UDP Query User{D0D7D13A-865C-4AB3-B666-491BD7621F25}C:\program files (x86)\toolbox\app\configtool\configtool.exe] => (Allow) C:\program files (x86)\toolbox\app\configtool\configtool.exe () [File not signed]
FirewallRules: [TCP Query User{6F0063C4-89FD-4EE2-9C6E-1E9DB37A12E1}C:\program files (x86)\toolbox\app\smartpss-ac\smartpssac.exe] => (Allow) C:\program files (x86)\toolbox\app\smartpss-ac\smartpssac.exe (SmartPSS-AC) [File not signed]
FirewallRules: [UDP Query User{C3F1DDF2-B135-4B98-8B00-BE9ED0FA3BA0}C:\program files (x86)\toolbox\app\smartpss-ac\smartpssac.exe] => (Allow) C:\program files (x86)\toolbox\app\smartpss-ac\smartpssac.exe (SmartPSS-AC) [File not signed]
FirewallRules: [TCP Query User{341E032F-AC8B-4DFF-B23A-1233F0B92871}C:\program files (x86)\ivms-4200 site\nginx\nginx.exe] => (Allow) C:\program files (x86)\ivms-4200 site\nginx\nginx.exe () [File not signed]
FirewallRules: [UDP Query User{F7CAF339-BA93-4F29-8772-1D80DDFCA2C7}C:\program files (x86)\ivms-4200 site\nginx\nginx.exe] => (Allow) C:\program files (x86)\ivms-4200 site\nginx\nginx.exe () [File not signed]
FirewallRules: [TCP Query User{5E93B7D1-2D81-4F31-93D2-D7162969670F}C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [UDP Query User{A2252EEB-62C9-44CC-BDE3-F2ACE3925BB1}C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.topology.s\ivms-4200.topology.s.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [TCP Query User{A3FC20E5-37EB-4C12-9526-6D31C4C7E21F}C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [UDP Query User{95B3D2CC-9781-4D8F-A0C5-55127F87D804}C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\server\ivms-4200.devicemanagement.s\ivms-4200.devicemanagement.s.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [TCP Query User{9D2B4416-5EC8-40DC-B2E0-F4BED8325388}C:\program files (x86)\sadp\sadp\sadptool.exe] => (Allow) C:\program files (x86)\sadp\sadp\sadptool.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [UDP Query User{85D4E525-1C31-4A89-A916-93D74230E836}C:\program files (x86)\sadp\sadp\sadptool.exe] => (Allow) C:\program files (x86)\sadp\sadp\sadptool.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [TCP Query User{4157BAF1-3C9C-44FF-82DE-F43104DF8D97}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [UDP Query User{D2DA6E81-EE05-4F95-A2E2-AA212535C21D}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.devicemanagement.c\ivms-4200.devicemanagement.c.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [TCP Query User{4E81B787-F27C-4CC2-99F1-C7E291BF0631}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{1F5AC9E2-F1FD-4A2B-B329-47BBD1F2D064}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{6636B057-9386-4504-A0DE-877A5B42BB8A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{24FA85CE-F95E-4D38-A3F3-F552EEC349A7}] => (Allow) C:\Program Files (x86)\Paradox Security Systems\BabyWare v5.4.26\Babyware.exe (Paradox Security Systems Ltd. -> Paradox Security Systems)
FirewallRules: [{932000A1-26CF-4A81-9A49-DD2565E3C8AB}] => (Allow) C:\Program Files (x86)\2N TELEKOMUNIKACE\2N Helios IP\2N Network Scanner\NetworkScanner.exe (2N® TELEKOMUNIKACE a.s.) [File not signed]
FirewallRules: [{EFF8F60D-D8FB-4634-B693-575EFB47B104}] => (Allow) C:\Program Files\Java\jre1.8.0_321\bin\java.exe
FirewallRules: [{875D23D8-5478-400C-9D4C-3034A1D7B3EC}] => (Allow) C:\Program Files\Java\jre1.8.0_321\bin\java.exe
FirewallRules: [{22820366-BEE4-4FBF-9356-20C7B63D4893}] => (Allow) C:\Users\Pivson\Ubiquiti UniFi\bin\mongod.exe (MongoDB, Inc) [File not signed]
FirewallRules: [{2FF0F2F8-B1CF-41D8-A5DD-C7FB3EAC63B3}] => (Allow) C:\Users\Pivson\Ubiquiti UniFi\bin\mongod.exe (MongoDB, Inc) [File not signed]
FirewallRules: [TCP Query User{737BD561-9705-4DEE-9BC6-D9C65A51244E}C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe => No File
FirewallRules: [UDP Query User{4794775C-1844-49BE-9CE9-F4C37572BBF2}C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe => No File
FirewallRules: [TCP Query User{D25089BF-DE02-47F7-9817-B2CACF4E39A7}C:\program files\hcwebcontrol\hcwebcontrolservice.exe] => (Allow) C:\program files\hcwebcontrol\hcwebcontrolservice.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [UDP Query User{2865B6CF-681E-406A-96C4-84B3F993E2D7}C:\program files\hcwebcontrol\hcwebcontrolservice.exe] => (Allow) C:\program files\hcwebcontrol\hcwebcontrolservice.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{63BC3C41-CCF2-4ED8-92DF-0ADC5F6289C4}C:\program files\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_321\bin\javaw.exe
FirewallRules: [UDP Query User{645E7BE9-3851-4758-B550-80D632678952}C:\program files\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_321\bin\javaw.exe
FirewallRules: [{25F43EA7-4951-431E-816A-B6C410B376EE}] => (Allow) C:\Program Files (x86)\Honeywell\GalaxyRS\bin\CommServer.exe (Honeywell International Inc.) [File not signed]
FirewallRules: [{88C71116-66A9-47B9-9BFF-BA2ECF7CE371}] => (Allow) C:\Program Files (x86)\Honeywell\GalaxyRS\bin\CommServer.exe (Honeywell International Inc.) [File not signed]
FirewallRules: [TCP Query User{D78D78B9-3A73-4365-99BC-6CFC01298C18}C:\program files (x86)\honeywell\galaxyrs\bin\commserver.exe] => (Allow) C:\program files (x86)\honeywell\galaxyrs\bin\commserver.exe (Honeywell International Inc.) [File not signed]
FirewallRules: [UDP Query User{CF0A7046-0D28-4C48-A16C-E0FA067F6D30}C:\program files (x86)\honeywell\galaxyrs\bin\commserver.exe] => (Allow) C:\program files (x86)\honeywell\galaxyrs\bin\commserver.exe (Honeywell International Inc.) [File not signed]
FirewallRules: [TCP Query User{4F451FE9-43FF-4B0A-AA87-9C3133BDC3BE}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.video.c\ivms-4200.video.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.video.c\ivms-4200.video.c.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [UDP Query User{6F965EA1-A219-42C3-A9AF-3DEC2B3A3E58}C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.video.c\ivms-4200.video.c.exe] => (Allow) C:\program files (x86)\ivms-4200 site\ivms-4200 client\client\ivms-4200.video.c\ivms-4200.video.c.exe (Hangzhou Hikvision Digital Tech.Co.,Ltd -> )
FirewallRules: [TCP Query User{E64222D0-7F2B-4D64-82F6-9B98206AB161}C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe] => (Allow) C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe => No File
FirewallRules: [UDP Query User{424FAEDA-1ABF-49F0-9374-C54EEAA5432B}C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe] => (Allow) C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe => No File
FirewallRules: [TCP Query User{69EB91DE-EA44-4370-83B6-085A195837D1}C:\users\pivson\appdata\local\temp\init_t.exe] => (Allow) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [UDP Query User{70509754-56AD-4D4E-8C16-EA27645D861C}C:\users\pivson\appdata\local\temp\init_t.exe] => (Allow) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [{B6B3180D-5E58-4012-B8FF-C0D9A70F962C}] => (Block) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [{34556977-0BF2-47C7-9114-4D1C0DC179DA}] => (Block) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [TCP Query User{1BB8357D-5235-47F9-9CCE-76EEA59D9593}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D251ACC5-BC71-4123-A129-FCE69DFF0BA0}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC4E92D9-C81C-4464-86D8-274C9822C7FA}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFAB6BC2-C36B-48FA-9B9B-B1E0184FC237}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B684E6A5-5564-414E-A05F-1E63E331DB35}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D1AEADB8-2A1D-484A-A590-70491E32100A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7E2D6CB9-4145-4770-816E-0A45F5E43841}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AF252A2A-A772-4E8D-AA4C-F3F4AA72B0EE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{9E765F69-CF25-467B-A82B-D5DC5D61E648}C:\program files (x86)\grandstream\gwndiscoverytool\gwndiscoverytool.exe] => (Allow) C:\program files (x86)\grandstream\gwndiscoverytool\gwndiscoverytool.exe () [File not signed]
FirewallRules: [UDP Query User{EF7871F6-0C1A-4069-B89B-5835337600D3}C:\program files (x86)\grandstream\gwndiscoverytool\gwndiscoverytool.exe] => (Allow) C:\program files (x86)\grandstream\gwndiscoverytool\gwndiscoverytool.exe () [File not signed]
FirewallRules: [{9B9D8071-E795-4C96-A446-0001E21B76AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1AA21755-F034-4E77-8C57-1937F3E6198C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9F03A0F8-56E4-4A1C-8F10-4CA0BE465CE8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{628F9F70-C7F5-4841-86D9-C4AC5DD2AD4A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D16423AE-252A-4233-9624-18F94A51ED1D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

12-09-2022 18:45:13 Nainstalováno: Microsoft Visual C++ 2005 Redistributable
20-09-2022 12:03:50 Naplánovaný kontrolní bod
23-09-2022 08:41:19 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/19/2022 12:36:25 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (09/19/2022 12:36:25 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/14/2022 01:43:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10815015

Error: (09/14/2022 01:43:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10815015

Error: (09/14/2022 01:43:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/13/2022 07:11:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UDClientService.exe, verze: 22.5.0.33, časové razítko: 0x62850c91
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.1806, časové razítko: 0x1000a5b9
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000ff609
ID chybujícího procesu: 0x18b8
Čas spuštění chybující aplikace: 0x01d8c793dfa25453
Cesta k chybující aplikaci: C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 78c17c46-0286-4abc-9eef-3fd269126d75
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (09/13/2022 06:53:41 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (09/13/2022 06:53:41 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (09/21/2022 07:02:16 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Na miniportu Realtek PCIe GbE Family Controller, {6783e6b9-c8cb-49a5-8d09-79f3636a5b1e}, došlo k události 74.

Error: (09/20/2022 08:53:27 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: DESKTOP-22AHP5V)
Description: Jazykovou sadu pro sk-SK nelze odinstalovat, protože není nainstalována.

Error: (09/20/2022 06:24:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024200b): Lenovo - System - 10.5.3.0.

Error: (09/20/2022 04:24:06 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Na miniportu Realtek PCIe GbE Family Controller, {6783e6b9-c8cb-49a5-8d09-79f3636a5b1e}, došlo k události 74.

Error: (09/20/2022 09:17:15 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: DESKTOP-22AHP5V)
Description: Jazykovou sadu pro sk-SK nelze odinstalovat, protože není nainstalována.

Error: (09/20/2022 08:53:37 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: DESKTOP-22AHP5V)
Description: Jazykovou sadu pro sk-SK nelze odinstalovat, protože není nainstalována.

Error: (09/20/2022 08:53:28 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1040) (User: NT AUTHORITY)
Description: Jazykovou sadu pro sk-SK nelze odinstalovat, protože není nainstalována.

Error: (09/20/2022 07:53:54 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Na miniportu Realtek PCIe GbE Family Controller, {6783e6b9-c8cb-49a5-8d09-79f3636a5b1e}, došlo k události 74.


Windows Defender:
================
Date: 2022-09-15 11:11:23
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Guloader.SM!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Pivson\AppData\Local\Temp\V3fkdw\igfxfxo.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-22AHP5V\Pivson
Název procesu: C:\Windows\System32\dllhost.exe
Verze bezpečnostních informací: AV: 1.375.378.0, AS: 1.375.378.0, NIS: 1.375.378.0
Verze modulu: AM: 1.1.19600.3, NIS: 1.1.19600.3

Date: 2022-09-15 11:11:23
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Guloader.SM!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Pivson\AppData\Local\Temp\V3fkdw\igfxfxo.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-22AHP5V\Pivson
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.375.378.0, AS: 1.375.378.0, NIS: 1.375.378.0
Verze modulu: AM: 1.1.19600.3, NIS: 1.1.19600.3

Date: 2022-09-15 11:09:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Guloader.SM!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Pivson\AppData\Local\Temp\V3fkdw\igfxfxo.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-22AHP5V\Pivson
Název procesu: C:\Windows\System32\dllhost.exe
Verze bezpečnostních informací: AV: 1.375.378.0, AS: 1.375.378.0, NIS: 1.375.378.0
Verze modulu: AM: 1.1.19600.3, NIS: 1.1.19600.3

Date: 2022-09-15 11:09:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Guloader.SM!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Pivson\AppData\Local\Temp\V3fkdw\igfxfxo.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-22AHP5V\Pivson
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.375.378.0, AS: 1.375.378.0, NIS: 1.375.378.0
Verze modulu: AM: 1.1.19600.3, NIS: 1.1.19600.3

Date: 2022-09-15 11:07:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Guloader.SM!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Pivson\AppData\Local\Temp\V3fkdw\igfxfxo.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-22AHP5V\Pivson
Název procesu: C:\Windows\System32\dllhost.exe
Verze bezpečnostních informací: AV: 1.375.378.0, AS: 1.375.378.0, NIS: 1.375.378.0
Verze modulu: AM: 1.1.19600.3, NIS: 1.1.19600.3
Event[0]:

Date: 2022-08-26 09:51:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.373.837.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19500.2
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2022-08-26 09:51:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.373.837.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19500.2
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2022-08-26 09:51:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.373.837.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19500.2
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2022-08-26 09:51:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.373.837.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19500.2
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2022-08-26 09:51:48
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.373.837.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19500.2
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===============
Date: 2022-09-15 11:11:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-09-15 10:23:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-09-09 13:08:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO R1AET34W (1.10 ) 12/19/2020
Motherboard: LENOVO 20T8000TCK
Processor: AMD Ryzen 7 4700U with Radeon Graphics
Percentage of memory in use: 50%
Total physical RAM: 15591.43 MB
Available physical RAM: 7772.42 MB
Total Virtual: 17895.43 MB
Available Virtual: 6897.33 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:264.97 GB) (Model: WDC PC SN530 SDBPMPZ-512G-1001) NTFS

\\?\Volume{40b566be-dd5b-43a0-8e8f-60741adbcf21}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{e2d1c873-cae6-4827-aa49-a1763c0c8661}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: F6A32BC1)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Problem Trojan Win32/Guloader

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

pivak
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 úno 2008 12:52

Re: Problem Trojan Win32/Guloader

#3 Příspěvek od pivak »

Zasilam log:

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-08-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 09-23-2022
# Duration: 00:00:03
# OS: Windows 10 (Build 19043.1889)
# Scanned: 32100
# Detected: 8


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoHotkeyManager Folder C:\Program Files\LENOVO\HOTKEY
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\Pivson\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Preinstalled.LenovoPowerManager Folder C:\Windows\SysWOW64\LENOVO\POWERMGR
Preinstalled.LenovoPowerManager Folder C:\Windows\System32\LENOVO\POWERMGR



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Problem Trojan Win32/Guloader

#4 Příspěvek od Rudy »

Toto je OK. Preinstalled jsou utility od Lenova (neškodné). Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Uninstall 22.166.0807.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\22.166.0807.0002" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Uninstall 22.171.0814.0004] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\22.171.0814.0004" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Uninstall 22.176.0821.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\22.176.0821.0003" (No File)
FF ProfilePath: C:\Users\Pivson\AppData\Roaming\Mozilla\Firefox\Profiles\pm5kfv63.default [not found] <==== ATTENTION
R2 Bonjour Service; C:\Users\Pivson\AppData\Local\Temp\mDNSResponder.exe [390504 2022-07-21] (Apple Inc. -> Apple Inc.) <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3558388990-1469384061-1361614495-1001 -> DefaultScope {66D66BCB-2ED0-470F-809C-99606F8F8F39} URL =
SearchScopes: HKU\S-1-5-21-3558388990-1469384061-1361614495-1001 -> {66D66BCB-2ED0-470F-809C-99606F8F8F39} URL =
FirewallRules: [TCP Query User{737BD561-9705-4DEE-9BC6-D9C65A51244E}C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe => No File
FirewallRules: [UDP Query User{4794775C-1844-49BE-9CE9-F4C37572BBF2}C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe => No File
FirewallRules: [TCP Query User{E64222D0-7F2B-4D64-82F6-9B98206AB161}C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe] => (Allow) C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe => No File
FirewallRules: [UDP Query User{424FAEDA-1ABF-49F0-9374-C54EEAA5432B}C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe] => (Allow) C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe => No File
FirewallRules: [TCP Query User{69EB91DE-EA44-4370-83B6-085A195837D1}C:\users\pivson\appdata\local\temp\init_t.exe] => (Allow) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [UDP Query User{70509754-56AD-4D4E-8C16-EA27645D861C}C:\users\pivson\appdata\local\temp\init_t.exe] => (Allow) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [{B6B3180D-5E58-4012-B8FF-C0D9A70F962C}] => (Block) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [{34556977-0BF2-47C7-9114-4D1C0DC179DA}] => (Block) C:\users\pivson\appdata\local\temp\init_t.exe => No File
C:\Users\Pivson\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

pivak
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 úno 2008 12:52

Re: Problem Trojan Win32/Guloader

#5 Příspěvek od pivak »

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-08-2022
Ran by Pivson (25-09-2022 18:44:53) Run:1
Running from C:\Users\Pivson\Desktop
Loaded Profiles: Pivson
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Uninstall 22.166.0807.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\22.166.0807.0002" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Uninstall 22.171.0814.0004] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\22.171.0814.0004" (No File)
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\...\RunOnce: [Uninstall 22.176.0821.0003] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pivson\AppData\Local\Microsoft\OneDrive\22.176.0821.0003" (No File)
FF ProfilePath: C:\Users\Pivson\AppData\Roaming\Mozilla\Firefox\Profiles\pm5kfv63.default [not found] <==== ATTENTION
R2 Bonjour Service; C:\Users\Pivson\AppData\Local\Temp\mDNSResponder.exe [390504 2022-07-21] (Apple Inc. -> Apple Inc.) <==== ATTENTION
SearchScopes: HKU\S-1-5-21-3558388990-1469384061-1361614495-1001 -> DefaultScope {66D66BCB-2ED0-470F-809C-99606F8F8F39} URL =
SearchScopes: HKU\S-1-5-21-3558388990-1469384061-1361614495-1001 -> {66D66BCB-2ED0-470F-809C-99606F8F8F39} URL =
FirewallRules: [TCP Query User{737BD561-9705-4DEE-9BC6-D9C65A51244E}C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe => No File
FirewallRules: [UDP Query User{4794775C-1844-49BE-9CE9-F4C37572BBF2}C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe => No File
FirewallRules: [TCP Query User{E64222D0-7F2B-4D64-82F6-9B98206AB161}C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe] => (Allow) C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe => No File
FirewallRules: [UDP Query User{424FAEDA-1ABF-49F0-9374-C54EEAA5432B}C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe] => (Allow) C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe => No File
FirewallRules: [TCP Query User{69EB91DE-EA44-4370-83B6-085A195837D1}C:\users\pivson\appdata\local\temp\init_t.exe] => (Allow) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [UDP Query User{70509754-56AD-4D4E-8C16-EA27645D861C}C:\users\pivson\appdata\local\temp\init_t.exe] => (Allow) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [{B6B3180D-5E58-4012-B8FF-C0D9A70F962C}] => (Block) C:\users\pivson\appdata\local\temp\init_t.exe => No File
FirewallRules: [{34556977-0BF2-47C7-9114-4D1C0DC179DA}] => (Block) C:\users\pivson\appdata\local\temp\init_t.exe => No File
C:\Users\Pivson\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 22.166.0807.0002" => removed successfully
"HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 22.171.0814.0004" => removed successfully
"HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 22.176.0821.0003" => removed successfully
C:\Users\Pivson\AppData\Roaming\Mozilla\Firefox\Profiles\pm5kfv63.default => path removed successfully
Bonjour Service => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\Bonjour Service => removed successfully
Bonjour Service => service removed successfully
"HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-3558388990-1469384061-1361614495-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{66D66BCB-2ED0-470F-809C-99606F8F8F39} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{737BD561-9705-4DEE-9BC6-D9C65A51244E}C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4794775C-1844-49BE-9CE9-F4C37572BBF2}C:\program files (x86)\common files\oracle\java\javapath_target_90440578\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E64222D0-7F2B-4D64-82F6-9B98206AB161}C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{424FAEDA-1ABF-49F0-9374-C54EEAA5432B}C:\users\pivson\appdata\local\temp\_tc\ipscan utility.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{69EB91DE-EA44-4370-83B6-085A195837D1}C:\users\pivson\appdata\local\temp\init_t.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{70509754-56AD-4D4E-8C16-EA27645D861C}C:\users\pivson\appdata\local\temp\init_t.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6B3180D-5E58-4012-B8FF-C0D9A70F962C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34556977-0BF2-47C7-9114-4D1C0DC179DA}" => removed successfully
C:\Users\Pivson\AppData\Local\Temp => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31294690 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 56052217 B
Edge => 0 B
Firefox => 1166424568 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 11322 B
LocalService => 24194 B
NetworkService => 416026 B
Pivson => 13916986 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:45:26 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Problem Trojan Win32/Guloader

#6 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

pivak
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 13 úno 2008 12:52

Re: Problem Trojan Win32/Guloader

#7 Příspěvek od pivak »

Vypada to v poradku, posledni blokovana komunikace Trojanu byla pred tim FRST FIXem.
Diky moc.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Problem Trojan Win32/Guloader

#8 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno