Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

SSH pokus o login na router

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Uživatelský avatar
JardaB
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 11 lis 2005 16:19
Bydliště: Tábor
Kontaktovat uživatele:

SSH pokus o login na router

#1 Příspěvek od JardaB »

Tak od 10 března byl klid až dnes se objevil znovu SSH útok z vnitřní sítě na router čase 16:30 a 18:38 v trvání vždy asi 30 sec.

Celý log z routeru sem dávat nebudu , jen ukázku a poprosím o pomoc s identifikací aplikace na problémové stanici, která by to mohla způsobovat. Avast ani Avast po restartu nic nehlásí. Na stanici se používají obyklé aplikace ... Opera, Thunderbird, Adobe Reader, Word a Excel

Nepomohlo by vysledovat odchozí provoz z tohoto PC ?

Kód: Vybrat vše

Mar 23 16:32:12 Turris_JB sshd[20606]: Received disconnect from 192.168.2.104 port 64949:11:  [preauth]
Mar 23 16:32:12 Turris_JB sshd[20606]: Disconnected from 192.168.2.104 port 64949 [preauth]
Mar 23 16:32:25 Turris_JB sshd[20672]: Invalid user  from 192.168.2.104 port 64968
Mar 23 16:32:25 Turris_JB sshd[20672]: Failed none for invalid user  from 192.168.2.104 port 64968 ssh2
Mar 23 16:32:25 Turris_JB sshd[20672]: Received disconnect from 192.168.2.104 port 64968:11:  [preauth]
Mar 23 16:32:25 Turris_JB sshd[20672]: Disconnected from invalid user  192.168.2.104 port 64968 [preauth]
Mar 23 16:32:26 Turris_JB sshd[20676]: Invalid user admin from 192.168.2.104 port 64970
Mar 23 16:32:26 Turris_JB sshd[20676]: error: Could not get shadow information for NOUSER
Mar 23 16:32:26 Turris_JB sshd[20676]: Failed password for invalid user admin from 192.168.2.104 port 64970 ssh2
Mar 23 16:32:26 Turris_JB sshd[20676]: Received disconnect from 192.168.2.104 port 64970:11:  [preauth]
Mar 23 16:32:26 Turris_JB sshd[20676]: Disconnected from invalid user admin 192.168.2.104 port 64970 [preauth]
Mar 23 16:32:26 Turris_JB sshd[20678]: Failed password for root from 192.168.2.104 port 64971 ssh2
Mar 23 16:32:26 Turris_JB sshd[20678]: Received disconnect from 192.168.2.104 port 64971:11:  [preauth]
Mar 23 16:32:26 Turris_JB sshd[20678]: Disconnected from authenticating user root 192.168.2.104 port 64971 [preauth]
Mar 23 16:32:26 Turris_JB sshd[20680]: Invalid user sysadm from 192.168.2.104 port 64973
Mar 23 16:32:26 Turris_JB sshd[20680]: error: Could not get shadow information for NOUSER
Mar 23 16:32:26 Turris_JB sshd[20680]: Failed password for invalid user sysadm from 192.168.2.104 port 64973 ssh2
Mar 23 16:32:26 Turris_JB sshd[20680]: Received disconnect from 192.168.2.104 port 64973:11:  [preauth]
Mar 23 16:32:26 Turris_JB sshd[20680]: Disconnected from invalid user sysadm 192.168.2.104 port 64973 [preauth]
Mar 23 16:32:26 Turris_JB sshd[20682]: Invalid user user from 192.168.2.104 port 64974
Mar 23 16:32:26 Turris_JB sshd[20682]: error: Could not get shadow information for NOUSER
Mar 23 16:32:27 Turris_JB sshd[20682]: Failed password for invalid user user from 192.168.2.104 port 64974 ssh2
Mar 23 16:32:27 Turris_JB sshd[20682]: Received disconnect from 192.168.2.104 port 64974:11:  [preauth]
Mar 23 16:32:27 Turris_JB sshd[20682]: Disconnected from invalid user user 192.168.2.104 port 64974 [preauth]
Mar 23 16:32:27 Turris_JB sshd[20684]: Invalid user admin from 192.168.2.104 port 64975
Mar 23 16:32:27 Turris_JB sshd[20684]: error: Could not get shadow information for NOUSER
Mar 23 16:32:27 Turris_JB sshd[20684]: Failed password for invalid user admin from 192.168.2.104 port 64975 ssh
JardaB

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: SSH pokus o login na router

#2 Příspěvek od Rudy »

Zdravím!
Dejte logy FRST+Addition::

http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
JardaB
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 11 lis 2005 16:19
Bydliště: Tábor
Kontaktovat uživatele:

Re: SSH pokus o login na router

#3 Příspěvek od JardaB »

FRST
======================================
Tyto kroky jsme činili před 14 dny v tématu https://forum.viry.cz/viewtopic.php?t=159069

(Pro analýzu, pokud umíte poradit, by pomohlo spustit na tomto počítači log IP komunikace ... pak bychom zjistili, co je zdroj)

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-03-2023
Ran by admin (administrator) on POKOJ (24-03-2023 08:22:21)
Running from D:\Util\Antivir\FRST
Loaded Profiles: admin & Jiřina
Platform: Microsoft Windows 10 Home Version 22H2 19045.2728 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\SetPointP\Campaign\LogiCampaignNotifier.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1820.9.73.0_x64__8xx8rvfyw5nnt\app\Messenger.exe ->) 0 C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1820.9.73.0_x64__8xx8rvfyw5nnt\app\CrashpadHandlerWindows.exe
(C:\Users\Jiřina\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Jiřina\AppData\Local\Programs\Opera\96.0.4693.80\opera_crashreporter.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\Jiřina\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\72.0.3.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\72.0.3.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJBE.EXE
(explorer.exe ->) 0 C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1820.9.73.0_x64__8xx8rvfyw5nnt\app\Messenger.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Opera Norway AS -> Opera Software) C:\Users\Jiřina\AppData\Local\Programs\Opera\opera.exe <26>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4628.0_x64__8j3eq9eme6ctt\IGCC.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3138560 2023-01-11] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [220056 2023-03-10] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11327200 2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp (No File)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\72.0.3.0\GoogleDriveFS.exe [52902680 2023-03-21] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\72.0.3.0\GoogleDriveFS.exe [52902680 2023-03-21] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4216665273-3776275124-125719893-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\72.0.3.0\GoogleDriveFS.exe [52902680 2023-03-21] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4216665273-3776275124-125719893-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\jirin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-4216665273-3776275124-125719893-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\jirin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-4216665273-3776275124-125719893-1001\...\RunOnce: [Uninstall 23.028.0205.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jirin\AppData\Local\Microsoft\OneDrive\23.028.0205.0002" (No File)
HKU\S-1-5-21-4216665273-3776275124-125719893-1002\...\Run: [Opera Stable] => C:\Users\Jiřina\AppData\Local\Programs\Opera\launcher.exe [2700696 2023-03-15] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-4216665273-3776275124-125719893-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\72.0.3.0\GoogleDriveFS.exe [52902680 2023-03-21] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4216665273-3776275124-125719893-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7475664 2023-03-21] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4216665273-3776275124-125719893-1002\...\Run: [Avast Browser] => C:\Users\Jiřina\AppData\Local\AVAST Software\Browser\Update\1.8.1579.3\AvastBrowserUpdateCore.exe [507752 2023-02-22] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-4216665273-3776275124-125719893-1002\...\Run: [f.lux] => C:\Users\Jiřina\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-18] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-4216665273-3776275124-125719893-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJBE.EXE [283232 2012-02-29] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4216665273-3776275124-125719893-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [154624 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\72.0.3.0\GoogleDriveFS.exe [52902680 2023-03-21] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\...\Print\Monitors\EPSON XP-700 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMJBE.DLL [120320 2011-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\111.0.5563.110\Installer\chrmstp.exe [2023-03-22] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15FF5E87-898B-490F-B81C-30C9A7E4966E} - System32\Tasks\AvastUpdateTaskUserS-1-5-21-4216665273-3776275124-125719893-1002Core => C:\Users\Jiřina\AppData\Local\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-02-22] (Avast Software s.r.o. -> AVAST Software)
Task: {1ADC90E7-3CD6-4077-A042-AAA23B641F02} - System32\Tasks\Opera scheduled Autoupdate 1677071222 => C:\Users\Jiřina\AppData\Local\Programs\Opera\launcher.exe [2700696 2023-03-15] (Opera Norway AS -> Opera Software)
Task: {25B1FB34-5528-4AAD-BD71-12B5C383AC1D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.)
Task: {5C006CB7-AAB8-4618-B0D3-C3E7C93354FA} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) S-1-5-21-4216665273-3776275124-125719893-1002 => C:\Users\Jiřina\AppData\Local\AVAST Software\Browser\Application\AvastBrowser.exe [3365808 2023-03-16] (Avast Software s.r.o. -> AVAST Software)
Task: {9C59DC44-3D02-46D2-BFA9-DC52A6B70177} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-02-22] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A6916886-708B-4D61-9DAE-54CCCB3E3A91} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2295192 2023-02-22] (Avast Software s.r.o. -> Avast Software)
Task: {BC35AFEF-902D-4289-B7B9-EFC87DE713D4} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Jiřina\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-03-07] (ESET, spol. s r.o. -> ESET)
Task: {CDECD56C-487D-43EC-8847-2398DE7F12BF} - System32\Tasks\AvastUpdateTaskUserS-1-5-21-4216665273-3776275124-125719893-1002UA => C:\Users\Jiřina\AppData\Local\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-02-22] (Avast Software s.r.o. -> AVAST Software)
Task: {DBEEB474-8628-4321-BE22-2306DAE9BB8E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-02-22] (Dropbox, Inc -> Dropbox, Inc.)
Task: {DC1B1AC7-092B-48C9-9505-1FEB1E9022AA} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-4216665273-3776275124-125719893-1002 => C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1820.9.73.0_x64__8xx8rvfyw5nnt\app\MessengerHelper.exe [2158328 2023-03-15] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {ECDDB716-8293-44B5-BC7E-FE7DBCB3F003} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Jiřina\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2023-03-07] (ESET, spol. s r.o. -> ESET)
Task: {F22242A6-C6FC-45BE-84D9-4383F1F37E4C} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5000600 2023-03-10] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7bb4ccdb-8644-435d-98fc-3d0effb41184}: [DhcpNameServer] 192.168.2.1

Edge: 
=======
Edge Profile: C:\Users\jirin\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-06]
Edge Extension: (Edge relevant text changes) - C:\Users\jirin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-02-23]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2023-02-22] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-03-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google Inc -> Google, Inc.)
FF Plugin HKU\S-1-5-21-4216665273-3776275124-125719893-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2018-12-13] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4216665273-3776275124-125719893-1002: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Users\Jiřina\AppData\Local\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2023-02-22] (Avast Software s.r.o. -> AVAST Software)
FF Plugin HKU\S-1-5-21-4216665273-3776275124-125719893-1002: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Users\Jiřina\AppData\Local\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [2023-02-22] (Avast Software s.r.o. -> AVAST Software)

Chrome: 
=======
CHR Profile: C:\Users\jirin\AppData\Local\Google\Chrome\User Data\Default [2023-03-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\jirin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-22]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\jirin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-02-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jirin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-02-22]
CHR HKU\S-1-5-21-4216665273-3776275124-125719893-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-4216665273-3776275124-125719893-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-02-01] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8905624 2023-03-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [583064 2023-03-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [583576 2023-03-10] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-02-22] (Avast Software s.r.o. -> AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-02-22] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-02-22] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-22] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31424 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [231808 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391856 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297880 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2023-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [268480 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [557136 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80416 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [941928 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [699624 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212640 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319056 2023-03-10] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [35712 2023-02-23] (北京铠信神州科技有限责任公司 -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2023-02-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [473336 2023-02-22] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-18 13:15 - 2023-03-23 20:39 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-03-15 10:11 - 2023-03-15 10:12 - 000000000 ___HD C:\$WinREAgent
2023-03-10 09:29 - 2023-03-10 09:29 - 000308120 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-03-10 09:03 - 2023-03-24 08:22 - 000000000 ____D C:\FRST
2023-03-09 14:31 - 2023-03-09 14:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-03-07 09:53 - 2023-03-07 09:53 - 000003840 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2023-03-07 09:53 - 2023-03-07 09:53 - 000003398 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2023-03-07 09:26 - 2023-03-07 09:26 - 000001574 _____ C:\Users\jirin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-03-07 09:26 - 2023-03-07 09:26 - 000000000 ____D C:\Users\jirin\AppData\Local\ESET
2023-03-07 09:25 - 2023-03-07 09:25 - 000001385 _____ C:\Users\Jiřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-03-07 09:25 - 2023-03-07 09:25 - 000000000 ____D C:\Users\Jiřina\AppData\Local\ESET
2023-03-05 14:27 - 2023-03-05 14:27 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Microsoft Help
2023-03-05 12:05 - 2023-03-05 12:05 - 000067736 _____ C:\Users\Jiřina\AppData\Local\GDIPFONTCACHEV1.DAT
2023-03-04 16:54 - 2023-03-04 16:54 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2023-02-25 20:12 - 2023-02-25 20:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Meta
2023-02-24 18:06 - 2023-03-23 17:25 - 000000000 ____D C:\Users\Jiřina\AppData\LocalLow\Temp
2023-02-23 18:10 - 2023-02-23 18:10 - 000000000 ____D C:\Users\jirin\AppData\Roaming\vlc
2023-02-23 14:43 - 2023-02-23 14:43 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2023-02-23 13:07 - 2023-02-23 13:07 - 000785920 _____ C:\WINDOWS\system32\nb-fre.exe
2023-02-23 13:07 - 2023-02-23 13:07 - 000035712 _____ C:\WINDOWS\system32\MDA_NTDRV.sys
2023-02-23 13:04 - 2023-02-23 13:04 - 009184018 _____ C:\Users\jirin\Downloads\portable_free.zip
2023-02-23 11:34 - 2023-02-24 17:08 - 000000000 ____D C:\ProgramData\EPSON
2023-02-23 11:34 - 2023-02-23 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2023-02-23 11:34 - 2023-02-23 11:34 - 000000000 ____D C:\Program Files\Common Files\EPSON
2023-02-23 11:34 - 2011-04-20 03:03 - 000120320 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMJBE.DLL
2023-02-23 11:34 - 2011-03-15 03:03 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BJBE.DLL
2023-02-23 11:34 - 2007-04-10 01:06 - 000010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2023-02-23 11:29 - 2023-02-23 11:29 - 000032493 _____ C:\Users\Jiřina\Downloads\contacts (1).csv
2023-02-23 11:28 - 2023-02-23 11:28 - 000035043 _____ C:\Users\Jiřina\Downloads\contacts.csv
2023-02-23 09:30 - 2023-02-23 09:30 - 000976768 _____ C:\Users\Jiřina\Downloads\NavodPortalObcana_v2.pdf
2023-02-22 19:08 - 2023-02-22 19:08 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-02-22 19:08 - 2023-02-22 19:08 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-02-22 19:08 - 2023-02-22 19:08 - 000000000 ____D C:\Program Files\MSBuild
2023-02-22 19:08 - 2023-02-22 19:08 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-02-22 19:08 - 2023-02-22 19:08 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-02-22 18:32 - 2023-02-22 18:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2023-02-22 18:30 - 2023-02-22 18:30 - 000000000 ____D C:\Users\jirin\AppData\Roaming\Opera Software
2023-02-22 17:39 - 2023-02-22 18:32 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2023-02-22 17:36 - 2023-02-22 17:36 - 000002167 _____ C:\Users\Jiřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2023-02-22 17:36 - 2023-02-22 17:36 - 000000000 ____D C:\Users\Jiřina\AppData\Local\FluxSoftware
2023-02-22 17:10 - 2023-02-22 17:10 - 000000000 ____D C:\Users\jirin\AppData\Local\Avast Software
2023-02-22 17:03 - 2023-02-22 18:59 - 000000000 ____D C:\UTIL
2023-02-22 16:52 - 2023-02-23 14:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Works
2023-02-22 16:52 - 2023-02-22 16:52 - 000000000 ____D C:\WINDOWS\PCHEALTH
2023-02-22 16:52 - 2023-02-22 16:52 - 000000000 ____D C:\Users\jirin\AppData\Roaming\com.adobe.dunamis
2023-02-22 16:52 - 2023-02-22 16:52 - 000000000 ____D C:\Users\jirin\AppData\LocalLow\Adobe
2023-02-22 16:52 - 2023-02-22 16:52 - 000000000 ____D C:\Users\jirin\AppData\Local\SolidDocuments
2023-02-22 16:52 - 2023-02-22 16:52 - 000000000 ____D C:\Users\jirin\.ms-ad
2023-02-22 16:52 - 2023-02-22 16:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2023-02-22 16:52 - 2023-02-22 16:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2023-02-22 16:51 - 2023-02-24 11:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-02-22 16:51 - 2023-02-22 16:51 - 000000000 ____D C:\WINDOWS\SHELLNEW
2023-02-22 16:51 - 2023-02-22 16:51 - 000000000 ____D C:\Users\jirin\AppData\Local\Microsoft Help
2023-02-22 16:51 - 2023-02-22 16:51 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-22 16:41 - 2023-02-22 16:41 - 000000000 ____D C:\Users\jirin\AppData\Roaming\Avast Software
2023-02-22 16:41 - 2023-02-22 16:41 - 000000000 ____D C:\Users\jirin\AppData\Local\Apps\2.0
2023-02-22 16:40 - 2023-02-22 16:40 - 000000000 ____D C:\Users\jirin\AppData\Roaming\Logitech
2023-02-22 16:40 - 2023-02-22 16:40 - 000000000 ____D C:\Users\jirin\AppData\Local\CEF
2023-02-22 16:26 - 2023-03-23 20:54 - 000000000 ____D C:\Users\Jiřina\AppData\Local\CrashDumps
2023-02-22 16:26 - 2023-03-23 11:08 - 000002706 _____ C:\Users\Jiřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2023-02-22 16:26 - 2023-02-22 16:26 - 000004068 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) S-1-5-21-4216665273-3776275124-125719893-1002
2023-02-22 16:25 - 2023-02-22 16:25 - 000003772 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskUserS-1-5-21-4216665273-3776275124-125719893-1002UA
2023-02-22 16:25 - 2023-02-22 16:25 - 000003504 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskUserS-1-5-21-4216665273-3776275124-125719893-1002Core
2023-02-22 16:25 - 2023-02-22 16:25 - 000002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2023-02-22 16:25 - 2023-02-22 16:25 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\Avast Software
2023-02-22 16:25 - 2023-02-22 16:25 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Avast Software
2023-02-22 16:24 - 2023-03-19 07:51 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-02-22 16:24 - 2023-02-27 15:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-02-22 16:24 - 2023-02-22 16:24 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2023-02-22 16:23 - 2023-03-23 20:39 - 000000000 ____D C:\ProgramData\Avast Software
2023-02-22 16:23 - 2023-02-22 16:23 - 000000000 ____D C:\Program Files\Avast Software
2023-02-22 15:56 - 2023-03-02 19:20 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\vlc
2023-02-22 15:56 - 2023-02-22 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2023-02-22 15:55 - 2023-02-22 15:55 - 000000000 ____D C:\Program Files\VideoLAN
2023-02-22 15:51 - 2023-02-22 15:51 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\com.adobe.dunamis
2023-02-22 15:48 - 2023-03-24 08:19 - 000004192 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{243D5F1A-F889-41F7-9AAF-D3A1E7C59EBC}
2023-02-22 15:47 - 2023-02-22 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2023-02-22 15:21 - 2023-02-22 15:22 - 000000000 ___RD C:\Users\Jiřina\Dropbox
2023-02-22 15:15 - 2023-03-22 17:34 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-02-22 15:13 - 2023-03-22 17:34 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-02-22 15:13 - 2023-02-22 15:13 - 000000000 ____D C:\Users\Jiřina\AppData\LocalLow\Adobe
2023-02-22 15:13 - 2023-02-22 15:13 - 000000000 ____D C:\Users\Jiřina\AppData\Local\SolidDocuments
2023-02-22 15:13 - 2023-02-22 15:13 - 000000000 ____D C:\Users\Jiřina\.ms-ad
2023-02-22 15:12 - 2023-02-22 15:13 - 000000000 ____D C:\ProgramData\Adobe
2023-02-22 15:12 - 2023-02-22 15:12 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-02-22 15:12 - 2023-02-22 15:12 - 000000000 ____D C:\Program Files\Adobe
2023-02-22 15:10 - 2023-02-22 16:52 - 000000000 ____D C:\Users\jirin\AppData\Local\Adobe
2023-02-22 15:10 - 2023-02-22 15:51 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Adobe
2023-02-22 15:09 - 2023-02-22 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2023-02-22 15:09 - 2023-02-22 15:09 - 000000000 ____D C:\Program Files\Tracker Software
2023-02-22 14:55 - 2023-03-23 20:39 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\DropboxElectron
2023-02-22 14:54 - 2023-03-23 20:39 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Dropbox
2023-02-22 14:54 - 2023-03-09 14:31 - 000000000 ____D C:\Program Files (x86)\Dropbox
2023-02-22 14:54 - 2023-03-06 09:38 - 000000000 ____D C:\Users\jirin\AppData\Local\Dropbox
2023-02-22 14:54 - 2023-03-01 10:29 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2023-02-22 14:54 - 2023-03-01 10:29 - 000000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2023-02-22 14:54 - 2023-03-01 07:55 - 000003978 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2023-02-22 14:54 - 2023-03-01 07:55 - 000003746 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2023-02-22 14:54 - 2023-02-22 14:54 - 000000000 ____D C:\Users\jirin\AppData\Roaming\Dropbox
2023-02-22 14:54 - 2023-02-22 14:54 - 000000000 ____D C:\ProgramData\Dropbox
2023-02-22 14:45 - 2023-03-21 16:19 - 000002063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-02-22 14:45 - 2023-02-22 18:43 - 000000000 ____D C:\Users\jirin\AppData\Local\Google
2023-02-22 14:45 - 2023-02-22 14:45 - 000000000 ____D C:\Users\Jiřina\AppData\Local\CEF
2023-02-22 14:31 - 2023-03-23 21:21 - 000000000 ____D C:\Users\Jiřina\AppData\LocalLow\Mozilla
2023-02-22 14:31 - 2023-03-23 20:59 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-22 14:31 - 2023-02-22 14:31 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\Thunderbird
2023-02-22 14:31 - 2023-02-22 14:31 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\Mozilla
2023-02-22 14:31 - 2023-02-22 14:31 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Thunderbird
2023-02-22 14:29 - 2023-03-23 20:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-22 14:29 - 2023-03-19 18:28 - 000001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-02-22 14:22 - 2023-03-23 20:27 - 000000000 ____D C:\Users\Jiřina\AppData\Local\PasswordSafe
2023-02-22 14:20 - 2023-02-22 14:20 - 000000000 ____D C:\Users\Jiřina\AppData\Local\OneDrive
2023-02-22 14:07 - 2023-03-20 12:34 - 000004154 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1677071222
2023-02-22 14:07 - 2023-03-20 12:34 - 000001474 _____ C:\Users\Jiřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2023-02-22 14:07 - 2023-02-22 14:07 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Opera Software
2023-02-22 14:06 - 2023-02-22 14:06 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\Opera Software
2023-02-22 14:01 - 2023-02-22 14:01 - 000000000 __RHD C:\MSOCache
2023-02-22 13:43 - 2023-03-23 20:50 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-22 13:43 - 2023-03-22 14:44 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-22 13:43 - 2023-02-22 15:47 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Google
2023-02-22 13:43 - 2023-02-22 14:45 - 000000000 ____D C:\Program Files\Google
2023-02-22 13:41 - 2023-02-22 16:55 - 000000000 ____D C:\Users\Jiřina\AppData\Local\GHISLER
2023-02-22 13:39 - 2023-02-22 18:30 - 000000000 ____D C:\Users\jirin\AppData\Local\GHISLER
2023-02-22 12:53 - 2023-02-22 13:39 - 000000000 ____D C:\Program Files\totalcmd
2023-02-22 12:53 - 2023-02-22 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2023-02-22 12:45 - 2023-02-22 12:45 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2023-02-22 12:45 - 2023-02-22 12:45 - 000000000 ____D C:\Users\jirin\AppData\Roaming\Logishrd
2023-02-22 12:45 - 2023-02-22 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2023-02-22 12:45 - 2023-02-22 12:45 - 000000000 ____D C:\ProgramData\Logitech
2023-02-22 12:45 - 2023-02-22 12:45 - 000000000 ____D C:\ProgramData\Logishrd
2023-02-22 12:45 - 2023-02-22 12:45 - 000000000 ____D C:\Program Files\Logitech
2023-02-22 12:45 - 2023-02-22 12:45 - 000000000 ____D C:\Program Files\Common Files\Logishrd
2023-02-22 12:44 - 2023-02-22 12:45 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\Logitech
2023-02-22 12:44 - 2023-02-22 12:44 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\Logishrd
2023-02-22 12:26 - 2023-02-22 12:26 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2023-02-22 12:26 - 2023-02-22 12:26 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2023-02-22 12:26 - 2023-02-22 12:26 - 000000000 ____D C:\WINDOWS\system32\DAX2
2023-02-22 12:26 - 2023-02-22 12:26 - 000000000 ____D C:\Program Files\Realtek
2023-02-22 12:25 - 2016-06-07 05:48 - 003299824 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2023-02-22 12:25 - 2016-06-07 05:48 - 002190992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2023-02-22 12:25 - 2016-06-07 05:48 - 001336544 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2023-02-22 12:25 - 2016-06-07 05:48 - 000962056 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2023-02-22 12:25 - 2016-06-07 05:48 - 000873464 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2023-02-22 12:25 - 2016-06-07 05:48 - 000582016 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2023-02-22 12:25 - 2016-06-07 05:48 - 000447104 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2023-02-22 12:25 - 2016-06-07 05:48 - 000075544 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 002706864 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 002203752 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 001041744 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 000467160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 000381416 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 000341160 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 000341160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 000221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 000209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 000166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2023-02-22 12:25 - 2016-06-07 05:47 - 000158704 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 003283248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000965032 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000927424 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000716112 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000589072 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2023-02-22 12:25 - 2016-06-07 05:46 - 000450128 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000192992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2023-02-22 12:25 - 2016-06-07 05:46 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 006402440 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV3apo.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 005593624 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 003096248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 002726416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 001355616 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 000447728 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 000321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 000321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 000151792 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 000134208 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2023-02-22 12:25 - 2016-06-07 05:45 - 000084624 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2023-02-22 12:25 - 2016-06-07 05:44 - 013122584 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2023-02-22 12:25 - 2016-06-07 05:44 - 012988352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2023-02-22 12:25 - 2016-06-07 05:44 - 000923744 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2023-02-22 12:25 - 2016-06-07 05:44 - 000677680 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2023-02-22 12:25 - 2016-06-07 05:43 - 001334384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2023-02-22 12:25 - 2016-06-07 05:43 - 000999864 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2023-02-22 12:25 - 2016-06-07 05:41 - 002825104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2023-02-22 12:25 - 2016-06-07 05:41 - 001422936 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2023-02-22 12:25 - 2016-06-07 05:41 - 001213664 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2023-02-22 12:25 - 2016-06-07 05:41 - 000678192 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2023-02-22 12:25 - 2016-06-07 05:41 - 000330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2023-02-22 12:25 - 2016-06-07 05:40 - 010512448 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2023-02-22 12:25 - 2016-06-07 05:40 - 000618192 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2023-02-22 12:25 - 2016-06-07 05:40 - 000472312 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2023-02-22 12:25 - 2016-06-07 05:40 - 000366128 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2023-02-22 12:25 - 2016-06-07 05:40 - 000360352 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2023-02-22 12:25 - 2016-06-07 05:40 - 000203848 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2023-02-22 12:25 - 2016-06-07 05:40 - 000190936 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2023-02-22 12:25 - 2016-06-07 05:40 - 000190936 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2023-02-22 12:25 - 2016-06-07 05:40 - 000179600 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 005339560 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 002437760 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 001508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000727440 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000708320 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000514528 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000500560 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000445408 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000428232 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000253872 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2023-02-22 12:25 - 2016-06-07 05:39 - 000252880 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2023-02-22 12:25 - 2016-06-07 05:38 - 001965816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2023-02-22 12:25 - 2016-06-07 05:38 - 001959608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2023-02-22 12:25 - 2016-06-07 05:38 - 001608128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2023-02-22 12:25 - 2016-06-07 05:38 - 000574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2023-02-22 12:25 - 2016-06-07 05:38 - 000362064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2023-02-22 12:25 - 2016-06-07 05:38 - 000327464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2023-02-22 12:25 - 2016-06-07 05:38 - 000310432 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2023-02-22 12:25 - 2016-06-07 05:38 - 000272720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2023-02-22 12:25 - 2016-06-07 05:38 - 000118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2023-02-22 12:25 - 2016-06-07 05:30 - 003199744 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2023-02-22 12:25 - 2016-06-07 05:30 - 002895104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2023-02-22 12:25 - 2016-06-07 05:30 - 000023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2023-02-22 12:25 - 2016-06-07 05:29 - 002060032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2023-02-22 12:25 - 2016-06-07 05:28 - 014057256 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2023-02-22 12:25 - 2016-06-07 05:28 - 007172920 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2023-02-22 12:25 - 2016-06-07 05:28 - 001003864 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2023-02-22 12:25 - 2016-06-07 05:27 - 006264640 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2023-02-22 12:25 - 2016-06-07 05:27 - 002050176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2023-02-22 12:25 - 2016-06-07 05:27 - 001186824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2023-02-22 12:25 - 2016-06-07 05:27 - 001061120 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2023-02-22 12:25 - 2016-06-07 05:27 - 000931624 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2023-02-22 12:25 - 2016-06-07 05:27 - 000416512 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2023-02-22 12:25 - 2016-06-07 05:27 - 000371456 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2023-02-22 12:25 - 2016-06-07 05:27 - 000154368 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2023-02-22 12:25 - 2016-06-07 05:26 - 007096192 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2023-02-22 12:25 - 2016-06-07 05:26 - 000122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2023-02-22 12:25 - 2016-06-07 05:26 - 000118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2023-02-22 12:25 - 2016-06-07 05:26 - 000105312 _____ C:\WINDOWS\system32\audioLibVc.dll
2023-02-22 12:25 - 2016-06-07 05:19 - 005776968 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2023-02-22 12:25 - 2016-06-07 05:19 - 003282544 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2023-02-22 12:25 - 2016-06-07 05:19 - 001780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2023-02-22 12:25 - 2016-06-07 05:19 - 001591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2023-02-22 12:25 - 2016-06-07 05:19 - 001435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2023-02-22 12:25 - 2016-06-07 05:19 - 001382240 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2023-02-22 12:25 - 2016-06-07 05:19 - 001166160 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2023-02-22 12:25 - 2016-06-07 05:19 - 000532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2023-02-22 12:25 - 2016-06-07 05:19 - 000231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2023-02-22 12:25 - 2016-06-07 05:16 - 005118208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2023-02-22 12:25 - 2016-06-07 05:16 - 002110600 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2023-02-22 12:25 - 2016-06-07 05:16 - 000258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2023-02-22 12:16 - 2023-02-22 12:16 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Comms
2023-02-22 12:14 - 2023-03-09 14:33 - 000000000 ____D C:\Users\Jiřina\AppData\Local\D3DSCache
2023-02-22 12:14 - 2023-02-25 20:11 - 000000000 ____D C:\Users\Jiřina\AppData\Local\PlaceholderTileLogoFolder
2023-02-22 12:14 - 2023-02-22 14:48 - 000000000 ___RD C:\Users\Jiřina\OneDrive
2023-02-22 12:13 - 2023-02-22 12:31 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Publishers
2023-02-22 12:12 - 2023-03-23 20:39 - 000000000 __SHD C:\Users\Jiřina\IntelGraphicsProfiles
2023-02-22 12:12 - 2023-03-07 06:59 - 000000000 ____D C:\Users\Jiřina
2023-02-22 12:12 - 2023-02-25 20:11 - 000000000 ____D C:\Users\Jiřina\AppData\Local\Packages
2023-02-22 12:12 - 2023-02-22 15:32 - 000000000 ____D C:\Users\Jiřina\AppData\Local\VirtualStore
2023-02-22 12:12 - 2023-02-22 15:13 - 000000000 ____D C:\Users\Jiřina\AppData\Roaming\Adobe
2023-02-22 12:12 - 2023-02-22 12:30 - 000000000 ____D C:\Users\Jiřina\AppData\Local\ConnectedDevicesPlatform
2023-02-22 12:12 - 2023-02-22 12:12 - 000000020 ___SH C:\Users\Jiřina\ntuser.ini
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\Šablony
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\Soubory cookie
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\Poslední
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\Okolní tiskárny
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\Okolní síť
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\Nabídka Start
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\Dokumenty
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\Data aplikací
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 _SHDL C:\Users\Jiřina\AppData\Local\Data aplikací
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 ___RD C:\Users\Jiřina\3D Objects
2023-02-22 12:12 - 2023-02-22 12:12 - 000000000 ____D C:\Users\Jiřina\AppData\LocalLow\Intel
2023-02-22 11:57 - 2023-02-22 11:58 - 000004643 _____ C:\WINDOWS\diagerr.xml
2023-02-22 11:57 - 2023-02-22 11:58 - 000003813 _____ C:\WINDOWS\diagwrn.xml
2023-02-22 11:57 - 2023-02-22 11:57 - 000000000 ____D C:\Users\jirin\AppData\Local\Microsoft_Corporation
2023-02-22 11:39 - 2023-02-22 11:39 - 000000000 ____D C:\Users\jirin\AppData\Local\Comms
2023-02-22 11:34 - 2023-03-15 10:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-02-22 11:34 - 2023-02-22 11:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-02-22 11:28 - 2023-02-22 11:28 - 000000000 ____D C:\Users\jirin\AppData\Local\OneDrive
2023-02-22 11:26 - 2023-02-22 18:36 - 000000000 ____D C:\Users\jirin\AppData\Local\D3DSCache
2023-02-22 11:24 - 2023-03-06 09:38 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4216665273-3776275124-125719893-1001
2023-02-22 11:24 - 2023-03-06 09:38 - 000003358 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4216665273-3776275124-125719893-1001
2023-02-22 11:24 - 2023-02-27 16:40 - 000000000 ___RD C:\Users\jirin\OneDrive
2023-02-22 11:24 - 2023-02-22 19:06 - 000000000 ____D C:\Users\jirin\AppData\Local\PlaceholderTileLogoFolder
2023-02-22 11:24 - 2023-02-22 12:31 - 000000000 ___HD C:\OneDriveTemp
2023-02-22 11:24 - 2023-02-22 11:24 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-02-22 11:23 - 2023-02-22 16:52 - 000000000 ____D C:\Users\jirin\AppData\Roaming\Adobe
2023-02-22 11:23 - 2023-02-22 12:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-02-22 11:23 - 2023-02-22 11:39 - 000000000 ____D C:\Users\jirin\AppData\Local\Publishers
2023-02-22 11:23 - 2023-02-22 11:23 - 000000000 ___RD C:\Users\jirin\3D Objects
2023-02-22 11:23 - 2023-02-22 11:23 - 000000000 ____D C:\Users\jirin\AppData\LocalLow\Intel
2023-02-22 11:22 - 2023-03-06 09:38 - 000000000 ____D C:\Users\jirin\AppData\Local\Packages
2023-02-22 11:22 - 2023-02-22 12:21 - 000000000 ____D C:\Users\jirin\AppData\Local\ConnectedDevicesPlatform
2023-02-22 11:22 - 2023-02-22 12:04 - 000000000 __SHD C:\Users\jirin\IntelGraphicsProfiles
2023-02-22 11:22 - 2023-02-22 11:22 - 000000000 ____D C:\Users\jirin\AppData\Local\VirtualStore
2023-02-22 11:21 - 2023-03-23 20:46 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-22 11:21 - 2023-03-23 20:39 - 000000000 ____D C:\Intel
2023-02-22 11:21 - 2023-02-26 15:33 - 000000000 ____D C:\ProgramData\Packages
2023-02-22 11:21 - 2023-02-22 12:03 - 000000000 ____D C:\ProgramData\Intel
2023-02-22 11:21 - 2023-02-22 11:21 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2023-02-22 11:20 - 2023-03-07 06:59 - 000000000 ____D C:\Users\jirin
2023-02-22 11:20 - 2023-03-06 09:38 - 000002383 _____ C:\Users\jirin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-22 11:20 - 2023-02-22 11:20 - 000000020 ___SH C:\Users\jirin\ntuser.ini
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\Šablony
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\Soubory cookie
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\Poslední
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\Okolní tiskárny
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\Okolní síť
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\Nabídka Start
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\Dokumenty
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\Data aplikací
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2023-02-22 11:20 - 2023-02-22 11:20 - 000000000 _SHDL C:\Users\jirin\AppData\Local\Data aplikací
2023-02-22 11:19 - 2022-08-16 01:00 - 000514552 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2023-02-22 11:19 - 2022-08-16 01:00 - 000455176 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2023-02-22 11:19 - 2022-08-16 00:59 - 000948464 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2023-02-22 11:19 - 2022-08-16 00:59 - 000709280 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2023-02-22 11:19 - 2022-08-16 00:59 - 000594184 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2023-02-22 11:19 - 2022-08-16 00:59 - 000454448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2023-02-22 11:19 - 2022-08-16 00:58 - 001969712 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-02-22 11:19 - 2022-08-16 00:58 - 001969712 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-02-22 11:19 - 2022-08-16 00:58 - 001526320 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-02-22 11:19 - 2022-08-16 00:58 - 001526320 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-02-22 11:19 - 2022-08-16 00:58 - 001432304 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-02-22 11:19 - 2022-08-16 00:58 - 001432304 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-02-22 11:19 - 2022-08-16 00:58 - 001145584 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-02-22 11:19 - 2022-08-16 00:58 - 001145584 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\Šablony
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\Poslední
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\Okolní síť
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\Dokumenty
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\Data aplikací
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\ProgramData\Šablony
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\ProgramData\Plocha
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\ProgramData\Dokumenty
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\ProgramData\Data aplikací
2023-02-22 11:15 - 2023-02-22 11:15 - 000000000 _SHDL C:\Documents and Settings
2023-02-22 11:14 - 2023-03-24 08:17 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-22 11:14 - 2023-03-24 08:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-22 11:14 - 2023-03-23 20:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-22 11:14 - 2023-03-22 17:23 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-22 11:14 - 2023-03-22 17:23 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-22 11:14 - 2023-02-22 12:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-22 11:14 - 2023-02-22 11:14 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2023-02-22 11:14 - 2023-02-22 11:14 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-02-22 11:13 - 2023-03-23 20:39 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-22 11:13 - 2023-03-15 10:20 - 000351616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-02-22 11:13 - 2023-02-24 17:23 - 000000000 ____D C:\WINDOWS\Panther

==================== Three months (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-24 08:17 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-03-24 08:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-03-24 08:17 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-03-23 20:46 - 2019-12-07 15:41 - 000716764 _____ C:\WINDOWS\system32\perfh005.dat
2023-03-23 20:46 - 2019-12-07 15:41 - 000144942 _____ C:\WINDOWS\system32\perfc005.dat
2023-03-23 20:46 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-03-23 20:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-03-23 20:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-03-23 20:27 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-03-15 10:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-03-15 10:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-03-15 10:17 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-03-13 14:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-03-10 09:29 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-27 16:12 - 2022-09-08 04:06 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe
2023-02-27 16:12 - 2019-12-07 10:09 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll
2023-02-23 14:43 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-02-23 08:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2023-02-22 19:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-02-22 19:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-02-22 15:37 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-22 15:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-22 12:29 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-02-22 12:24 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-02-22 12:00 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-02-22 11:59 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemApps
2023-02-22 11:59 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-02-22 11:59 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-22 11:59 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-02-22 11:58 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-02-22 11:46 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-02-22 11:46 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-02-22 11:45 - 2019-12-07 15:43 - 000000000 ____D C:\WINDOWS\OCR
2023-02-22 11:44 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2023-02-22 11:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-02-22 11:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-02-22 11:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-02-22 11:15 - 2019-12-07 15:42 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-02-22 11:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2023-02-22 11:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2023-02-22 11:15 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows NT
2023-02-22 11:14 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

==================== SigCheckExt =========================

2023-02-23 13:07 - 2023-02-23 13:07 - 000785920 _____ C:\WINDOWS\system32\nb-fre.exe
2006-10-26 13:45 - 2006-10-26 13:45 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WISPTIS.EXE

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {745d5c10-b2a0-11ed-9936-806e6f6e6963}
                        {9e796a90-b2cd-11ed-9939-806e6f6e6963}
                        {745d5c0f-b2a0-11ed-9936-806e6f6e6963}
                        {745d5c0e-b2a0-11ed-9936-806e6f6e6963}
                        {ce575be8-bf1d-11ed-9944-806e6f6e6963}
                        {ce575be9-bf1d-11ed-9944-806e6f6e6963}
                        {ce575bea-bf1d-11ed-9944-806e6f6e6963}
timeout                 1

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume4
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  cs-CZ
inherit                 {globalsettings}
default                 {current}
resumeobject            {d16945d9-b29f-11ed-9935-d017c28901ad}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {745d5c0e-b2a0-11ed-9936-806e6f6e6963}
description             CD/DVD Drive

Firmware Application (101fffff)
-------------------------------
identifier              {745d5c0f-b2a0-11ed-9936-806e6f6e6963}
description             Hard Drive

Firmware Application (101fffff)
-------------------------------
identifier              {745d5c10-b2a0-11ed-9936-806e6f6e6963}
device                  partition=\Device\HarddiskVolume4
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             UEFI: IP4 Realtek PCIe GBE Family Controller

Firmware Application (101fffff)
-------------------------------
identifier              {9e796a90-b2cd-11ed-9939-806e6f6e6963}
description             UEFI: IP6 Realtek PCIe GBE Family Controller

Firmware Application (101fffff)
-------------------------------
identifier              {ce575be8-bf1d-11ed-9944-806e6f6e6963}
description             UEFI:CD/DVD Drive

Firmware Application (101fffff)
-------------------------------
identifier              {ce575be9-bf1d-11ed-9944-806e6f6e6963}
description             UEFI:Removable Device

Firmware Application (101fffff)
-------------------------------
identifier              {ce575bea-bf1d-11ed-9944-806e6f6e6963}
description             UEFI:Network Device

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  cs-CZ
inherit                 {bootloadersettings}
recoverysequence        {d172ceb0-b29f-11ed-9935-d017c28901ad}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {d16945d9-b29f-11ed-9935-d017c28901ad}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {d172ceb0-b29f-11ed-9935-d017c28901ad}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{d172ceb1-b29f-11ed-9935-d017c28901ad}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  cs-CZ
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{d172ceb1-b29f-11ed-9935-d017c28901ad}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {d172ceb3-b29f-11ed-9935-d017c28901ad}
device                  ramdisk=[C:]\ProgramData\Avast Software\Avast\bootimescan\boottimescan.wim,{d172ceb2-b29f-11ed-9935-d017c28901ad}
path                    \windows\system32\winload.efi
description             Avast Boot-Time Scan
osdevice                ramdisk=[C:]\ProgramData\Avast Software\Avast\bootimescan\boottimescan.wim,{d172ceb2-b29f-11ed-9935-d017c28901ad}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {d16945d9-b29f-11ed-9935-d017c28901ad}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  cs-CZ
inherit                 {resumeloadersettings}
recoverysequence        {d172ceb0-b29f-11ed-9935-d017c28901ad}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume4
path                    \EFI\Microsoft\Boot\memtest.efi
description             Diagnostika pamŘti syst‚mu Windows
locale                  cs-CZ
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {d172ceb1-b29f-11ed-9935-d017c28901ad}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {d172ceb2-b29f-11ed-9935-d017c28901ad}
description             Avast Ramdisk options
ramdisksdidevice        partition=C:
ramdisksdipath          \ProgramData\Avast Software\Avast\bootimescan\boot.sdi

==================== End of FRST.txt ========================
Naposledy upravil(a) JardaB dne 24 bře 2023 08:34, celkem upraveno 1 x.
JardaB

Uživatelský avatar
JardaB
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 11 lis 2005 16:19
Bydliště: Tábor
Kontaktovat uživatele:

Re: SSH pokus o login na router

#4 Příspěvek od JardaB »

Addition

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-03-2023
Ran by admin (24-03-2023 08:24:54)
Running from D:\Util\Antivir\FRST
Microsoft Windows 10 Home Version 22H2 19045.2728 (X64) (2023-02-22 10:15:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

admin (S-1-5-21-4216665273-3776275124-125719893-1001 - Administrator - Enabled) => C:\Users\jirin
Administrator (S-1-5-21-4216665273-3776275124-125719893-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4216665273-3776275124-125719893-503 - Limited - Disabled)
Guest (S-1-5-21-4216665273-3776275124-125719893-501 - Limited - Enabled)
Jiřina (S-1-5-21-4216665273-3776275124-125719893-1002 - Limited - Enabled) => C:\Users\Jiřina
WDAGUtilityAccount (S-1-5-21-4216665273-3776275124-125719893-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.001.20093 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601042}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version:  - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version:  - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version:  - Microsoft)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 23.2.6053 - Avast Software)
Avast Secure Browser (HKU\S-1-5-21-4216665273-3776275124-125719893-1002\...\Avast Secure Browser) (Version: 111.0.20548.65 - Autoři prohlížeče Avast Secure Browser)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 169.4.5684 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.733.1 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-4216665273-3776275124-125719893-1002\...\Flux) (Version:  - f.lux Software LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 72.0.3.0 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 111.0.5563.110 - Google LLC)
Logitech SetPoint 6.90 (HKLM\...\sp6) (Version: 6.90.66 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 111.0.1661.51 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0405-1000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{A0AAD4D5-9F9C-49BB-AB64-0FD4695424E8}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{3FD35521-B8F1-4CE0-85E0-DC6CA1E01012}) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Czech) 2007 (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Czech) 2007 (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{0B7A4B67-2A38-42B1-9857-662FAB361E08}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version:  - Microsoft) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{FDF9A959-241A-4662-A8DE-7DED9C22D160}) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-4216665273-3776275124-125719893-1001\...\OneDriveSetup.exe) (Version: 23.033.0212.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.8.0 - Mozilla)
Mozilla Thunderbird (x64 cs) (HKLM\...\Mozilla Thunderbird 102.9.0 (x64 cs)) (Version: 102.9.0 - Mozilla)
Odinstalace tiskárny EPSON XP-700 Series (HKLM\...\EPSON XP-700 Series) (Version:  - SEIKO EPSON Corporation)
Opera Stable 96.0.4693.80 (HKU\S-1-5-21-4216665273-3776275124-125719893-1002\...\Opera 96.0.4693.80) (Version: 96.0.4693.80 - Opera Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.10 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.52 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)

Packages:
=========
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-03-01] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-03-01] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4216665273-3776275124-125719893-1002_Classes\CLSID\{167FD956-39C3-374C-927A-1D3C47CB6663}\InprocServer32 -> C:\Users\Jiřina\AppData\Local\AVAST Software\Browser\Update\1.8.1579.3\psuser_64.dll (Avast Software s.r.o. -> AVAST Software)
CustomCLSID: HKU\S-1-5-21-4216665273-3776275124-125719893-1002_Classes\CLSID\{2E24E477-2918-49F5-A00B-7D12B16A879A}\InprocServer32 -> C:\Users\Jiřina\AppData\Local\AVAST Software\Browser\Update\1.8.1579.3\psuser_64.dll (Avast Software s.r.o. -> AVAST Software)
CustomCLSID: HKU\S-1-5-21-4216665273-3776275124-125719893-1002_Classes\CLSID\{CEA41856-DAAB-4EE7-9731-0DB1BCD5E0F4}\localserver32 -> C:\Users\Jiřina\AppData\Local\AVAST Software\Browser\Application\111.0.20548.65\notification_helper.exe (Avast Software s.r.o. -> AVAST Software)
CustomCLSID: HKU\S-1-5-21-4216665273-3776275124-125719893-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => E:\Dropbox [2023-02-23 16:29]
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\72.0.3.0\drivefsext.dll [2023-03-21] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\72.0.3.0\drivefsext.dll [2023-03-21] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\72.0.3.0\drivefsext.dll [2023-03-21] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\72.0.3.0\drivefsext.dll [2023-03-21] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-03-23] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-03-23] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-03-23] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\72.0.3.0\drivefsext.dll [2023-03-21] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-03-23] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\72.0.3.0\drivefsext.dll [2023-03-21] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\72.0.3.0\drivefsext.dll [2023-03-21] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-03-23] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-02-22 18:32 - 2013-03-07 23:07 - 000056320 _____ (Alphaleonis) [File not signed] C:\Program Files (x86)\Cobian Backup 11\AlphaVSS.Common.dll
2023-02-22 18:32 - 2013-03-07 23:07 - 000166400 _____ (Alphaleonis) [File not signed] C:\Program Files (x86)\Cobian Backup 11\AlphaVSS.Win2008.x64.dll
2023-03-09 18:38 - 2023-03-09 18:38 - 039165440 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4628.0_x64__8j3eq9eme6ctt\IGCC.dll
2023-02-22 18:32 - 2013-03-07 23:07 - 000009728 _____ (Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\CobStringList.dll
2023-02-22 18:32 - 2013-03-07 23:27 - 002684928 _____ (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbEngine.dll
2008-08-25 22:50 - 2008-08-25 22:50 - 000155648 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA6\1033\VBE6INTL.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2023-01-11] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2023-01-11] (Logitech Inc -> Logitech, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4216665273-3776275124-125719893-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4216665273-3776275124-125719893-1002\Control Panel\Desktop\\Wallpaper -> E:\FOTOALBUM PICASSA\20220319_20212311 - PRODEJ PLNICÍH PER\Unique-Colombia-website-Cabo-de-la-Vela-2-dias.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{31E4BF15-AA04-43C9-A2EF-5700B0AFDB1B}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{3A6793C5-A8BD-4044-8E66-B2B0D09F3360}C:\program files\totalcmd\totalcmd64.exe] => (Allow) C:\program files\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [{C94D04B9-1177-4255-8DD1-67F86EE0CC61}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{DC396D6B-3E65-49FC-A490-9ED8367810AF}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [TCP Query User{50C6FA45-596D-4C30-8026-34FC32862826}C:\users\jiřina\appdata\local\programs\opera\opera.exe] => (Block) C:\users\jiřina\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{81AFFAA1-D78E-45CF-A14E-4A39CBEAB50C}C:\users\jiřina\appdata\local\programs\opera\opera.exe] => (Block) C:\users\jiřina\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{2CB512B4-E6DD-4203-A75E-54F3B81FD8A2}C:\users\jiřina\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\jiřina\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{1A00F290-AC9B-4832-ABB6-B7588580D87B}C:\users\jiřina\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\jiřina\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{9A695E59-3BFC-4FBA-845A-D68F54A41031}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{27D2E1FF-F427-40CA-B0E1-5B9D79FC8281}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A856A333-1222-44A3-B0C6-F9C7D643194B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7EE3A3FA-C290-421E-BE76-9A631756BCBE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B66A8AD2-391D-4C74-B824-EEB66436F6C1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.95.3409.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0282B696-4E10-49FF-9355-6C93EBCFF0C2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CC1B3476-477A-4171-BBDD-48F464B0E3C3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.51\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

15-03-2023 10:12:40 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/23/2023 09:17:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Název chybujícího modulu: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000264a5
ID chybujícího procesu: 0xcf0
Čas spuštění chybující aplikace: 0x01d95dc44dc62821
Cesta k chybující aplikaci: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Cesta k chybujícímu modulu: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
ID zprávy: d49be4c3-ddf7-443f-b3cb-0417294c5da1
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (03/23/2023 08:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: laclient.exe, verze: 2.0.209.0, časové razítko: 0x5dbcbadc
Název chybujícího modulu: laclient.exe, verze: 2.0.209.0, časové razítko: 0x5dbcbadc
Kód výjimky: 0xc0000409
Posun chyby: 0x0000000000104c07
ID chybujícího procesu: 0x29d0
Čas spuštění chybující aplikace: 0x01d95dc142349940
Cesta k chybující aplikaci: C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
Cesta k chybujícímu modulu: C:\Program Files\Common Files\LogiShrd\LAClient\laclient.exe
ID zprávy: b00518bc-145e-4dd6-a9ee-c7b4ddb3280c
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (03/23/2023 08:41:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
   Shromažďování dat modulu pro zápis

Kontext:
   ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
   Název modulu pro zápis: System Writer
   ID instance modulu pro zápis: {aafefdd9-f248-4de7-a1fa-61dbd4ea34c0}

Error: (03/23/2023 08:39:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: laclient.exe, verze: 2.0.209.0, časové razítko: 0x5dbcbadc
Název chybujícího modulu: laclient.exe, verze: 2.0.209.0, časové razítko: 0x5dbcbadc
Kód výjimky: 0xc0000409
Posun chyby: 0x0000000000104c07
ID chybujícího procesu: 0x28d0
Čas spuštění chybující aplikace: 0x01d95dbf295f53bc
Cesta k chybující aplikaci: C:\Program Files\Common Files\Logishrd\LAClient\laclient.exe
Cesta k chybujícímu modulu: C:\Program Files\Common Files\Logishrd\LAClient\laclient.exe
ID zprávy: 3eb3e017-3fdf-4351-be2c-0ee3a718a8a8
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (03/23/2023 07:45:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
   Shromažďování dat modulu pro zápis

Kontext:
   ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
   Název modulu pro zápis: System Writer
   ID instance modulu pro zápis: {aba46ef8-87e5-46c7-bcda-05d0f15ff948}

Error: (03/23/2023 05:46:01 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Sklad (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/23/2023 09:45:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Název chybujícího modulu: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000264a5
ID chybujícího procesu: 0x44dc
Čas spuštění chybující aplikace: 0x01d95d63a2a06c16
Cesta k chybující aplikaci: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Cesta k chybujícímu modulu: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
ID zprávy: 25bc2196-099a-4eed-873f-3a59eec534ad
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (03/22/2023 02:08:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Název chybujícího modulu: overseer.exe, verze: 1.0.465.0, časové razítko: 0x63b6c96b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000f911
ID chybujícího procesu: 0x3924
Čas spuštění chybující aplikace: 0x01d95cbf36671d2a
Cesta k chybující aplikaci: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
Cesta k chybujícímu modulu: C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
ID zprávy: ce6b1b90-a44f-4b1f-8546-39a007a1f41e
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (03/22/2023 06:34:04 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Kontrola šifrovaného svazku: Informace o svazku I: nelze přečíst.

Error: (03/21/2023 08:02:41 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Kontrola šifrovaného svazku: Informace o svazku H: nelze přečíst.

Error: (03/21/2023 04:28:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Uživatelská služba nabízených oznámení Windows_9fb11 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (03/19/2023 07:51:33 AM) (Source: DCOM) (EventID: 10010) (User: POKOJ)
Description: Server NcsiUwpApp_1000.19041.1023.0_neutral_neutral_8wekyb3d8bbwe!App.AppXw175g9nmx2zykh9fyt6xjc0xf8vmj1w6.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/19/2023 07:51:33 AM) (Source: DCOM) (EventID: 10010) (User: POKOJ)
Description: Server Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe!App.AppX3vhsrrrr4az9vb3h5mjdzkhtshkg5v0x.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/15/2023 10:10:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRF0083-FACEBOOK.317180B0BB486.

Error: (03/11/2023 05:27:56 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Název BUCHTIK        :1d nelze zaregistrovat v rozhraní s IP adresou 192.168.2.104.
Počítač s IP adresou 192.168.2.120 nepovolil získání názvu
tímto počítačem.

Error: (03/11/2023 09:55:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2023-02-22 11:48:03
Description: 
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/ProductKey&threatid=2147658877&enterprise=0
Název: HackTool:Win32/ProductKey
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_D:\Util\System - disk - register\Produktové číslo MS Windows nebo Office\ProductKey\ProduKey.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-JB0Q30G\jirin
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.383.423.0, AS: 1.383.423.0, NIS: 1.383.423.0
Verze modulu: AM: 1.1.20000.2, NIS: 1.1.20000.2

CodeIntegrity:
===============
Date: 2023-03-24 08:17:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0602 01/25/2016
Motherboard: ASUSTeK COMPUTER INC. B150M-A
Processor: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 24447.88 MB
Available physical RAM: 18594.04 MB
Total Virtual: 28031.88 MB
Available Virtual: 21945.44 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:96.04 GB) (Free:28.34 GB) (Model: KINGSTON SH103S3120G) NTFS
Drive d: (Data) (Fixed) (Total:15.16 GB) (Free:9.73 GB) (Model: KINGSTON SH103S3120G) NTFS
Drive e: (Sklad) (Fixed) (Total:698.63 GB) (Free:525.85 GB) (Model: SAMSUNG HD753LJ) NTFS
Drive k: () (Fixed) (Total:0 GB) (Free:0 GB) (Model: SAMSUNG HD753LJ) 

\\?\Volume{a2392449-b7af-4320-98ad-9d46b3c8b4eb}\ (Nový svazek) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{2b0aa4e5-b29a-11ed-9935-d017c28901ad}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{d8169e36-c9b0-11ed-9949-d017c28901ad}\ () () (Total:0 GB) (Free:0 GB) 

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: B95CB95C)

Partition: GPT.

==================== End of Addition.txt =======================
JardaB

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: SSH pokus o login na router

#5 Příspěvek od Rudy »

Dobrá. Tak si zjistěte, kdo ve vaší místní síti má IP 192.168.2.104. Odzud útoky pochází. Jinak ba dákju nejse schopen pro vás nic udělat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
JardaB
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 11 lis 2005 16:19
Bydliště: Tábor
Kontaktovat uživatele:

Re: SSH pokus o login na router

#6 Příspěvek od JardaB »

To jsme si nerozuměli, to je počítač manželky a ten postup byl můj laický návrh. Čiňte kroky podle svých zkušeností a zvyklostí.
JardaB

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: SSH pokus o login na router

#7 Příspěvek od Rudy »

Pak resetujte router do tov nastavení a znovu nastavte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
JardaB
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 11 lis 2005 16:19
Bydliště: Tábor
Kontaktovat uživatele:

Re: SSH pokus o login na router

#8 Příspěvek od JardaB »

K tomu nevidím důvod, zkusme jinou cestu. Je to router Turris Omnia s OpenWRT systémem od CZ.NIC a jeho reset nebude mít na výsledky logu žádný vliv .

IP adresy přiděluji jako fixní, není tam žádná pozice přidělená bez známé MAC adresy, počítač je připojen kabelem.
JardaB

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: SSH pokus o login na router

#9 Příspěvek od Rudy »

V tomhle vám ale neporadím. Problémy s napadením routru, řešíme právě takto. Síťař tu není nikdo z nikdo z nás.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
JardaB
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 11 lis 2005 16:19
Bydliště: Tábor
Kontaktovat uživatele:

Re: SSH pokus o login na router

#10 Příspěvek od JardaB »

Hledáme něco v napadeném počítači, to snad umíte. Žadný další nástroj pro hledání k dispozici není ?
JardaB

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: SSH pokus o login na router

#11 Příspěvek od Rudy »

Je. Ale toto bude problém routeru. Spusťte AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Popis v odkazu je na starší verzi. Stáhněte, spusťte, nechtepracovat a po ukončení akce smažte vše, co případně najde.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
JardaB
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 11 lis 2005 16:19
Bydliště: Tábor
Kontaktovat uživatele:

Re: SSH pokus o login na router

#12 Příspěvek od JardaB »

Výsledek procesu KVRT není možné uložit, proto jsem to opsal. Program identifikoval jeden z podprogramů softwaru DriverMAX z mého archivu z roku 2007. Program nebyl na tomto počítači po přeinstalaci, ani nikdy dříve spouštěn. Avast ho nyní neidentifikuje jako problém.

Kód: Vybrat vše

D:\Util\System - disk - register\DriverMAX\innoupd.exe  Packed.Win32.Dico.gen
Protože tuším, že v IT je možné "všechno", zkuste mi prosím vysvětlit podrobněji z čeho odvozujete, že router je napaden, když v jeho logu jsou záznamy o neúspěšných pokusech o připojení SSH z jedné stanice v síti (nebo škodlivý program na routeru umí fingovat činnost ze stanice v LAN ?). Je to ten daemon sshd ?

Seznam Instalovaný a dostupných balíčků openssh

Kód: Vybrat vše

openssh-client	8.4p1-4	329.0 KB	OpenSSH client.	Installed
openssh-client-utils	8.4p1-4	578.2 KB	OpenSSH client utilities.	 Installed
openssh-keygen	8.4p1-4	172.7 KB	OpenSSH keygen.	Installed
openssh-moduli	8.4p1-4	17.2 KB	OpenSSH server moduli file.	 Installed
openssh-server	8.4p1-4	306.7 KB	OpenSSH server.	Installed
openssh-server-pam	8.4p1-4	319.3 KB	OpenSSH server (with PAM support). Install…
openssh-sftp-avahi-service	8.4p1-4	1.4 KB	This package contains the service definition for announcing…	Install…
openssh-sftp-client	8.4p1-4	60.0 KB	OpenSSH SFTP client.	Installed
openssh-sftp-server	8.4p1-4	44.0 KB	OpenSSH SFTP server.	Installed
sshtunnel	4-5	3.6 KB	Creates openssh ssh(1) Local and Remote tunnels configured in UCI file. Can be used to allow remote connections, possibly over NATed connections or without public IP/DNS	 Install…

Krom toho my ty "brutte force útoky" připadají strašně přihlouplé, málo se snaží.

Na routeru je instalovaný AdBlock, RIPE Atlas SW Probe, Honeypots pro porty 21,22,23, 25, 80, 587, NetMetr . .. vše z knihoven CZ.NIC

Regulerní připojení na SSH routeru vypadá takto

Kód: Vybrat vše

Mar 25 10:31:01 Turris_JB sshd[24669]: Accepted password for root from 192.168.2.120 port 62471 ssh2
Mar 25 10:31:07 Turris_JB sshd[24669]: Received disconnect from 192.168.2.120 port 62471:11: FlowSshClientSession: disconnected on user's request
Mar 25 10:31:07 Turris_JB sshd[24669]: Disconnected from user root 192.168.2.120 port 62471
Mar 25 10:31:34 Turris_JB : luci: accepted login on / for root from 192.168.2.120
1 - Pokud by to pomohlo věci mohu vám zaslat obrazy disku tohoto OpenWRT routeru vytvořené pomocí schnapps nebo kompletní seznam instalovaných balíčků
2 - Nebo začnu problém řešit s podporou CZ.NIC

děkuji za trpělivost se mnou :-)
JardaB

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: SSH pokus o login na router

#13 Příspěvek od Rudy »

To, co našel AVPT, ke druh runtime packeru. Byl smazán. Jediné, co AVPT našel.. Prověřil jsem vše, co jsem mohl a jelikož jak už jsem řekl, nejsem síťař, nemohu vám více pomocí Na CZ.NIC uřčitě mají více zkušeností. O napadení (pokusu o login) hovoříte vy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Uživatelský avatar
JardaB
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 11 lis 2005 16:19
Bydliště: Tábor
Kontaktovat uživatele:

Re: SSH pokus o login na router

#14 Příspěvek od JardaB »

Děkuji za rady k postupu, rozumím tomu, že dostupné nástroje nenašly nic, co by bylo možné považovat za zdroj pokusů zjištění hesla na routeru.

Než se budu obracet na forum Turris rád bych věděl přesněji z čeho přesně jste odvodil (podle jakých příznaků), že zdroj útoku na router je právě na routeru, když zdrojová adresa je na klientovi v jeho LAN ?
JardaB

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: SSH pokus o login na router

#15 Příspěvek od Rudy »

Hlásil jste pokus o logmutí na router. Použol jsm tedy nejprve standardní nástroje (ADW, FRST, AVPT), abych se přesvědčil, zda, zda nepochází z vašeho PC. Nástroje pro kontrolu routerů, však nemám k dispozicol Proto jsem navrhoval reset do tov. nastavení a jeho nové nastavení.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět