VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

V notebooku nalezen malware

https://forum.viry.cz:443/viewtopic.php?t=158304

Stránka 1 z 1

V notebooku nalezen malware

Napsal: 16 říj 2021 09:47
od samsungs6edge
Dobrý den přeinstaloval jsem svůj notebook HP ProBook 6560b a použil jsem pro sken program AdwCleaner a hlásí, že by nalezen 1 malware. Může se prosím někdo podívat zda je vše v pořádku? Děkuji mnohokrát.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2021
Ran by Administrator (administrator) on DESKTOP-N5JUU7F (Hewlett-Packard HP ProBook 6560b) (16-10-2021 10:37:48)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Andrea Electronics Corporation) [File not signed] C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Golden Frog GmbH -> Golden Frog, GmbH.) C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.) [File not signed]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2018-08-27] (Apple Inc. -> Apple Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3464758744-2813740192-88780715-500\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-13] (Google LLC -> Google LLC)
IFEO\MusNotification.exe: [Debugger] cmd.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09C2473E-5A50-492C-AE07-3F6EEEF32AFA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0A47FBE7-3B95-4EC8-9EFB-6A9AE8C164D2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-09-10] (Piriform Software Ltd -> Piriform)
Task: {0B08BAD5-37E1-4231-815E-17412E033AD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-15] (Google LLC -> Google LLC)
Task: {4A40BEE0-979B-4ADD-A47E-5E326F044026} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CDE24F1-7D17-4C7D-AA93-A5547F18C89D} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3464758744-2813740192-88780715-1001 => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {9AB7406B-1EB2-4CD3-B449-AB98F935CFD7} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {9FA60B4C-6ADD-4B72-8948-5AC4F1B96BBB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A984BC07-3B57-46D3-8E19-B62BC39D1330} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-15] (Google LLC -> Google LLC)
Task: {B5A4FD8B-1BEF-4927-AA72-33113F840C5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C4B29BF0-4ABD-41D8-A648-EFCF8FB951CB} - System32\Tasks\CCleanerSkipUAC - Administrator => C:\Program Files\CCleaner\CCleaner.exe [29155968 2021-09-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F2B6E4B0-A6E3-48AA-92AE-07FDFDE23049} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-28] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{df98ced1-52d1-4635-917e-113c40c12098}: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-24]

FireFox:
========
FF DefaultProfile: ubd4zy7r.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ubd4zy7r.default [2021-10-06]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\p9adgor2.default-release [2021-10-09]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2021-10-16]
CHR DownloadDir: E:\Downloads
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-15]
CHR Extension: (Dokumenty) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-15]
CHR Extension: (Disk Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-15]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-15]
CHR Extension: (Tabulky) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-15]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc. -> Apple Inc.)
S3 hpqwmiex; C:\Users\Administrator\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe [794112 2021-09-20] (Hewlett-Packard Company) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [418304 2021-09-20] (Golden Frog GmbH -> Golden Frog, GmbH.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 johci; C:\Windows\System32\drivers\johci.sys [26208 2012-07-16] (JMicron Technology Corp. -> JMicron Technology Corp.)
R3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [543744 2012-10-24] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [28160 2021-09-20] (OpenVPN Inc. -> The OpenVPN Project)
S3 tapvyprvpn; C:\Windows\System32\drivers\tapvyprvpn.sys [44896 2021-09-20] (Golden Frog, GmbH -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [38176 2021-09-29] (WireGuard LLC -> WireGuard LLC)
S3 semav6msr64; \??\C:\Windows\system32\drivers\semav6msr64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-16 10:37 - 2021-10-16 10:38 - 000012464 _____ C:\Users\Administrator\Desktop\FRST.txt
2021-10-16 10:37 - 2021-10-16 10:38 - 000000000 ____D C:\FRST
2021-10-16 10:37 - 2021-10-16 10:37 - 008553680 _____ (Malwarebytes) C:\Users\Administrator\Desktop\adwcleaner_8.3.0.exe
2021-10-16 10:35 - 2021-10-16 10:35 - 002310656 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2021-10-15 12:52 - 2021-10-15 12:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2021-10-15 12:45 - 2021-10-15 12:45 - 000000000 ____D C:\Program Files\DIFX
2021-10-15 12:42 - 2021-10-15 12:52 - 000000000 ____D C:\ProgramData\SP_FT_V6_Logs
2021-10-14 08:27 - 2021-10-14 08:27 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-14 08:27 - 2021-10-14 08:27 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-13 17:29 - 2021-10-13 17:29 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-10-13 17:29 - 2021-10-13 17:29 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-10-13 17:29 - 2021-10-13 17:29 - 000203264 _____ C:\Windows\system32\uwfcfgmgmt.dll
2021-10-13 17:29 - 2021-10-13 17:29 - 000158208 _____ C:\Windows\system32\uwfcsp.dll
2021-10-13 17:29 - 2021-10-13 17:29 - 000040960 _____ C:\Windows\system32\uwfservicingapi.dll
2021-10-13 17:29 - 2021-10-13 17:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2021-10-13 17:29 - 2021-10-13 17:29 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2021-10-13 17:28 - 2021-10-13 17:28 - 001823296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-10-13 17:28 - 2021-10-13 17:28 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-10-13 17:28 - 2021-10-13 17:28 - 000706536 _____ C:\Windows\system32\TextShaping.dll
2021-10-13 17:28 - 2021-10-13 17:28 - 000611960 _____ C:\Windows\SysWOW64\TextShaping.dll
2021-10-13 17:28 - 2021-10-13 17:28 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-10-13 17:28 - 2021-10-13 17:28 - 000449024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-10-13 17:28 - 2021-10-13 17:28 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-10-13 17:28 - 2021-10-13 17:28 - 000098304 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-10-13 17:28 - 2021-10-13 17:28 - 000011495 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-10-13 17:21 - 2021-10-13 17:21 - 000000000 ___HD C:\$WinREAgent
2021-10-09 09:48 - 2021-10-09 09:48 - 000000000 ____D C:\Program Files\Intel
2021-10-06 14:45 - 2021-10-06 14:45 - 000000816 _____ C:\Users\Administrator\Desktop\Stažené soubory.lnk
2021-10-06 14:43 - 2021-10-06 14:43 - 024431678 _____ C:\Users\Administrator\Downloads\tv_channels_295580026922082.m3u
2021-10-06 14:42 - 2021-10-06 14:43 - 083203097 _____ C:\Users\Administrator\Downloads\tv_channels_CCFGDPNTA_plus.m3u
2021-10-06 14:39 - 2021-10-09 16:45 - 000000000 ____D C:\Program Files (x86)\Rimassoft IPTV m3u editor
2021-10-06 14:39 - 2021-10-06 14:39 - 000001605 _____ C:\Users\Administrator\Desktop\m3u_Editor.exe.lnk
2021-10-06 14:39 - 2021-10-06 14:39 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rimassoft IPTV m3u editor
2021-10-06 14:38 - 2021-10-06 14:38 - 000249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2021-10-06 14:38 - 2021-10-06 14:38 - 000073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2021-10-06 12:05 - 2021-10-16 10:05 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2021-10-06 12:05 - 2021-10-09 09:59 - 000000000 ____D C:\ProgramData\Mozilla
2021-10-06 12:05 - 2021-10-06 12:05 - 000001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-10-06 12:05 - 2021-10-06 12:05 - 000001004 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-10-06 12:05 - 2021-10-06 12:05 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-10-06 12:05 - 2021-10-06 12:05 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2021-10-06 12:05 - 2021-10-06 12:05 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2021-10-06 12:05 - 2021-10-06 12:05 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-06 12:05 - 2021-10-06 12:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-10-06 11:52 - 2017-11-15 07:40 - 000624640 _____ (Tantrum) C:\Users\Administrator\Desktop\Tantrum IPTV Editor.exe
2021-10-05 08:54 - 2021-10-05 08:54 - 000001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2021-10-05 08:54 - 2021-10-05 08:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-10-05 08:53 - 2021-10-05 08:54 - 000000000 ____D C:\Program Files\iTunes
2021-10-05 08:53 - 2021-10-05 08:53 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2021-10-05 08:53 - 2021-10-05 08:53 - 000000000 ____D C:\Program Files\iPod
2021-10-05 08:53 - 2021-10-05 08:53 - 000000000 ____D C:\Program Files\Common Files\Apple
2021-10-05 08:53 - 2021-10-05 08:53 - 000000000 ____D C:\Program Files\Bonjour
2021-10-05 08:53 - 2021-10-05 08:53 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-10-05 08:53 - 2021-10-05 08:53 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2021-09-30 11:48 - 2021-09-30 11:48 - 007692808 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL63a.SYS
2021-09-30 11:48 - 2021-09-30 11:48 - 004145672 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2021-09-30 11:48 - 2021-09-30 11:48 - 003790344 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2021-09-30 11:48 - 2021-09-30 11:48 - 000000000 ____D C:\Program Files\Broadcom
2021-09-30 11:48 - 2021-09-30 11:48 - 000000000 ____D C:\Program Files (x86)\Cisco
2021-09-29 07:44 - 2021-09-29 07:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Golden_Frog,_GmbH
2021-09-29 07:44 - 2021-09-29 07:44 - 000000000 ____D C:\Users\Administrator\AppData\Local\Golden Frog, GmbH
2021-09-29 07:42 - 2021-09-29 07:42 - 000038176 _____ (WireGuard LLC) C:\Windows\system32\Drivers\wintun.sys
2021-09-29 07:42 - 2021-09-29 07:42 - 000001067 _____ C:\Users\Public\Desktop\VyprVPN.lnk
2021-09-29 07:42 - 2021-09-29 07:42 - 000000000 ____D C:\ProgramData\Golden Frog, GmbH
2021-09-29 07:41 - 2021-10-09 09:51 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-29 07:41 - 2021-09-29 07:42 - 000000000 ____D C:\Program Files (x86)\VyprVPN
2021-09-28 17:26 - 2021-09-28 17:26 - 000001083 _____ C:\Users\Administrator\Desktop\TransMac.lnk
2021-09-28 17:26 - 2021-09-28 17:26 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac
2021-09-28 17:26 - 2021-09-28 17:26 - 000000000 ____D C:\Users\Administrator\AppData\Local\TransMac
2021-09-28 17:26 - 2021-09-28 17:26 - 000000000 ____D C:\Program Files (x86)\TransMac
2021-09-27 18:10 - 2021-09-29 16:57 - 000000000 ____D C:\Program Files\Core Temp
2021-09-27 14:25 - 2019-12-07 11:08 - 000000405 _____ C:\Users\Administrator\Desktop\Ovládací panely.lnk
2021-09-26 18:44 - 2021-10-02 11:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent
2021-09-26 18:44 - 2021-09-26 18:44 - 000001030 _____ C:\Users\Administrator\Desktop\µTorrent.lnk
2021-09-26 18:44 - 2021-09-26 18:44 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2021-09-25 11:41 - 2021-10-13 16:25 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka (2)
2021-09-24 17:05 - 2021-10-02 11:25 - 000249856 _____ (Gracenote, Inc.) C:\Windows\SysWOW64\gnsdk_fp.dll
2021-09-24 17:05 - 2021-10-02 11:25 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.tlb
2021-09-24 17:05 - 2021-10-02 11:25 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2021-09-24 17:05 - 2021-10-02 11:25 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\amcompat.tlb
2021-09-24 17:05 - 2021-10-02 11:25 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2021-09-24 12:52 - 2021-09-24 12:52 - 000000000 ____D C:\ProgramData\Apple Inc
2021-09-24 12:31 - 2021-09-24 12:31 - 000003055 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AltServer.lnk
2021-09-24 12:31 - 2021-09-24 12:31 - 000001452 _____ C:\Users\Administrator\Desktop\AltServer.exe.lnk
2021-09-24 12:31 - 2021-09-24 12:31 - 000000000 ____D C:\Program Files (x86)\AltServer
2021-09-22 17:24 - 2021-09-22 17:26 - 000000000 ____D C:\Users\Administrator\AppData\Local\Rufus
2021-09-22 17:09 - 2021-09-22 17:10 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\balena-etcher
2021-09-22 17:02 - 2021-09-22 17:04 - 000017408 _____ C:\Users\Administrator\AppData\Local\WebpageIcons.db
2021-09-22 15:35 - 2021-09-22 15:35 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\TSMonitor
2021-09-22 15:34 - 2021-09-22 15:34 - 000001339 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenorshare ReiBoot.lnk
2021-09-22 15:34 - 2021-09-22 15:34 - 000001327 _____ C:\Users\Public\Desktop\Tenorshare ReiBoot.lnk
2021-09-22 15:34 - 2021-09-22 15:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenorshare ReiBoot
2021-09-22 15:33 - 2021-09-22 15:33 - 000000000 ____D C:\Program Files (x86)\Tenorshare
2021-09-22 14:54 - 2021-09-24 17:08 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2021-09-22 14:54 - 2021-09-24 17:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2021-09-22 14:54 - 2021-09-24 12:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Inc
2021-09-22 14:53 - 2021-09-22 14:53 - 000000000 ____D C:\ProgramData\Apple Computer
2021-09-22 14:52 - 2021-10-05 08:52 - 000000000 ____D C:\ProgramData\Apple
2021-09-22 14:52 - 2021-09-22 14:52 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple
2021-09-22 14:49 - 2021-09-22 15:27 - 000000000 ____D C:\Users\Administrator\FutureRestoreGUI
2021-09-22 14:48 - 2021-09-22 14:48 - 000002021 _____ C:\Users\Public\Desktop\FutureRestore GUI.lnk
2021-09-22 14:48 - 2021-09-22 14:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown
2021-09-22 14:48 - 2021-09-22 14:48 - 000000000 ____D C:\Program Files\FutureRestore GUI
2021-09-22 14:30 - 2021-09-22 14:30 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-09-21 17:54 - 2021-09-21 17:54 - 000007601 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2021-09-21 17:38 - 2021-10-10 16:46 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2021-09-21 17:38 - 2021-09-21 17:38 - 000000927 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-09-21 17:38 - 2021-09-21 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-09-21 17:38 - 2021-09-21 17:38 - 000000000 ____D C:\Program Files\VideoLAN
2021-09-21 12:05 - 2021-09-21 12:05 - 000001593 _____ C:\Users\Administrator\Desktop\Kalkulačka.lnk
2021-09-20 18:17 - 2021-09-20 18:17 - 000044896 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapvyprvpn.sys
2021-09-20 18:17 - 2021-09-20 18:17 - 000028160 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2021-09-20 12:26 - 2021-10-16 08:14 - 000000000 ____D C:\Program Files\CCleaner
2021-09-20 12:26 - 2021-10-15 20:14 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-09-20 12:26 - 2021-09-27 18:24 - 000002324 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - Administrator
2021-09-20 12:26 - 2021-09-20 12:26 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-09-20 12:26 - 2021-09-20 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-09-20 11:39 - 2021-09-20 11:39 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2021-09-20 10:18 - 2014-05-02 12:35 - 000468752 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1c64x64.sys
2021-09-20 10:18 - 2014-04-22 17:59 - 000403256 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2021-09-20 10:18 - 2014-04-22 17:44 - 000001904 ____N C:\Windows\system32\SetupBD.din
2021-09-20 10:18 - 2013-07-25 03:08 - 000073480 _____ (Intel Corporation) C:\Windows\system32\e1cmsg.dll
2021-09-20 10:18 - 2013-07-11 03:27 - 000089888 _____ (Intel Corporation) C:\Windows\system32\NicInstC.dll
2021-09-20 10:18 - 2013-03-25 14:21 - 000003114 _____ C:\Windows\system32\e1c64x64.din
2021-09-20 10:18 - 2009-05-26 10:05 - 000036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2021-09-20 09:52 - 2021-10-03 16:06 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka
2021-09-19 13:45 - 2021-09-20 11:52 - 000000000 ____D C:\Program Files\WinRAR
2021-09-19 13:45 - 2021-09-19 13:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2021-09-19 13:45 - 2021-09-19 13:45 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-19 13:45 - 2021-09-19 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-09-19 13:15 - 2021-09-19 13:15 - 000001715 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk
2021-09-19 13:15 - 2012-10-24 22:53 - 008013312 _____ (IDT, Inc.) C:\Windows\system32\IDTNHP.dll
2021-09-19 13:15 - 2012-10-24 22:53 - 008003072 _____ (IDT, Inc.) C:\Windows\system32\IDTNGUI.exe
2021-09-19 13:15 - 2012-10-24 22:53 - 006102016 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll
2021-09-19 13:15 - 2012-10-24 22:53 - 002216448 _____ (IDT, Inc.) C:\Windows\system32\IDTNX.dll
2021-09-19 13:15 - 2012-10-24 22:53 - 001821184 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl
2021-09-19 13:15 - 2012-10-24 22:53 - 001664000 _____ (IDT, Inc.) C:\Windows\sttray64.exe
2021-09-19 13:15 - 2012-10-24 22:53 - 000253952 _____ (IDT, Inc.) C:\Windows\system32\IDTNJ.exe
2021-09-19 13:15 - 2012-10-24 22:53 - 000224256 _____ (IDT, Inc.) C:\Windows\system32\HPToneCtrls64.dll
2021-09-19 13:15 - 2012-03-29 22:48 - 000200288 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAC64.dll
2021-09-19 13:15 - 2012-03-29 22:48 - 000074336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTAR64.dll
2021-09-19 13:15 - 2009-10-10 00:45 - 000442368 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTEC64.dll
2021-09-19 13:15 - 2009-03-03 01:47 - 000090624 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCo64.dll
2021-09-18 17:19 - 2021-09-20 11:49 - 000000000 ____D C:\Windows\system32\appmgmt
2021-09-18 17:10 - 2021-09-18 17:18 - 000001024 ____H C:\AMTAG.BIN
2021-09-18 17:10 - 2021-09-18 17:10 - 000000000 ____D C:\ProgramData\AomeiBR
2021-09-18 17:10 - 2017-02-28 14:20 - 000038320 _____ C:\Windows\SysWOW64\ampa.sys
2021-09-18 17:07 - 2021-09-18 17:08 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\HD Tune Pro
2021-09-18 16:08 - 2021-09-18 16:08 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-09-18 16:08 - 2021-09-18 16:08 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-09-18 16:08 - 2021-09-18 16:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-09-18 16:08 - 2021-09-18 16:08 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-09-18 16:07 - 2021-09-18 16:07 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-09-18 16:07 - 2021-09-18 16:07 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-09-18 16:07 - 2021-09-18 16:07 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-09-18 16:07 - 2021-09-18 16:07 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-09-18 16:07 - 2021-09-18 16:07 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-18 16:07 - 2021-09-18 16:07 - 000170496 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll
2021-09-18 16:07 - 2021-09-18 16:07 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2021-09-18 16:07 - 2021-09-18 16:07 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-09-18 16:07 - 2021-09-18 16:07 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-09-18 16:06 - 2021-09-18 16:06 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-18 16:06 - 2021-09-18 16:06 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-18 16:06 - 2021-09-18 16:06 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-09-18 16:06 - 2021-09-18 16:06 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-18 16:06 - 2021-09-18 16:06 - 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2021-09-18 16:06 - 2021-09-18 16:06 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-18 16:06 - 2021-09-18 16:06 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-18 16:06 - 2021-09-18 16:06 - 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-09-18 16:06 - 2021-09-18 16:06 - 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-09-18 16:06 - 2021-09-18 16:06 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-09-18 16:06 - 2021-09-18 16:06 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2021-09-18 16:06 - 2021-09-18 16:06 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-09-18 16:05 - 2021-09-18 16:05 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-09-18 16:05 - 2021-09-18 16:05 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-09-18 16:05 - 2021-09-18 16:05 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-18 16:05 - 2021-09-18 16:05 - 000013312 _____ C:\Windows\system32\agentactivationruntimestarter.exe
2021-09-18 13:03 - 2021-09-18 13:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\IDT
2021-09-18 13:01 - 2021-09-19 13:15 - 000000000 ____D C:\Program Files\IDT
2021-09-18 13:01 - 2021-09-18 13:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-09-18 13:01 - 2021-09-18 13:01 - 000000000 ____D C:\Windows\system32\SRSLabs
2021-09-18 13:01 - 2012-10-24 22:53 - 002189312 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll
2021-09-18 13:01 - 2012-10-24 22:53 - 000672256 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2021-09-18 13:01 - 2012-10-24 22:53 - 000543744 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys
2021-09-18 13:01 - 2012-10-24 22:53 - 000499200 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll
2021-09-17 19:22 - 2021-09-17 19:22 - 000000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2021-09-16 18:35 - 2021-09-16 18:35 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2021-09-16 18:35 - 2021-09-16 18:35 - 000000000 ____D C:\ProgramData\Validity
2021-09-16 18:32 - 2021-09-20 11:49 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\hpqLog
2021-09-16 18:32 - 2021-09-20 11:49 - 000000000 ____D C:\Program Files\Hewlett-Packard
2021-09-16 18:32 - 2021-09-16 18:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2021-09-16 18:25 - 2021-09-16 18:25 - 000000000 ____D C:\Windows\SysWOW64\SDA
2021-09-16 18:25 - 2021-09-16 18:25 - 000000000 ____D C:\Program Files (x86)\JMicron
2021-09-16 18:22 - 2012-02-21 13:17 - 000008192 _____ C:\Windows\system32\Drivers\IntelMEFWVer.dll
2021-09-16 18:19 - 2021-09-20 11:49 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-09-16 09:51 - 2021-09-16 09:51 - 000000000 ____D C:\Users\Administrator\AppData\Local\SKIDROW
2021-09-16 09:51 - 2021-09-16 09:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-09-16 09:50 - 2021-09-16 09:50 - 000000000 ____D C:\Users\Administrator\AppData\Local\2K Games
2021-09-16 09:46 - 2021-09-16 09:46 - 000000000 ____D C:\Windows\SysWOW64\XPSViewer
2021-09-16 09:46 - 2021-09-16 09:46 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-09-16 09:46 - 2021-09-16 09:46 - 000000000 ____D C:\Program Files\MSBuild
2021-09-16 09:46 - 2021-09-16 09:46 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-09-16 09:46 - 2021-09-16 09:46 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-09-16 09:43 - 2021-09-16 09:43 - 000002127 _____ C:\Users\Administrator\Desktop\MAFIA II .lnk
2021-09-16 09:39 - 2021-09-16 09:39 - 000000000 ____D C:\Program Files (x86)\2K Games
2021-09-16 09:38 - 2021-09-16 09:38 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2021-09-16 09:38 - 2021-09-16 09:38 - 000000000 ____D C:\Users\Administrator\AppData\Local\Disc_Soft_Ltd
2021-09-16 09:36 - 2021-10-01 19:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Disc-Soft
2021-09-16 09:36 - 2021-10-01 19:19 - 000000000 ____D C:\ProgramData\Disc-Soft
2021-09-16 09:36 - 2021-09-16 09:36 - 000059360 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2021-09-16 09:36 - 2021-09-16 09:36 - 000042256 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2021-09-16 09:36 - 2021-09-16 09:36 - 000000000 ____D C:\Users\Public\Documents\Catch!

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-16 10:34 - 2021-09-15 17:40 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-10-16 10:16 - 2021-09-15 19:05 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-16 08:21 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-10-16 08:16 - 2021-09-15 17:48 - 001693712 _____ C:\Windows\system32\PerfStringBackup.INI
2021-10-16 08:16 - 2019-12-07 16:43 - 000718160 _____ C:\Windows\system32\perfh005.dat
2021-10-16 08:16 - 2019-12-07 16:43 - 000145302 _____ C:\Windows\system32\perfc005.dat
2021-10-16 08:16 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-10-16 08:11 - 2021-09-15 17:41 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-16 08:11 - 2021-09-15 17:40 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-16 08:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-15 22:54 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-10-14 08:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-10-14 08:35 - 2021-09-15 18:58 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2021-10-14 08:35 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-14 08:26 - 2021-09-15 17:40 - 000258096 _____ C:\Windows\system32\FNTCACHE.DAT
2021-10-13 22:02 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-13 22:02 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-10-13 22:02 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-10-13 22:02 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-10-13 22:02 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-10-13 22:02 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-10-13 22:02 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-10-13 22:02 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-10-13 22:02 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\DiagTrack
2021-10-13 22:02 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-10-13 17:18 - 2021-09-15 19:36 - 000000000 ____D C:\Windows\system32\MRT
2021-10-13 17:16 - 2021-09-15 19:36 - 139806512 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-10-13 09:18 - 2021-09-15 19:06 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-13 09:18 - 2021-09-15 19:06 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-09 09:51 - 2021-09-15 17:50 - 000000000 ____D C:\Program Files (x86)\Intel
2021-10-09 09:48 - 2021-09-15 18:28 - 000000000 ____D C:\ProgramData\Intel
2021-10-06 08:08 - 2021-09-15 17:41 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-10-03 08:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2021-10-01 19:20 - 2021-09-15 19:35 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-01 19:18 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-10-01 19:11 - 2021-09-15 19:05 - 000003474 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-01 19:11 - 2021-09-15 19:05 - 000003350 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-10-01 18:52 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-10-01 16:22 - 2021-09-15 17:49 - 000000000 ____D C:\SwSetup
2021-09-26 15:59 - 2021-09-15 18:11 - 000001184 __RSH C:\ProgramData\ntuser.pol
2021-09-24 12:44 - 2021-09-15 19:02 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2021-09-24 12:44 - 2021-09-15 17:46 - 000000000 ____D C:\ProgramData\Packages
2021-09-24 12:42 - 2021-09-15 18:58 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2021-09-22 14:53 - 2021-09-15 19:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2021-09-22 14:49 - 2021-09-15 18:58 - 000000000 ____D C:\Users\Administrator
2021-09-20 12:29 - 2021-09-15 18:40 - 000000000 ____D C:\Windows\Panther
2021-09-20 12:08 - 2021-09-15 17:50 - 000002914 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3464758744-2813740192-88780715-1001
2021-09-20 11:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-09-18 16:25 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-09-18 16:10 - 2019-12-07 16:47 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2021-09-16 09:46 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\MUI
2021-09-16 09:46 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\MUI
2021-09-16 09:21 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender

==================== Files in the root of some directories ========

2021-09-21 17:54 - 2021-09-21 17:54 - 000007601 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2021-09-22 17:02 - 2021-09-22 17:04 - 000017408 _____ () C:\Users\Administrator\AppData\Local\WebpageIcons.db

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2021
Ran by Administrator (16-10-2021 10:39:42)
Running from C:\Users\Administrator\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1288 (X64) (2021-09-15 15:44:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3464758744-2813740192-88780715-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3464758744-2813740192-88780715-503 - Limited - Disabled)
Guest (S-1-5-21-3464758744-2813740192-88780715-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3464758744-2813740192-88780715-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3.26837 - emc, uTorrent.CZ)
AltServer (HKLM-x32\...\{F7B4312C-3208-43BD-8342-74E9F42006E4}) (Version: 1.4.6 - Riley Testut)
Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.267 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.85 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
FutureRestore GUI (HKLM\...\{C1EDC482-ECA7-3F5B-99AE-E65E4AE140DD}) (Version: 1.91 - CoocooFroggy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
InstallWintun (HKLM\...\{FE2AA480-D491-4272-92BC-EAE2101B8B94}) (Version: 1.0.0 - WireGuard LLC) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.40.1161 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.2 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{51E78C79-92F0-48B2-8A9A-3A5C0A7DD3F2}) (Version: 12.6.5.3 - Apple Inc.)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.47 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 93.0 (x64 cs)) (Version: 93.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 93.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{543F829B-4591-4B2F-AF63-6E6E6AE59EB2}) (Version: 6.4 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{0ECA3BB5-4410-414B-B226-241FF1C12CD0}) (Version: 6.4 - Apple Inc.)
Rimassoft IPTV m3u editor (HKLM-x32\...\ST6UNST #1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
Tenorshare ReiBoot 8.1.0.7 (HKLM-x32\...\{Tenorshare ReiBoot}_is1) (Version: 8.1.0.7 - Tenorshare, Inc.)
TransMac version 14.3 (HKLM-x32\...\TransMac_is1) (Version: 14.3 - Acute Systems)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 4.2.3.10734 - Golden Frog, GmbH.)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3464758744-2813740192-88780715-500_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\Microsoft.SharePoint.exe" => No File
CustomCLSID: HKU\S-1-5-21-3464758744-2813740192-88780715-500_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\Microsoft.SharePoint.exe" => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-09-20 18:18 - 2021-09-20 18:18 - 000101888 _____ () [File not signed] [File is in use] C:\Program Files (x86)\VyprVPN\GoldenFrogWFP.dll
2021-09-19 13:15 - 2012-03-29 22:48 - 000074336 _____ (Andrea Electronics -> Andrea Electronics Corporation) [File not signed] C:\Windows\system32\AESTAR64.dll
2021-09-16 18:22 - 2012-01-19 12:41 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll
2021-09-16 18:22 - 2012-01-19 12:37 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
HKU\S-1-5-21-3464758744-2813740192-88780715-500\Control Panel\Desktop\\Wallpaper -> C:\494096.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-3464758744-2813740192-88780715-500\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3464758744-2813740192-88780715-500\...\StartupApproved\Run: => "iCloudServices"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E8F2D4F8-1A61-4B78-BBF6-58265E1ECFB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F5B584FC-4368-41CF-BFB5-ACD832DCB23D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{04B0D9A3-3432-49FA-9E9A-5B31B3B7C198}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9917CF01-F215-444D-A876-09F33176E587}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A36AAA9F-3AEB-4D6E-945D-B637298121D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{63AEDFCA-3FDF-462D-8976-C17E87F86021}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AC99E11D-E9F0-4640-9F96-323578CCE6A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{47AF8CCB-EE68-4C82-BF17-4748EE698976}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{85D3FDD0-D6D0-4FF6-BE2D-0B5D3298FA99}] => (Allow) E:\Downloads\reiboot.exe => No File
FirewallRules: [{E70DFE3C-5FFE-44FD-962B-BBB51B7EF676}] => (Allow) E:\Downloads\reiboot.exe => No File
FirewallRules: [{896D1AF1-8C60-4032-B9C4-0FE254E63B99}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{9A633006-8118-4E78-809B-B4A320F47C6C}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe => No File
FirewallRules: [{2690FD5C-943C-4C32-B2BD-F23DF5146DCB}] => (Allow) LPort=80
FirewallRules: [TCP Query User{DAB76946-3545-4F04-9345-CEBFF5309574}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe (AltStore LLC) [File not signed]
FirewallRules: [UDP Query User{45B132A5-7168-4A56-B5D7-79AA196DE496}C:\program files (x86)\altserver\altserver.exe] => (Allow) C:\program files (x86)\altserver\altserver.exe (AltStore LLC) [File not signed]
FirewallRules: [{88F54D3A-AB98-4F50-8517-20B15FFC7DD1}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{997F2970-C6F7-4CB7-BD0A-D0FD1D11426F}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{CFC2F4C3-10E6-432F-B3AD-AA62A44D2F28}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{587AC96D-EAAA-424E-B40F-D81C0CC42BD1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5FDC9B7E-888A-4985-BC73-25D23F052060}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B068F086-DC11-42B1-AB35-C783C12641F5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A40C389B-D76D-452E-94ED-0B7B69ACBF05}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E5199188-45D2-4B39-862A-47238D599E64}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0735416A-847D-443C-A7C5-2A2D8C7FCAA4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FE5CA622-D1E9-42A8-8A4D-8B1E555052F9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0ABAE048-E608-4158-8FA3-A4F9FD04FAD6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:118.63 GB) (Free:77.33 GB) (65%)

==================== Faulty Device Manager Devices ============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-VyprVPN Adapter V9
Description: TAP-VyprVPN Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-VyprVPN Provider V9
Service: tapvyprvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/16/2021 08:13:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: usoclient.exe, verze: 10.0.19041.1266, časové razítko: 0x15a970d8
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x1f1c
Čas spuštění chybující aplikace: 0x01d7c254f5de2d3c
Cesta k chybující aplikaci: C:\Windows\System32\usoclient.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: c7d78bbb-72b9-4717-9009-cce8b254c739
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/15/2021 08:39:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: usoclient.exe, verze: 10.0.19041.1266, časové razítko: 0x15a970d8
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x1fc0
Čas spuštění chybující aplikace: 0x01d7c1f3fe0a98dd
Cesta k chybující aplikaci: C:\Windows\System32\usoclient.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 5527e8ab-4342-4abf-abb2-25281ddf1cfe
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/15/2021 02:31:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: usoclient.exe, verze: 10.0.19041.1266, časové razítko: 0x15a970d8
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x13e8
Čas spuštění chybující aplikace: 0x01d7c1c0a2676db8
Cesta k chybující aplikaci: C:\Windows\System32\usoclient.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 58ab320e-9724-465b-90a8-f95d6c4b73f7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/15/2021 08:10:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: usoclient.exe, verze: 10.0.19041.1266, časové razítko: 0x15a970d8
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x790
Čas spuštění chybující aplikace: 0x01d7c18b61de723f
Cesta k chybující aplikaci: C:\Windows\System32\usoclient.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 843b69f5-cc0a-48d5-994c-2cea2c04710e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/14/2021 08:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: usoclient.exe, verze: 10.0.19041.1266, časové razítko: 0x15a970d8
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0x1260
Čas spuštění chybující aplikace: 0x01d7c12d8b29c3f0
Cesta k chybující aplikaci: C:\Windows\System32\usoclient.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 3e7066f0-c5a8-4e32-9de8-838092d7fae2
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/14/2021 02:34:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: usoclient.exe, verze: 10.0.19041.1266, časové razítko: 0x15a970d8
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0xa8c
Čas spuštění chybující aplikace: 0x01d7c0f7d9916a9b
Cesta k chybující aplikaci: C:\Windows\System32\usoclient.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 9e6cfd2f-ad00-48e2-84de-84c9c1bdc533
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/14/2021 08:28:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: usoclient.exe, verze: 10.0.19041.1266, časové razítko: 0x15a970d8
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0xa48
Čas spuštění chybující aplikace: 0x01d7c0c4bc1bfb8f
Cesta k chybující aplikaci: C:\Windows\System32\usoclient.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 7f74d0fa-a922-4705-8920-e8f3fc7f1401
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/13/2021 09:11:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: usoclient.exe, verze: 10.0.19041.1202, časové razítko: 0x86d93e4c
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x2bd748bf
Kód výjimky: 0xc0000409
Posun chyby: 0x000000000007286e
ID chybujícího procesu: 0xe88
Čas spuštění chybující aplikace: 0x01d7c066313d363c
Cesta k chybující aplikaci: C:\Windows\System32\usoclient.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 7bf1d516-472d-47fe-b4d9-17a6d3438848
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (10/13/2021 10:03:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VyprVPN byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/10/2021 10:06:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VyprVPN byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/09/2021 10:33:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VyprVPN byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/08/2021 10:38:58 AM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk2\DR2 má chybný blok.

Error: (10/08/2021 10:38:56 AM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk2\DR2 má chybný blok.

Error: (10/08/2021 10:38:55 AM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk2\DR2 má chybný blok.

Error: (10/08/2021 10:38:54 AM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk2\DR2 má chybný blok.

Error: (10/08/2021 10:38:52 AM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk2\DR2 má chybný blok.


Windows Defender:
================
Date: 2021-10-16 08:47:21
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D4208AD2-089C-4929-9CA3-8F504B35741C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-16 08:31:37
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {1EAD2B2D-53A5-4D6C-8591-A9296475348B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-16 08:23:27
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6F187D16-6495-4834-B68A-26B3560C4A10}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-15 09:28:45
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B9025A73-5A0F-4E9F-B38A-B31B9A2C4A0B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-15 09:13:07
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D999F950-7DC6-40BC-A7EC-F767346D513C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-10-16 10:34:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard 68SCE Ver. F.67 02/13/2018
Motherboard: Hewlett-Packard 1619
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 31%
Total physical RAM: 8122.48 MB
Available physical RAM: 5539.91 MB
Total Virtual: 9402.48 MB
Available Virtual: 7025.42 MB

==================== Drives ================================

Drive c: (WINDOWS SSD) (Fixed) (Total:118.63 GB) (Free:77.33 GB) NTFS
Drive d: (SOFTWARE) (Fixed) (Total:97.66 GB) (Free:97.56 GB) NTFS
Drive e: (DOKUMENTY HDD) (Fixed) (Total:833.84 GB) (Free:604.26 GB) NTFS

\\?\Volume{5529ac2b-5361-43d0-b78b-0ce02d320ae1}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{1da9afa1-9b0e-4376-ace9-209b811ff609}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 998B3713)

Partition: GPT.

==================== End of Addition.txt =======================

Re: V notebooku nalezen malware

Napsal: 16 říj 2021 09:48
od samsungs6edge
Zde ještě posílám sken z AdwCleaner. Děkuji


# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-08.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-16-2021
# Duration: 00:00:07
# OS: Windows 10 Pro
# Scanned: 31984
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Re: V notebooku nalezen malware

Napsal: 16 říj 2021 18:10
od Rudy
Zdravím!
To, co našel ADW není malware, nýbrž tzv. preinstalled. Jde o nějakou utilitu od HP, tudíž je v pořádku. Logy jsou OK.

Re: V notebooku nalezen malware

Napsal: 17 říj 2021 17:45
od samsungs6edge
Dobře děkuji mnohokrát za kontrolu.

Re: V notebooku nalezen malware

Napsal: 17 říj 2021 17:48
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz