VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o preventivku

https://forum.viry.cz:443/viewtopic.php?t=158557

Stránka 1 z 1

Prosím o preventivku

Napsal: 19 úno 2022 16:54
od kodl74
Eset mi zachytil : CoinMiner.AP Dostal sem ho z PC tímto prográmkem:antimalware-vrgn. Tak jestli ještě pro jistotu kontrolu, Děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2022 01
Ran by kaPL74 (administrator) on PCKAPL (Gigabyte Technology Co., Ltd. B250M-D3H) (19-02-2022 16:50:27)
Running from C:\Users\kaPL74\Desktop
Loaded Profiles: kaPL74
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\kaPL74\AppData\Roaming\uTorrent\uninstall.exe ->) (uTorrent.CZ -> BitTorrent, Inc.) [File not signed] C:\Users\kaPL74\AppData\Roaming\uTorrent\utorrent.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIUNE.EXE
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(explorer.exe ->) (uTorrent.CZ -> emc) [File not signed] C:\Users\kaPL74\AppData\Roaming\uTorrent\uninstall.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Winstep Software Technologies) [File not signed] C:\Program Files (x86)\Winstep\Nexus.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_4ef17f85da2b0fa5\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(services.exe ->) (Winstep Software Technologies) [File not signed] C:\Program Files (x86)\Winstep\WsxService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [167496 2022-01-22] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1675680 2021-09-24] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [445800 2021-10-08] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1319208 2019-05-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [18012288 2020-10-28] (Winstep Software Technologies) [File not signed]
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4268456 2022-01-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112187784 2022-02-04] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" (No File)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIUNE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [Gaijin.Net Updater] => C:\Users\kaPL74\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {4606e602-6249-11ec-ab87-1c1b0da4b7b8} - "G:\HonorSuiteOnlineInstaller.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {817c3898-6009-11ec-ab87-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\padbury.scr [2560816 2020-06-06] (ICOFX SOFTWARE SRL -> icofx software srl)
HKLM\...\Print\Monitors\EPSON L3150 Series 64MonitorBE: C:\Windows\system32\E_YLMBUNE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
Startup: C:\Users\kaPL74\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2020-02-29]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02CE0F15-226D-4355-AB31-F269CC1B1E9C} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {233FB242-E3C5-4A40-826A-2A2E4E232AE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6469008 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {26CA65D1-7B46-4C9F-A96C-4AE5D73D0151} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {38694CBE-242F-48B4-935B-5DBD49CBB8E7} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {39420B2E-FD2A-4020-9358-EDF697DE1B1A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22882216 2022-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {3BD25B2B-8415-41DF-9CFF-03CD90EB8D27} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110968 2022-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {3CFD13DC-C560-4EFD-9CF5-7E4907A9785D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110968 2022-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {42347994-DF70-4AA1-B492-9309D9F4E5F7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1009872 2021-11-02] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {489C7E94-6BB6-4137-8F90-D999E7B2203F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {55A557CB-D824-4D00-909D-4595CD3EB9E5} - System32\Tasks\IZHECETIROJMEFOS_run => C:\Users\kaPL74\AppData\Roaming\Ashampoo\Ashampoo Burning Studio 21\IZHECETIROJMEFOS.exe (No File)
Task: {5CF28CBA-BFDA-4370-800A-F1D6C32F6374} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {7D10DD9C-CCF9-4431-B7FE-FB8543AC9C4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6469008 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {933D8ED1-9629-446A-B082-A9BB21FED4A0} - System32\Tasks\ELZWSOJFXZNZVFJF_run => C:\Users\kaPL74\AppData\Roaming\Adobe\CameraRaw\ELZWSOJFXZNZVFJF.exe (No File)
Task: {AEB78506-86E7-4488-A9E5-FA196B7F48A7} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [4487904 2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
Task: {AED806D2-C191-4F4E-9AD6-732DB5760B53} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647376 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B1DBCFA5-4A38-4710-B1CC-EF415E6DBEDA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339472 2022-02-03] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C72E0F3F-D6A7-4A9D-B5BB-FFBAD298142A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C7B06D35-84E3-4DBE-AD51-33302C31E940} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-01-28] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CD03A155-5B1A-4F49-871D-3E36C2CBDB17} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {E2DE8347-155A-4804-BDA6-0415593CE923} - System32\Tasks\EPSON L3150 Series Update {250D2C85-A398-4683-BBC4-5BDE47BA1485} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {E3EF4EDE-27B2-45B4-B1F8-DCF82029D332} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F7AB4AB2-AA32-4484-99AA-E2674E0EAC46} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22882216 2022-02-04] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L3150 Series Update {250D2C85-A398-4683-BBC4-5BDE47BA1485}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE:/EXE:{250D2C85-A398-4683-BBC4-5BDE47BA1485} /F:UpdateWORKGROUP\PCKAPL$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{04687598-79ac-424b-a997-68cfe11fc2ae}: [DhcpNameServer] 192.168.100.1

Edge:
=======
Edge DefaultProfile: Default

FireFox:
========
FF DefaultProfile: suv7x4pj.default
FF ProfilePath: C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\suv7x4pj.default [2022-02-02]
FF Homepage: Mozilla\Firefox\Profiles\suv7x4pj.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\suv7x4pj.default -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\suv7x4pj.default -> hxxps://www.slevomat.cz
FF Extension: (Blokátor reklam AdGuard) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\suv7x4pj.default\Extensions\adguardadblocker@adguard.com.xpi [2020-01-05]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\suv7x4pj.default\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2019-01-05]
FF Extension: (To Google Translate) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\suv7x4pj.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-12-07]
FF ProfilePath: C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release [2022-02-19]
FF Homepage: Mozilla\Firefox\Profiles\bdftw427.default-release -> hxxps://www.seznam.cz/
FF NewTab: Mozilla\Firefox\Profiles\bdftw427.default-release -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\bdftw427.default-release -> hxxps://www.slevomat.cz
FF NewTabOverride: Mozilla\Firefox\Profiles\bdftw427.default-release -> Enabled: wikipedia@search.mozilla.org
FF NewTabOverride: Mozilla\Firefox\Profiles\bdftw427.default-release -> Enabled: google@search.mozilla.org
FF Extension: (Blokátor reklam AdGuard) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release\Extensions\adguardadblocker@adguard.com.xpi [2021-12-18]
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-06-23]
FF Extension: (Firefox Color) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release\Extensions\FirefoxColor@mozilla.com.xpi [2021-11-20]
FF Extension: (To Google Translate) - C:\Users\kaPL74\AppData\Roaming\Mozilla\Firefox\Profiles\bdftw427.default-release\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2021-06-23]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2020-03-18] [Legacy] [not signed]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3640345311-2590231575-3648685039-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-04-19] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2022-02-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-22] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-22] (ESET, spol. s r.o. -> ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2018-01-29] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-02] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-02-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2020-02-29] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService.exe [777216 2019-10-29] (Winstep Software Technologies) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_4ef17f85da2b0fa5\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_4ef17f85da2b0fa5\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [184464 2022-01-22] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [122944 2022-01-22] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [201976 2022-01-22] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43904 2022-01-22] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [69704 2022-01-22] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [110560 2022-01-22] (ESET, spol. s r.o. -> ESET)
S3 gdrv; C:\WINDOWS\gdrv.sys [25640 2021-09-24] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-02] (Malwarebytes Inc -> Malwarebytes)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R0 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [133944 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-10-24] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-24] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
S4 GSDriver; \SystemRoot\System32\drivers\GSDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-19 16:50 - 2022-02-19 16:50 - 000024395 _____ C:\Users\kaPL74\Desktop\FRST.txt
2022-02-19 16:50 - 2022-02-19 16:50 - 000000000 ____D C:\FRST
2022-02-19 16:45 - 2022-02-19 16:45 - 002312192 _____ (Farbar) C:\Users\kaPL74\Desktop\FRST64.exe
2022-02-19 15:31 - 2022-02-19 15:32 - 000000000 ____D C:\Users\kaPL74\AppData\LocalLow\IGDump
2022-02-19 13:58 - 2022-02-19 14:00 - 000000000 ___HD C:\adobeTemp
2022-02-19 13:57 - 2022-02-19 13:57 - 000003356 _____ C:\WINDOWS\system32\Tasks\IZHECETIROJMEFOS_run
2022-02-19 13:57 - 2022-02-19 13:57 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-16 18:21 - 2022-02-16 18:23 - 3526063341 _____ C:\Users\kaPL74\Desktop\Cernobyl - Chernobyl.2020.1080p.BluRay.CZ-SK.dabing.mkv
2022-02-10 14:35 - 2022-02-18 09:43 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-08 21:54 - 2022-02-08 21:54 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-08 21:54 - 2022-02-08 21:54 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2022-02-08 21:54 - 2022-02-08 21:54 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-02-08 21:54 - 2022-02-08 21:54 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-02-08 21:54 - 2022-02-08 21:54 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-08 21:50 - 2022-02-08 21:50 - 000000000 ___HD C:\$WinREAgent
2022-02-06 14:34 - 2022-02-06 14:35 - 000000000 ____D C:\Users\kaPL74\AppData\Local\Adobe
2022-02-02 20:32 - 2022-02-02 21:37 - 000000000 ____D C:\Users\kaPL74\AppData\Local\AMSDK
2022-02-02 20:29 - 2022-02-02 20:29 - 000000000 ____D C:\Users\kaPL74\AppData\Local\PeerDistRepub
2022-02-02 20:28 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001905912 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001905912 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001478392 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001478392 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-02-02 13:59 - 2022-01-29 00:32 - 001466000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001432304 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001432304 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001207440 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001145592 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-02-02 13:59 - 2022-01-29 00:32 - 001145592 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-02-02 13:59 - 2022-01-29 00:29 - 000796328 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-02-02 13:59 - 2022-01-29 00:29 - 000715944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-02-02 13:59 - 2022-01-29 00:29 - 000638936 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 002121360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 001602728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 001529512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 001178544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 000985024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 000795616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-02-02 13:59 - 2022-01-29 00:28 - 000709760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-02-02 13:59 - 2022-01-29 00:27 - 008611496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 007716320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 005727376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 005099152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 002933928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-02-02 13:59 - 2022-01-29 00:27 - 000456848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-02-02 13:59 - 2022-01-29 00:26 - 000851904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-02-02 13:59 - 2022-01-29 00:24 - 006458912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-02-02 13:59 - 2022-01-28 12:28 - 000089185 _____ C:\WINDOWS\system32\nvinfo.pb
2022-02-02 10:58 - 2022-02-02 11:00 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\WinRAR
2022-02-02 10:58 - 2022-02-02 11:00 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-02-02 10:58 - 2022-02-02 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-02-02 10:57 - 2022-02-02 10:57 - 000160766 _____ C:\WINDOWS\WinRAR Uninstaller.exe
2022-02-02 10:57 - 2022-02-02 10:57 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR v.6.02 64bit CZ
2022-02-02 10:57 - 2022-02-02 10:57 - 000000000 ____D C:\Program Files\WinRAR
2022-02-02 10:28 - 2022-02-02 10:28 - 000000000 ____D C:\ProgramData\GridinSoft

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-19 16:50 - 2020-05-26 19:23 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\uTorrent
2022-02-19 16:41 - 2020-02-29 22:17 - 000000000 ____D C:\Program Files (x86)\Steam
2022-02-19 16:29 - 2020-02-29 18:31 - 000000000 ____D C:\Users\kaPL74\AppData\LocalLow\Mozilla
2022-02-19 16:26 - 2020-03-08 20:47 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-19 14:42 - 2020-03-01 10:15 - 000000000 ____D C:\Tiskárna EPSON
2022-02-19 14:42 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-02-19 14:41 - 2020-03-01 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2022-02-19 14:41 - 2020-03-01 10:07 - 000000000 ____D C:\Program Files (x86)\EPSON Software
2022-02-19 14:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-19 14:32 - 2020-03-01 00:22 - 000000000 ____D C:\Program Files\Adobe
2022-02-19 14:26 - 2020-08-23 10:32 - 001693204 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-19 14:26 - 2019-12-07 15:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2022-02-19 14:26 - 2019-12-07 15:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2022-02-19 14:19 - 2020-08-23 10:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-19 14:19 - 2020-08-23 10:23 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-19 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-19 14:19 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-19 14:10 - 2020-02-29 20:33 - 000000000 ____D C:\Users\kaPL74\AppData\Local\CrashDumps
2022-02-19 14:01 - 2020-02-29 18:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-02-19 14:00 - 2020-02-29 22:10 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-02-19 13:59 - 2020-02-29 22:09 - 000000000 ____D C:\ProgramData\Adobe
2022-02-19 13:57 - 2020-02-29 22:10 - 000000000 ____D C:\Users\kaPL74\AppData\Local\D3DSCache
2022-02-19 13:55 - 2021-10-05 23:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-02-19 13:48 - 2020-08-23 10:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-19 13:18 - 2020-02-29 22:49 - 000000000 ___RD C:\Users\kaPL74\Documents\Euro Truck Simulator 2
2022-02-18 19:24 - 2020-06-07 12:06 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-18 19:24 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-18 19:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-18 14:44 - 2020-02-29 20:05 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\vlc
2022-02-18 09:40 - 2020-02-29 22:35 - 000000000 ____D C:\Users\kaPL74\Documents\American Truck Simulator
2022-02-17 21:54 - 2020-08-21 19:16 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-17 17:31 - 2020-08-23 10:27 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-08-23 10:27 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-02-17 17:31 - 2020-02-29 18:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-02-17 17:31 - 2020-02-29 17:58 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-02-17 17:31 - 2020-02-29 17:58 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-02-17 10:21 - 2020-02-29 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-02-16 21:32 - 2020-02-29 17:59 - 000000000 ____D C:\Users\kaPL74\AppData\Local\Packages
2022-02-16 21:17 - 2020-02-29 18:02 - 000000000 ____D C:\Users\kaPL74\AppData\Local\PlaceholderTileLogoFolder
2022-02-16 21:17 - 2020-02-29 17:59 - 000000000 ____D C:\Users\kaPL74\AppData\Local\Publishers
2022-02-16 20:20 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-11 20:06 - 2020-02-29 19:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-02-11 10:59 - 2020-02-29 20:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-11 10:58 - 2020-02-29 20:12 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-10 11:25 - 2021-11-27 16:23 - 000000000 ____D C:\Users\kaPL74\AppData\Local\WarThunder
2022-02-08 23:04 - 2020-08-23 10:23 - 000446296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-08 23:03 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-02-08 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-08 23:03 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2022-02-08 21:54 - 2020-08-23 10:25 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-08 17:46 - 2020-03-01 10:58 - 000000000 ____D C:\Users\kaPL74\Documents\ConvertXToDVD
2022-02-08 17:39 - 2020-04-13 16:19 - 000000000 ____D C:\Users\kaPL74\AppData\Roaming\dvdcss
2022-02-02 21:37 - 2021-11-20 19:11 - 000920540 _____ C:\WINDOWS\ZAM.krnl.trace
2022-02-02 14:01 - 2020-02-29 18:17 - 000000000 ____D C:\Users\kaPL74\AppData\Local\NVIDIA
2022-01-30 21:52 - 2020-02-29 19:58 - 000000000 ____D C:\Users\Public\Documents\Winstep
2022-01-30 11:18 - 2020-08-23 10:27 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-30 11:18 - 2020-08-23 10:27 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-29 00:24 - 2020-11-02 09:27 - 007612344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-01-28 12:50 - 2020-03-08 20:47 - 002859520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2022-01-28 12:50 - 2020-03-08 20:47 - 002201800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2022-01-28 12:50 - 2020-03-08 20:47 - 001295872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2022-01-24 19:47 - 2020-08-23 09:43 - 000000000 ____D C:\Users\kaPL74
2022-01-22 11:58 - 2020-10-26 09:28 - 000201976 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000184464 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000122944 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000110560 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000069704 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2022-01-22 11:58 - 2020-10-26 09:28 - 000043904 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2022-01-21 13:22 - 2020-10-27 11:16 - 000082432 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2022-01-21 13:22 - 2020-10-27 11:16 - 000071168 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll

==================== Files in the root of some directories ========

2020-03-01 10:59 - 2020-03-01 10:59 - 000007859 _____ () C:\Users\kaPL74\AppData\Roaming\pcouffin.cat
2020-03-01 10:59 - 2020-03-01 10:59 - 000001167 _____ () C:\Users\kaPL74\AppData\Roaming\pcouffin.inf
2020-03-01 10:59 - 2020-03-01 10:59 - 000082816 _____ (VSO Software) C:\Users\kaPL74\AppData\Roaming\pcouffin.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by kaPL74 (19-02-2022 16:51:24)
Running from C:\Users\kaPL74\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) (2020-08-23 09:27:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3640345311-2590231575-3648685039-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3640345311-2590231575-3648685039-503 - Limited - Disabled)
Guest (S-1-5-21-3640345311-2590231575-3648685039-501 - Limited - Disabled)
kaPL74 (S-1-5-21-3640345311-2590231575-3648685039-1001 - Administrator - Enabled) => C:\Users\kaPL74
WDAGUtilityAccount (S-1-5-21-3640345311-2590231575-3648685039-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1_1) (Version: 22.1.1.138 - Adobe Inc.)
Ashampoo Burning Studio 21 (HKLM-x32\...\{91B33C97-3390-FD9A-8E0F-3F6BA7865E46}_is1) (Version: 21.6.0 - Ashampoo GmbH & Co. KG)
CrystalDiskInfo 8.9.0a (HKLM\...\CrystalDiskInfo_is1) (Version: 8.9.0a - Crystal Dew World)
Easy Photo Scan (HKLM-x32\...\{9E3F2EC3-7E4F-4F20-A56F-7A24D6E3D39B}) (Version: 1.00.0017 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{7E0261C4-8495-4365-BE48-647701D8B9BD}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{49048EBF-3803-4AA4-8943-675E6E8D5B30}) (Version: 3.11.0030 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L3150 Series Printer Uninstall (HKLM\...\EPSON L3150 Series) (Version: - Seiko Epson Corporation)
Epson Photo+ (HKLM-x32\...\{15000BAD-6D4B-4330-824E-3712C0DF4F9A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{C4D8E138-C67B-41D5-B493-F54BB72B43E0}) (Version: 3.3.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson ScanSmart (HKLM-x32\...\{BF35B9D9-C4A1-40DD-B13C-46F35BD35282}) (Version: 3.5.2 - Seiko Epson Corporation)
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 15.0.23.0 - ESET, spol. s r.o.)
Fliqlo Screen Saver (HKLM-x32\...\Fliqlo) (Version: - )
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version: 9.40.86 - Logitech)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.56 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.14827.20192 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{16E50919-B07A-4B4E-994A-476D4773F5BF}) (Version: 3.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27027 (HKLM-x32\...\{39e28474-b67b-4209-af1b-e9ad0a83d8ca}) (Version: 14.16.27027.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.10 (x64) (HKLM-x32\...\{db36836f-11c3-4087-8f9c-daa0086ac619}) (Version: 3.1.10.29419 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 97.0.1 (x64 cs)) (Version: 97.0.1 - Mozilla)
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft)
Nexus (HKLM-x32\...\Winstep Xtreme_is1) (Version: - )
NVIDIA FrameView SDK 1.2.7321.30900954 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7321.30900954 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.0.84 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 511.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.65 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20088 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Padbury Clock Screensaver 1.2 (HKLM-x32\...\Padbury Clock Screensaver_is1) (Version: 1.2 - IcoFX Software S.R.L.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.317.1 - Tracker Software Products Ltd)
Příručky společnosti EPSON (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.57.0.0 - Seiko Epson Corporation)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
Samsung NVM Express Driver 3.3.0.2003 (HKLM\...\{89D55DD5-FE94-497B-B5E5-91915D52DBF2}) (Version: 3.3.0.2003 - Samsung Electronics Co., Ltd) Hidden
Skype verze 8.80 (HKLM-x32\...\Skype_is1) (Version: 8.80 - Skype Technologies S.A.)
Slovenská lokalizácia hry Call of Duty: Modern Warfare Remastered (HKLM-x32\...\Lokalizacia CoDMWR) (Version: 1.0 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.56 - VSO Software)
War Thunder Launcher 1.0.3.295 (HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Network)
WinRAR (HKLM-x32\...\WinRAR) (Version: v.6.02 64bit CZ - 15.06.2021 - libbi)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-24] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-29] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-02-02] (NVIDIA Corp.)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.0.30181.0_x64__8wekyb3d8bbwe [2022-02-11] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj [2020-08-23] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-22] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-22] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_4ef17f85da2b0fa5\nvshext.dll [2022-01-29] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-22] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-03-27 10:20 - 2021-10-06 02:30 - 126961152 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2020-03-27 10:20 - 2021-10-06 02:30 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2020-03-27 10:20 - 2021-10-06 02:30 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2020-03-27 10:20 - 2021-10-06 02:30 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2020-02-29 19:58 - 2017-11-24 17:43 - 000026624 _____ (Winstep Software Technologies) [File not signed] C:\Program Files (x86)\Winstep\WsxMMTimer.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2022-02-02 20:14 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kaPL74\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Snowraner 29.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "DisplayTune.exe"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\StartupApproved\Run: => "Gaijin.Net Updater"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B741A4D3-2B14-45FA-B169-FA9045EE0D7A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B0196ADA-A7D6-4B38-8B9D-94E86AC02BEB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{89CD64DC-A193-486C-BCAA-F104D7AE91BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{2FC008B7-0095-48D9-98CE-C2DBE243E117}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{831072C7-BAF4-40F6-AB8B-355336447349}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{83863D5C-4185-4E37-BFAB-E273A99C823E}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{57A952ED-4D02-45BB-844A-6999ACEB261B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{5D4C55C2-E162-43DE-87A5-9C75400F39A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{D9A94214-C8E8-4230-80EE-5C782497DB7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{88E16755-3D9B-41FD-B3B8-2D85A857C763}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{B4B4FC33-2AD5-442C-8083-B74880E57049}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE34723E-2B6D-4FFC-B3AE-B250CEBECB60}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{792FDF47-5350-4D52-8CAE-4521924497EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{91C71BB2-0159-465F-ACCE-610835CDBC98}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{047C5850-B00E-4B3B-91C7-4F3947BC516E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8ED4530F-DCC9-4418-BB56-DED07ABDE113}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{758E4BF8-8362-4229-B955-D8FAA50BC644}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{FC235BF2-8819-4797-9AFF-B03CEB4A2EBD}] => (Allow) LPort=26789
FirewallRules: [{63A62958-2DE5-4A07-AD58-C6706FD38EFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
FirewallRules: [{9668C1FC-5CA9-4073-9E73-CD66211B9828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
FirewallRules: [{850C34E6-130E-4E08-838B-A1565E6A98F8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8ED789BF-3563-4752-9749-3C55E1CA3A96}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{891624B6-595E-43BF-B7A8-E1279441EA43}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{BB4EB234-5A14-4381-AC92-BAF39DD27CDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [{83942E71-D923-42D2-971F-429A0B676410}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SnowRunner\Sources\Bin\SnowRunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [{E3147C6B-20AD-4E4E-8C79-18B54CCE3D2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0744D746-23F8-47BD-B963-3CAB5A5A7520}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20C60E59-09BF-4F22-8D22-5FCFEE274F33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D4284B86-043E-443C-9971-AA0C4B355569}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed]
FirewallRules: [{8A916C70-E380-4FBC-8CF3-4ECF1BD257D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed]
FirewallRules: [{1937B838-BF08-49D2-A7C0-1C2221E31160}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{420B3194-365A-4EBD-99BF-09432337A8AA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFF08AC3-53AB-444D-A08F-9603C4B38C98}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{A2583A65-DF0A-4BC4-9657-B17B14DF0FE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{40741816-ABC5-41BA-B3E4-67DC43164154}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{94275A9C-8282-4C68-A711-3066B71CE943}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{ABE41C56-B0A9-4E60-B98F-1D1F685A9401}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{BA30417E-4198-47C7-8EC8-69061006C06E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{169D75D9-E874-4A83-A8B7-2FBB004F2F8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{FFBDA307-C873-4CDC-AAA1-D2FCD5C0EA8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{43E82424-0188-4D8B-854D-008042CBEB6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{FFE98138-0A84-4688-B181-6DCD8CB766D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)

==================== Restore Points =========================

16-02-2022 17:39:30 Naplánovaný kontrolní bod
16-02-2022 20:19:55 Instalační služba modulů systému Windows
19-02-2022 13:57:20 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
19-02-2022 14:40:38 Installed Epson Printer Connection Checker
19-02-2022 14:41:38 Installed Epson Printer Connection Checker

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/19/2022 02:48:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wmiprvse.exe, verze: 10.0.19041.546, časové razítko: 0x5da7ab91
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x80131623
Posun chyby: 0x00007ffe8371200f
ID chybujícího procesu: 0x1840
Čas spuštění chybující aplikace: 0x01d8259763af5875
Cesta k chybující aplikaci: C:\WINDOWS\system32\wbem\wmiprvse.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 2e08d603-f6f0-40dd-8b7c-969364ae6dca
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/19/2022 02:48:35 PM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: wmiprvse.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Byla vyvolána neočekávaná výjimka od poskytovatele:
System.IO.FileLoadException:
File name: 'Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()


Stack:
at System.Environment.FailFast(System.String)
at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

Error: (02/19/2022 02:48:34 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (02/19/2022 02:48:34 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (02/19/2022 02:48:34 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (02/19/2022 02:40:50 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 - 0000000000000264,0x00530194,0000000000000000,0,00000218C0808860,4096,[0]). hr = 0x800701b1, Bylo zadáno zařízení, které neexistuje.
.


Operace:
Dotaz na stínové kopie

Error: (02/19/2022 02:19:19 PM) (Source: SetupARService) (EventID: 0) (User: )
Description: Službu nelze spustit. System.NullReferenceException: Odkaz na objekt není nastaven na instanci objektu.
v SetupAfterRebootService.SetupARService.OnStart(String[] args)
v System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/19/2022 02:10:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IZHECETIROJMEFOS.exe, verze: 1.1.17640.0, časové razítko: 0x8e795bdf
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.1466, časové razítko: 0xe2f8ca76
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000ff199
ID chybujícího procesu: 0x33d0
Čas spuštění chybující aplikace: 0x01d82591fe40ba08
Cesta k chybující aplikaci: C:\Users\kaPL74\AppData\Roaming\Ashampoo\Ashampoo Burning Studio 21\IZHECETIROJMEFOS.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: fae5794a-b976-4d21-8be3-5146922cb3e0
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (02/12/2022 05:11:03 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.

Error: (02/12/2022 05:11:03 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.

Error: (02/12/2022 05:11:02 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.

Error: (02/12/2022 05:11:02 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.

Error: (02/12/2022 05:11:01 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk3\DR3.

Error: (02/12/2022 12:11:36 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Vzájemné ověření mezi místním adaptérem Bluetooth a zařízením s adresou adaptéru Bluetooth (2c:4d:79:c5:24:65) se nezdařilo.

Error: (02/12/2022 12:11:30 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Vzájemné ověření mezi místním adaptérem Bluetooth a zařízením s adresou adaptéru Bluetooth (2c:4d:79:c5:24:65) se nezdařilo.

Error: (02/12/2022 12:09:55 PM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Vzájemné ověření mezi místním adaptérem Bluetooth a zařízením s adresou adaptéru Bluetooth (2c:4d:79:c5:24:65) se nezdařilo.


Windows Defender:
================
Date: 2020-12-09 18:49:27
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/CloudCar_Test_File
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\kaPL74\Desktop\cloudcar.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: PCKAPL\kaPL74
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.327.2236.0, AS: 1.327.2236.0, NIS: 1.327.2236.0
Verze modulu: AM: 1.1.17600.5, NIS: 1.1.17600.5

CodeIntegrity:
===============
Date: 2022-02-19 14:21:20
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume8\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F10 12/14/2018
Motherboard: Gigabyte Technology Co., Ltd. B250M-D3H-CF
Processor: Intel(R) Core(TM) i5-7600 CPU @ 3.50GHz
Percentage of memory in use: 25%
Total physical RAM: 32727.8 MB
Available physical RAM: 24333.14 MB
Total Virtual: 34775.8 MB
Available Virtual: 25769.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.88 GB) (Free:682.13 GB) NTFS
Drive d: (Místní disk) (Fixed) (Total:931.51 GB) (Free:470.53 GB) NTFS
Drive e: () (Fixed) (Total:930.56 GB) (Free:685.07 GB) NTFS

\\?\Volume{61d92415-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{b5d0499e-b828-4e1c-9bed-e82b27d3d91a}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{61d92415-0000-0000-0000-60c3e8000000}\ () (Fixed) (Total:0.46 GB) (Free:0.03 GB) NTFS
\\?\Volume{14fdb315-38db-40bd-8c62-8f40fe6f7fce}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2EFF3D7B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 61D92415)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=469 MB) - (Type=27)

==========================================================
Disk: 2 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Prosím o preventivku

Napsal: 20 úno 2022 21:58
od Rudy
Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" (No File)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {4606e602-6249-11ec-ab87-1c1b0da4b7b8} - "G:\HonorSuiteOnlineInstaller.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {817c3898-6009-11ec-ab87-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {55A557CB-D824-4D00-909D-4595CD3EB9E5} - System32\Tasks\IZHECETIROJMEFOS_run => C:\Users\kaPL74\AppData\Roaming\Ashampoo\Ashampoo Burning Studio 21\IZHECETIROJMEFOS.exe (No File)
Task: {933D8ED1-9629-446A-B082-A9BB21FED4A0} - System32\Tasks\ELZWSOJFXZNZVFJF_run => C:\Users\kaPL74\AppData\Roaming\Adobe\CameraRaw\ELZWSOJFXZNZVFJF.exe (No File)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [{63A62958-2DE5-4A07-AD58-C6706FD38EFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
FirewallRules: [{9668C1FC-5CA9-4073-9E73-CD66211B9828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
C:\Users\kaPL74\Desktop\cloudcar.exe

EmptyTemp:
End
Uložte do C:\Users\kaPL74\Desktop jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Prosím o preventivku

Napsal: 21 úno 2022 09:07
od kodl74
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by kaPL74 (21-02-2022 09:01:52) Run:1
Running from C:\Users\kaPL74\Desktop
Loaded Profiles: kaPL74
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\Run: [CCXProcess] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" (No File)
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {4606e602-6249-11ec-ab87-1c1b0da4b7b8} - "G:\HonorSuiteOnlineInstaller.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {817c3898-6009-11ec-ab87-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\...\MountPoints2: {c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} - "H:\HiSuiteDownLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {55A557CB-D824-4D00-909D-4595CD3EB9E5} - System32\Tasks\IZHECETIROJMEFOS_run => C:\Users\kaPL74\AppData\Roaming\Ashampoo\Ashampoo Burning Studio 21\IZHECETIROJMEFOS.exe (No File)
Task: {933D8ED1-9629-446A-B082-A9BB21FED4A0} - System32\Tasks\ELZWSOJFXZNZVFJF_run => C:\Users\kaPL74\AppData\Roaming\Adobe\CameraRaw\ELZWSOJFXZNZVFJF.exe (No File)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [{63A62958-2DE5-4A07-AD58-C6706FD38EFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
FirewallRules: [{9668C1FC-5CA9-4073-9E73-CD66211B9828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CoJ Gunslinger\CoJGunslinger.exe => No File
C:\Users\kaPL74\Desktop\cloudcar.exe

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCXProcess" => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ecab0d2-d58e-11eb-ab6e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ecab12d-d58e-11eb-ab6e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4606e602-6249-11ec-ab87-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{817c3898-6009-11ec-ab87-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a188eae-43e7-11ec-ab7e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4f02b28-0263-11eb-ab3c-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b58bdc64-6eee-11eb-ab5e-1c1b0da4b7b8} => removed successfully
HKU\S-1-5-21-3640345311-2590231575-3648685039-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0841f5e-59c3-11ec-ab85-1c1b0da4b7b8} => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55A557CB-D824-4D00-909D-4595CD3EB9E5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55A557CB-D824-4D00-909D-4595CD3EB9E5}" => removed successfully
C:\WINDOWS\System32\Tasks\IZHECETIROJMEFOS_run => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IZHECETIROJMEFOS_run" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{933D8ED1-9629-446A-B082-A9BB21FED4A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{933D8ED1-9629-446A-B082-A9BB21FED4A0}" => removed successfully
C:\WINDOWS\System32\Tasks\ELZWSOJFXZNZVFJF_run => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ELZWSOJFXZNZVFJF_run" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ FileSyncEx => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63A62958-2DE5-4A07-AD58-C6706FD38EFE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9668C1FC-5CA9-4073-9E73-CD66211B9828}" => removed successfully
"C:\Users\kaPL74\Desktop\cloudcar.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 183282293 B
Java, Flash, Steam htmlcache => 671100205 B
Windows/system/drivers => 692580 B
Edge => 0 B
Firefox => 1194657223 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 30758 B
NetworkService => 30758 B
kaPL74 => 7572440 B

RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:04:25 ====

Re: Prosím o preventivku

Napsal: 21 úno 2022 10:13
od Rudy
Smazáno, log by již měl být OK.

Re: Prosím o preventivku

Napsal: 21 úno 2022 15:54
od kodl74
Děkuji moc.

Re: Prosím o preventivku

Napsal: 21 úno 2022 16:54
od Rudy
Rádo se stalo! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz