Dobrý den, prosím o kontrolu logu z FRST. Google účet hlásí kritické bezpečnostní upozornění .
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2023
Ran by irena (administrator) on IRENA-PC (HP HP ProDesk 400 G3 MT) (24-02-2023 16:46:36)
Running from C:\Users\irena\Desktop
Loaded Profiles: irena
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2486 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <18>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(explorer.exe ->) (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Lespeed Technology Co., Ltd -> WiseCleaner.COM) C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-09-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38966072 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [MicrosoftEdgeAutoLaunch_F46C44FF1D6C46FBDCA7A2B3ED8E915D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [GoogleChromeAutoLaunch_7EE3BDFEE45835C637F9FFAAED466373] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3288344 2023-02-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [GoogleChromeAutoLaunch_55E020A4BD8672A218223936965978A1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3362096 2023-02-17] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\RunOnce: [Application Restart #3] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3362096 2023-02-17] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3362096 2023-02-17] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\110.0.5481.177\Installer\chrmstp.exe [2023-02-22] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\110.1.48.167\Installer\chrmstp.exe [2023-02-17] (Brave Software, Inc. -> Brave Software, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {031BF6B4-6E50-47D5-B467-A01EB8C1BF07} - System32\Tasks\brave => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {079890DC-936C-4AD0-A698-F101C5750860} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-02-25] (HP Inc. -> HP Inc.)
Task: {09295649-8B94-4452-AB01-E97AA47E326D} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (No File)
Task: {09E3572C-BE10-4DCB-A3A2-DA3029E71C54} - System32\Tasks\NetworkCap => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {0D8AD2F5-88F7-48AF-85BD-FF1A936D102F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {17A4A448-95BA-4E02-8305-72240D2A2D07} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114624 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {20DC48AB-583E-4FAD-BC0C-A336E8BA61AA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2023-02-08] (Piriform Software Ltd -> Piriform)
Task: {2CC198E7-6B84-494B-AEAC-DC5EA34972A0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114624 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {32FE47AA-276F-49B3-8704-F955D80E39E8} - System32\Tasks\TradingViewT => C:\TempFiles\TradingView.exe (No File)
Task: {36FE711C-21CD-4FBA-BF95-515F4C6CF8E6} - System32\Tasks\WiseAutoShutdownW => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {3718A993-AB75-46E1-B72D-20A66F998FE5} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2070184238-1747943612-3790908667-1001 => C:\Users\irena\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {4D304283-BBF4-4133-94EC-D97CB0124E79} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703544 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "8d7f463d-5e7b-48ca-b47d-c652327b884a" --version "6.09.10300" --silent
Task: {4E2DDB6F-AB59-4552-8D12-50172DCB3631} - System32\Tasks\CCleanerSkipUAC - irena => C:\Program Files\CCleaner\CCleaner.exe [32631096 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {567A7373-471A-44D6-B817-574B638CF299} - System32\Tasks\TradingView => C:\TempFiles\TradingView.exe (No File)
Task: {5EE68865-E10D-4BFB-BF31-A93A483FACD8} - System32\Tasks\MoUsoCoreWorker => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {60A6AFFC-122F-4087-BA66-52D2A9184FBA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5142728 2023-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {6EED149D-D857-4993-9255-7F6D2F5A3C5A} - System32\Tasks\MoUsoCoreWorkerM => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {74443067-81F3-4AFD-9D96-30A02E5F70E1} - System32\Tasks\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {7A59BF77-2788-4A74-931E-AA6290B706C2} - System32\Tasks\Wise Auto Shutdown Task.job => C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe -a
Task: {7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63} - System32\Tasks\Telegram => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {7CD1F9B1-16DC-48CF-BFE1-6F76291170A6} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {83EE8549-E7A6-46BE-96FE-C360ABAE4BFA} - System32\Tasks\DiagsCapD => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {87A1A0CD-648E-4BF1-947A-453D7819AA6E} - System32\Tasks\DiagsCap => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {B91F227A-B60B-42E2-94EE-97CE28BBCD4F} - System32\Tasks\TelegramT => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {BBE4AC99-E096-444F-87E2-CB4D672C7406} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {D70B331F-38F1-44BF-BC00-A7433E44AAA6} - System32\Tasks\WiseAutoShutdown => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {D8E8E802-C796-4DA7-90CC-0454FDD444D4} - System32\Tasks\NetworkCapN => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {DE2CE02B-1A0B-403A-8193-9C60869286E6} - System32\Tasks\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {E20A3AFB-8CC9-470D-A1B1-6F01AB135580} - System32\Tasks\braveb => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {EE02F67B-7191-4164-98C6-1C36DC5F0785} - System32\Tasks\chromec => C:\Jts\charts\chrome.exe (No File)
Task: {F665D6FF-64AD-4902-8915-45AE34F0C993} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {FC93DF02-6FF3-4272-9E59-17D18B556BE3} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEF0CF95-C93C-42B8-9775-47133AE05ACD} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2070184238-1747943612-3790908667-1005 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6edc9e38-bba7-4885-9417-eab4e54ca450}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\irena\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-24]
Edge Extension: (SerpClix ClickSense) - C:\Users\irena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bamgnhpbgpandihbdankcohicepdpoim [2023-01-29]
Edge Profile: C:\Users\irena\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-02-22]
Edge HomePage: Profile 1 -> hxxps://www.seznam.cz/
Edge StartupUrls: Profile 1 -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2070184238-1747943612-3790908667-1005: tdameritrade.com/thinkorswim -> C:\Users\irena\AppData\Local\thinkorswim\npthinkorswim.dll [2023-01-01] (TD Ameritrade, Inc -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-2070184238-1747943612-3790908667-1005: tdameritrade.com/tossc -> C:\Users\irena\AppData\Local\thinkorswim\nptossc.dll [2023-01-01] (TD Ameritrade, Inc -> TD Ameritrade)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default [2023-02-24]
CHR Notifications: Default -> hxxps://app.deriv.com; hxxps://kfc.cz; hxxps://roboforex.com; hxxps://satuhu.com; hxxps://stockstrader.roboforex.com; hxxps://www.bybit.com; hxxps://www.facebook.com; hxxps://www.filehorse.com; hxxps://www.netflix.com; hxxps://www.telemundo.com; hxxps://www.tradingview.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2022-04-10]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-01-22]
CHR Extension: (Image Downloader) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2022-10-20]
CHR Extension: (Bezplatná VPN pro Chrome - VPN proxy pomocí 1clickVPN) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfhplploccackoneaefokcmbjfbkenj [2023-02-12]
CHR Extension: (video downloader - CocoCut) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gddbgllpilhpnjpkdbopahnpealaklle [2022-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-31]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-02-22]
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2022-10-20]
CHR Extension: (DotVPN — Unlock the Web with VPN for Chrome) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2023-01-31]
CHR Extension: (Video DownloadHelper) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-10-20]
CHR Extension: (Live Stream Downloader) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-01-31]
CHR Extension: (Google Hangouts) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-15]
CHR Extension: (MetaMask) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-02-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-09]
CHR Extension: (SS TV Remote) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2022-04-10]
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-02-24]
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-05]
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-24]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files (x86)\Bigasoft\Video Downloader Pro\extensions\3.23.2.7675\BVDChromeExt.crx [2022-06-05]
Brave:
=======
BRA Profile: C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-02-24]
BRA Notifications: Default -> hxxps://www.netflix.com
BRA Extension: (Easy Auto Refresh) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2022-04-10]
BRA Extension: (Překladač Google) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-04-10]
BRA Extension: (Safe Torrent Scanner) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-01-07]
BRA Extension: (Just Black) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2022-04-10]
BRA Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-01-26]
BRA Extension: (Image Downloader) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2022-10-20]
BRA Extension: (My O'Reilly Downloader) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\deebiaolijlopiocielojiipnpnaldlk [2023-01-11]
BRA Extension: (Open Subtitles) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gbagdbjhcmodnokmjfhkhagnhgmmpgan [2023-01-07]
BRA Extension: (video downloader - CocoCut) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gddbgllpilhpnjpkdbopahnpealaklle [2022-10-12]
BRA Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-02-22]
BRA Extension: (Download Master - Free Download Manager) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\laepcndcehndnjndpfjdcdgbneoimdgg [2023-01-31]
BRA Extension: (Video DownloadHelper) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-10-13]
BRA Extension: (Live Stream Downloader) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-02-02]
BRA Extension: (Google Hangouts) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-15]
BRA Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2023-02-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-02-24]
BRA Extension: (Brave NTP background images) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-13]
BRA Extension: (Wallet Data Files Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-02-22]
BRA Extension: (Brave Ad Block Updater (Easylist-Cookie List - Filter Obtrusive Cookie Notices (plaintext))) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-02-24]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-12-07]
BRA Extension: (Brave NTP sponsored images) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2023-02-24]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-01-13]
BRA Extension: (Brave Ads Resources) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\iejekkikpddbbockoldagmfcdbffomfc [2023-01-26]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-02-24]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-04-10]
BRA Extension: (Brave Ad Block Updater (Easylist-Cookie List - Filter Obtrusive Cookie Notices)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfgnenkkneohplacnfabidofpgcdpofm [2022-12-07]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2022-12-26]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak (plaintext))) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oegebjahecghlckbhkmojgnpcgdeajdi [2023-02-12]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2022-12-07]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-02-22]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1001272 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12554240 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 dosvc; C:\Windows\System32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dosvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncHelper.exe [3484544 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [761856 2022-02-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [760864 2022-02-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [756720 2022-02-24] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [760304 2022-02-24] (HP Inc. -> HP Inc.)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8967840 2023-02-12] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\OneDriveUpdaterService.exe [3854208 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 UsoSvc; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ANVSOFT_WaveExtensible; C:\Windows\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [63256 2018-08-29] (Comodo Security Solutions, Inc. -> COMODO)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198080 2023-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77736 2023-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2023-02-24] (Malwarebytes Inc. -> Malwarebytes)
R3 StnPport; C:\Windows\system32\DRIVERS\StnPport.sys [97280 2010-10-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 VBAudioVACMME; C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49568 2022-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [473376 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-02-24 16:43 - 2023-02-24 16:43 - 000000000 ___HD C:\$SysReset
2023-02-24 16:11 - 2023-02-24 16:11 - 000181816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-02-24 16:08 - 2023-02-24 16:08 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-02-24 15:32 - 2023-02-24 15:32 - 000001552 _____ C:\Users\irena\Downloads\Wureset Windows 10.zip
2023-02-24 15:32 - 2023-02-24 15:32 - 000000000 ____D C:\Users\irena\Downloads\Wureset Windows 10
2023-02-24 15:17 - 2023-02-24 16:47 - 000033638 _____ C:\Users\irena\Desktop\FRST.txt
2023-02-24 15:16 - 2023-02-24 16:46 - 000000000 ____D C:\FRST
2023-02-24 15:11 - 2023-02-24 15:14 - 002378752 _____ (Farbar) C:\Users\irena\Desktop\FRST64.exe
2023-02-22 19:27 - 2023-02-22 19:27 - 000006946 _____ C:\Users\irena\Documents\cc_20230222_192717.reg
2023-02-21 17:22 - 2023-02-21 17:22 - 000054668 _____ C:\Users\irena\Downloads\90409 90328 5D M1100 CL1D1 CS TS plus 0.01 LBL 25p tstart tp2 eqt clp 1pct TRIAL.ex4
2023-02-14 15:15 - 2023-02-14 15:15 - 000030266 _____ C:\Users\irena\Downloads\Invoice9252085565.pdf
2023-02-12 13:37 - 2023-02-12 13:37 - 000002039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-02-12 13:37 - 2023-02-12 13:37 - 000002027 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-02-12 13:37 - 2023-02-12 13:37 - 000000000 ____D C:\Users\irena\AppData\Local\mbam
2023-02-12 13:36 - 2023-02-12 13:36 - 002555248 _____ (Malwarebytes) C:\Users\irena\Downloads\MBSetup.exe
2023-02-12 13:36 - 2023-02-12 13:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-02-12 13:36 - 2023-02-12 13:36 - 000000000 ____D C:\Program Files\Malwarebytes
2023-02-12 13:35 - 2023-02-12 13:35 - 000004204 _____ C:\Users\irena\Documents\cc_20230212_133516.reg
2023-02-07 17:24 - 2023-02-07 17:24 - 004236458 _____ C:\Users\irena\Downloads\BANCOMAT-4.8.rar
2023-02-07 15:13 - 2023-02-08 17:27 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-02-06 13:34 - 2023-02-07 15:14 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-02-06 13:34 - 2023-02-07 15:14 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-06 13:34 - 2023-02-06 13:34 - 000000000 ___RD C:\Users\Default\OneDrive
2023-02-06 13:33 - 2023-02-06 13:33 - 000002540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-02-06 13:29 - 2023-02-23 20:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-02-06 13:29 - 2023-02-06 13:29 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-02-06 13:15 - 2023-02-06 13:15 - 000005198 _____ C:\Users\irena\Downloads\[SkT]Office_2013-2021_C2R_Install_v7.5.0.1_ _(x64).torrent
2023-02-05 14:32 - 2023-02-05 14:32 - 000009620 _____ C:\Users\irena\Documents\cc_20230205_143206.reg
2023-02-05 11:09 - 2023-02-05 11:47 - 000000000 ____D C:\Users\irena\AppData\Roaming\obs-studio
2023-02-05 11:09 - 2023-02-05 11:09 - 000000000 ____D C:\ProgramData\obs-studio-hook
2023-02-05 11:09 - 2023-02-05 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2023-02-05 11:09 - 2023-02-05 11:09 - 000000000 ____D C:\Program Files\obs-studio
2023-02-05 11:08 - 2023-02-05 11:09 - 000003596 _____ C:\Windows\system32\Tasks\DiagsCapD
2023-02-05 11:08 - 2023-02-05 11:08 - 000003566 _____ C:\Windows\system32\Tasks\TelegramT
2023-02-05 11:08 - 2023-02-05 11:08 - 000003556 _____ C:\Windows\system32\Tasks\WiseAutoShutdownW
2023-02-05 11:08 - 2023-02-05 11:08 - 000003528 _____ C:\Windows\system32\Tasks\NetworkCapN
2023-02-05 11:08 - 2023-02-05 11:08 - 000003524 _____ C:\Windows\system32\Tasks\TradingViewT
2023-02-05 11:08 - 2023-02-05 11:08 - 000003338 _____ C:\Windows\system32\Tasks\DiagsCap
2023-02-05 11:08 - 2023-02-05 11:08 - 000003306 _____ C:\Windows\system32\Tasks\Telegram
2023-02-05 11:08 - 2023-02-05 11:08 - 000003298 _____ C:\Windows\system32\Tasks\WiseAutoShutdown
2023-02-05 11:08 - 2023-02-05 11:08 - 000003270 _____ C:\Windows\system32\Tasks\NetworkCap
2023-02-05 11:08 - 2023-02-05 11:08 - 000003266 _____ C:\Windows\system32\Tasks\TradingView
2023-02-05 11:07 - 2023-02-05 11:07 - 000000000 ____D C:\Users\irena\Downloads\Freebitcoin_script
2023-02-05 11:06 - 2023-02-05 11:07 - 124828767 _____ C:\Users\irena\Downloads\Freebitcoin_script.rar
2023-02-05 10:25 - 2023-02-12 13:41 - 000000000 ____D C:\TempFiles
2023-02-05 10:25 - 2023-02-05 11:08 - 000003692 _____ C:\Windows\system32\Tasks\MoUsoCoreWorkerM
2023-02-05 10:25 - 2023-02-05 11:08 - 000003524 _____ C:\Windows\system32\Tasks\braveb
2023-02-05 10:25 - 2023-02-05 11:08 - 000003434 _____ C:\Windows\system32\Tasks\MoUsoCoreWorker
2023-02-05 10:25 - 2023-02-05 11:08 - 000003266 _____ C:\Windows\system32\Tasks\brave
2023-02-05 10:25 - 2023-02-05 10:25 - 000003506 _____ C:\Windows\system32\Tasks\chromec
2023-02-04 17:58 - 2023-02-04 17:58 - 000193750 _____ C:\Users\irena\Downloads\11 MEETING (1).pdf
2023-02-04 17:53 - 2023-02-04 17:53 - 000193750 _____ C:\Users\irena\Downloads\11 MEETING.pdf
2023-02-02 18:02 - 2023-02-02 18:02 - 005900951 _____ C:\Users\irena\Downloads\Text odstavce.mp4
2023-02-02 13:40 - 2023-02-02 13:40 - 095865638 _____ C:\Users\irena\Downloads\pexels-cottonbro-5909978.mp4
2023-02-02 12:50 - 2023-02-02 12:50 - 000844469 _____ C:\Users\irena\Downloads\ssstik.io_1675338634296.mp4
2023-02-01 14:40 - 2023-02-01 14:41 - 304723632 _____ C:\Users\irena\Downloads\513507577_mp4_h264_aac_hq_1 (480p_aac).mp4
2023-02-01 14:06 - 2023-02-01 14:06 - 000000000 ____D C:\Program Files\VB
2023-02-01 13:56 - 2023-02-01 14:42 - 000000000 ____D C:\Users\irena\AppData\Roaming\Subtitle Edit
2023-02-01 13:56 - 2023-02-01 13:56 - 000001925 _____ C:\Users\irena\Desktop\Subtitle Edit.lnk
2023-02-01 13:56 - 2023-02-01 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
2023-02-01 13:56 - 2023-02-01 13:56 - 000000000 ____D C:\Program Files\Subtitle Edit
2023-02-01 13:55 - 2023-02-01 13:55 - 010746997 _____ (Nikse ) C:\Users\irena\Downloads\SubtitleEdit-3.6.11-Setup.exe
2023-02-01 13:53 - 2023-02-01 13:53 - 000000000 ____D C:\Users\irena\Downloads\VBCABLE_Driver_Pack43
2023-02-01 13:53 - 2014-09-02 18:01 - 000041192 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vbaudio_cable64_win7.sys
2023-01-29 12:21 - 2023-01-29 12:21 - 090481740 _____ C:\Users\irena\Downloads\Netflix_9.0.6 build 17025_17025_69b433.apk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-02-24 16:42 - 2022-04-09 08:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-24 16:41 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-24 16:15 - 2022-04-09 09:36 - 001605428 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-24 16:15 - 2019-12-07 15:43 - 000682184 _____ C:\Windows\system32\perfh005.dat
2023-02-24 16:15 - 2019-12-07 15:43 - 000137000 _____ C:\Windows\system32\perfc005.dat
2023-02-24 16:15 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-02-24 16:13 - 2022-04-14 16:35 - 000000000 ____D C:\Program Files\CCleaner
2023-02-24 16:13 - 2022-04-09 09:39 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-24 16:11 - 2022-04-09 15:42 - 000000000 __SHD C:\Users\irena\IntelGraphicsProfiles
2023-02-24 16:11 - 2022-04-09 09:34 - 000000000 ____D C:\Intel
2023-02-24 16:11 - 2022-04-09 08:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-24 16:11 - 2022-04-09 08:30 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-24 16:10 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-02-24 16:08 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-02-23 19:13 - 2022-04-21 13:43 - 000000000 ____D C:\Users\irena\AppData\Local\ElevatedDiagnostics
2023-02-23 17:30 - 2022-06-05 11:45 - 000002340 _____ C:\Users\irena\Desktop\Irena - Chrome.lnk
2023-02-22 21:03 - 2022-04-09 09:40 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-22 21:03 - 2022-04-09 09:40 - 000002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-02-22 19:27 - 2022-04-09 15:41 - 000000000 ____D C:\Users\irena
2023-02-22 19:25 - 2023-01-07 19:22 - 000000000 ____D C:\Users\irena\AppData\Roaming\utorrent
2023-02-22 15:13 - 2022-04-23 17:47 - 000002382 ____H C:\Users\irena\Documents\Default.rdp
2023-02-21 15:44 - 2022-04-09 15:44 - 000000000 ____D C:\Users\irena\AppData\Local\D3DSCache
2023-02-20 19:39 - 2022-09-20 14:12 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-02-20 19:38 - 2022-04-25 08:09 - 000002392 _____ C:\Users\irena\Desktop\Osobní - Edge.lnk
2023-02-20 19:38 - 2022-04-09 10:13 - 000000000 ____D C:\Temp
2023-02-20 19:38 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-20 19:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-02-19 16:43 - 2022-07-06 07:23 - 000000000 ____D C:\Users\irena\AppData\Roaming\Telegram Desktop
2023-02-19 08:29 - 2023-01-17 15:08 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-19 08:29 - 2022-04-09 08:58 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-17 20:05 - 2022-04-10 14:09 - 000002370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-02-17 20:05 - 2022-04-10 14:09 - 000002329 _____ C:\Users\Public\Desktop\Brave.lnk
2023-02-14 15:02 - 2022-10-30 19:00 - 000003476 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-02-14 15:02 - 2022-04-14 16:35 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-02-12 13:40 - 2022-04-09 08:57 - 000461296 _____ C:\Windows\system32\FNTCACHE.DAT
2023-02-12 13:37 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-02-12 13:34 - 2022-04-09 09:29 - 000000000 ____D C:\Windows\SoftwareDistribution.bak
2023-02-09 15:00 - 2022-04-09 08:58 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 15:00 - 2022-04-09 08:58 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-07 15:14 - 2022-04-09 15:44 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2070184238-1747943612-3790908667-1005
2023-02-06 19:03 - 2022-04-09 09:40 - 000000000 ____D C:\Program Files\Google
2023-02-06 13:34 - 2022-04-09 19:29 - 000000000 ___RD C:\Users\irena\OneDrive
2023-02-06 13:29 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-02-05 14:30 - 2022-07-24 11:30 - 000000000 ____D C:\Users\irena\AppData\Local\CrashDumps
2023-02-05 14:30 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-02-05 14:22 - 2023-01-07 19:23 - 000000000 ____D C:\Users\irena\AppData\Local\BitTorrentHelper
2023-02-05 11:08 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\TAPI
2023-02-02 18:19 - 2022-04-10 16:01 - 000000000 ____D C:\Users\irena\AppData\Roaming\avidemux
2023-02-02 08:32 - 2022-04-21 11:11 - 000000000 ____D C:\Users\irena\AppData\Local\FreeGrabApp
2023-02-02 08:32 - 2022-04-21 07:53 - 000001388 _____ C:\Users\Public\Desktop\Free Netflix Download.lnk
2023-02-02 08:32 - 2022-04-21 07:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeGrabApp
2023-02-02 08:32 - 2022-04-21 07:53 - 000000000 ____D C:\Program Files (x86)\FreeGrabApp
2023-02-01 14:36 - 2022-04-10 16:10 - 000000000 ____D C:\Users\irena\AppData\Local\JDownloader 2.0
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2023
Ran by irena (24-02-2023 16:47:28)
Running from C:\Users\irena\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2486 (X64) (2022-04-09 08:29:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2070184238-1747943612-3790908667-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2070184238-1747943612-3790908667-503 - Limited - Disabled)
Guest (S-1-5-21-2070184238-1747943612-3790908667-501 - Limited - Disabled)
irena (S-1-5-21-2070184238-1747943612-3790908667-1005 - Administrator - Enabled) => C:\Users\irena
WDAGUtilityAccount (S-1-5-21-2070184238-1747943612-3790908667-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {3D9428CB-50D2-A37E-F90F-1D238F042427}
FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\uTorrent) (Version: 3.6.0.46674 - BitTorrent Inc.)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_2_2) (Version: 23.2.2.325 - Adobe Inc.)
Any Video Converter Ultimate 7.1.5 (HKLM-x32\...\Any Video Converter_is1) (Version: 7.1.5 - LRepacks)
Avidemux VC++ 64bits (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\{b330a3fa-6829-4a5a-ae3c-db60651c1483}) (Version: 2.8.0 - Mean)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Bigasoft Video Downloader Pro 3.23.2.7675 (HKLM-x32\...\{C7056BA6-D954-43A2-ABBA-AB2E8E777730}_is1) (Version: - Bigasoft Corporation)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 110.1.48.167 - Autoři prohlížeče Brave)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.78.1093 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 6.09 - Piriform)
Free Netflix Download (HKLM-x32\...\Free Netflix Download_is1) (Version: 5.2.10.120 - FreeGrabApp LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.177 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
Intel(R) Chipset Device Software (HKLM\...\{4A121459-D3F8-4908-A474-96D45641E357}) (Version: 10.1.18243.8188 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{f3b1c211-1159-4262-bb97-84150cda9096}) (Version: 10.1.18243.8188 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{18ECCB13-1AAB-4366-B8CD-D78EDDDCB37E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2014.14.0.1540 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{5F3D379F-069B-4BBB-B7AA-CBDFA1877343}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{8FFDA2DD-9B70-4A8A-8ACD-CBF774D1885B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{047f2156-ee7f-4a24-b3c2-c0c5c2c81557}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Malwarebytes version 4.5.22.236 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.22.236 - Malwarebytes)
MEX Atlantic MT4 Terminal (HKLM-x32\...\MEX Atlantic MT4 Terminal) (Version: 4.00 - MetaQuotes Ltd.)
Microsoft .NET Host - 6.0.4 (x64) (HKLM\...\{E8F68286-7C62-4E7D-A28F-277FFEBC2B9D}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.4 (x64) (HKLM\...\{51701D62-C986-4508-B423-5EFE6FF708B7}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.4 (x64) (HKLM\...\{BA6DD641-C766-473C-B70A-451F96F4D88B}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.50 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.50 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusVolume - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusVolume - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.007.0109.0004 - Microsoft Corporation)
Microsoft Project Professional 2016 - cs-cz (HKLM\...\ProjectProVolume - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProVolume - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{7F09DF2D-9B17-4E4D-B247-9AE0E918C32B}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{5213821B-E78E-4346-9CEC-8F6BA7D6F115}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visio Professional 2016 - cs-cz (HKLM\...\VisioProVolume - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProVolume - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM\...\{A0EC4CD9-836A-4D8B-BBD7-D5BC3902465C}) (Version: 48.19.39090 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM-x32\...\{73e5de3a-8f61-4a4a-ac84-0d7d5c9b9b5f}) (Version: 6.0.4.31115 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.1.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20200 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.2183 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.)
Subtitle Edit (HKLM\...\Subtitle Edit_is1) (Version: 3.6.11.0 - Nikse)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.69 - Synaptics Incorporated)
Telegram Desktop (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.6 - Telegram FZ-LLC)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Trader Workstation (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\5889-6375-8446-2021) (Version: latest (10.20.1h) 20230110 16:31:40 - Interactive Brokers LLC)
Ulož.to FileManager 2.92 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.92 - Uloz.to cloud a.s.)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Wise Auto Shutdown 2.0.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 2.0.2 - WiseCleaner.com, Inc.)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.14.42.0_x64__v10z8vjag6ke6 [2022-05-10] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad]
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-08-13] (INTEL CORP) [Startup Task]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2022-04-15] (Samsung Electronics Co. Ltd.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2022-04-09] (Skype)
TradingView -> C:\Program Files\WindowsApps\TradingView.Desktop_2.2.0.4011_x64__n534cwy3pjxzj [2023-02-20] (TradingView, Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2070184238-1747943612-3790908667-1005_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-12] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-12] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2023-02-06 09:32 - 2023-02-06 09:32 - 001936896 _____ (Greenshot) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\26cce9d4b609ec43ed00cbf3c6b88e4a\GreenshotPlugin.ni.dll
2022-08-13 13:21 - 2022-07-15 15:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2023-02-06 09:32 - 2023-02-06 09:32 - 000740352 _____ (The Apache Software Foundation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\f7cc9a776e6a6bc95dd23b013a64afe9\log4net.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2022-02-25] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2022-02-25] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2022-07-05 07:54 - 000001252 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 genuine.adobe.com
127.0.0.1 prod.adobegenuine.com
127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com
127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\irena\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{611462EF-46D0-43CD-B3CB-8404FEF81CE8}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{42FD56AA-6E90-4473-9DF5-4ED78D2A4946}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{6227BD5D-0D3C-4DAD-9935-D6E5F7FEB506}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{6EF08891-39FC-4C40-82A8-42033F26CC4D}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{14BA9F91-1DAE-4E05-8ED6-1D9F2471A170}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe () [File not signed]
FirewallRules: [UDP Query User{A184B30D-4729-4C62-9364-9D36853CB44F}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe () [File not signed]
FirewallRules: [{439B97E7-5047-479F-9553-B7E473E493F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3BE9DA2-597B-465D-A9C2-40C9B09FAB18}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{43D44344-A207-4C63-B3D5-6CF56C04470C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2F2059EB-F6DA-4FD9-8B93-34B7918F320A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F2FF74CC-7E4E-4F5F-AE62-0CBC7270C9A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13AD6FC1-2A21-4599-9660-B64B80CB9BB4}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{6B7E814C-A2EF-4BCA-9D5D-861DE1D28191}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{905F7C25-12D5-4335-9CF4-77EEF08364C3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
24-02-2023 16:36:20 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Kompatibilní myš PS/2
Description: Kompatibilní myš PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (02/22/2023 07:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.
Operace:
Spouštění asynchronní operace
Kontext:
Aktuální stav: DoSnapshotSet
Error: (02/22/2023 07:21:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {81af5e4f-ccfc-4931-a793-e397b1c8f1fd}
Error: (02/19/2023 11:23:23 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD SERIÁLY (F:), protože: Tato operace není v tomto systému souborů podporována. (0x89000020)
Error: (02/19/2023 11:23:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD Záloha (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (02/18/2023 02:57:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WaaSMedicAgent.exe, verze: 10.0.19041.2311, časové razítko: 0x14a2eb36
Název chybujícího modulu: WaaSMedicCapsule.dll, verze: 10.0.19041.2311, časové razítko: 0x43f44a88
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000018109
ID chybujícího procesu: 0x3fbe0
Čas spuštění chybující aplikace: 0x01d943a0a49a49af
Cesta k chybující aplikaci: C:\Windows\System32\WaaSMedicAgent.exe
Cesta k chybujícímu modulu: C:\Windows\System32\WaaSMedicCapsule.dll
ID zprávy: e2c5b8f0-d60d-4e7d-8210-7910f6a8b557
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (02/17/2023 05:03:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2019.19071.12540.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 9c64
Čas spuštění: 01d93f09f94ba17e
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
ID hlášení: 1e89f832-d0cc-41e6-8354-3fdacefe7d35
Úplný název balíčku s chybou: Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe
ID aplikace relativní podle balíčku s chybou: App
Typ zablokování: Quiesce
Error: (02/15/2023 04:04:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddWin32ServiceFiles: Unable to back up image of service wuauserv since QueryServiceConfig API failed
System Error:
Systém nemůže nalézt uvedený soubor.
.
Error: (02/15/2023 04:04:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.
Details:
AddWin32ServiceFiles: Unable to back up image of service WaaSMedicSvc since QueryServiceConfig API failed
System Error:
Systém nemůže nalézt uvedený soubor.
.
System errors:
=============
Error: (02/24/2023 04:49:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/24/2023 04:49:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/24/2023 04:49:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba UsoSvc byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/24/2023 04:49:12 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {B91D5831-B1BD-4608-8198-D72E155020F7} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/24/2023 04:47:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/24/2023 04:47:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/24/2023 04:47:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba UsoSvc byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/24/2023 04:47:12 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {B91D5831-B1BD-4608-8198-D72E155020F7} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2023-02-12 13:41:10
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/r77Rootkit.A!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe; amsi:_\Device\HarddiskVolume1\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:41:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/r77Rootkit.A!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:34:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casur.A!cl
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Jts\charts\chrome.exe
Původ detekce: Neznámý
Typ detekce: FastPath
Zdroj detekce: AMSI
Uživatel: IRENA-PC\irena
Název procesu: C:\Jts\charts\chrome.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:34:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casur.A!cl
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Jts\charts\chrome.exe
Původ detekce: Neznámý
Typ detekce: FastPath
Zdroj detekce: AMSI
Uživatel: IRENA-PC\irena
Název procesu: C:\Jts\charts\chrome.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:34:45
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/Malgent!MSR
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Jts\charts\chrome.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: IRENA-PC\irena
Název procesu: C:\Jts\charts\chrome.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Event[0]:
Date: 2023-02-12 08:08:53
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3400.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-11 08:57:21
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3400.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-10 15:30:30
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3318.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-08 15:44:39
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3200.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-07 18:17:41
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3200.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
CodeIntegrity:
===============
Date: 2023-02-24 16:49:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2023-02-24 16:49:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: HP N03 Ver. 02.47 04/28/2020
Motherboard: HP 8061
Processor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 43%
Total physical RAM: 12184.58 MB
Available physical RAM: 6866.43 MB
Total Virtual: 21912.58 MB
Available Virtual: 16560 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:119.24 GB) (Free:16.01 GB) (Model: SAMSUNG SSD PM810 2.5" 7mm 128GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DISK) (Fixed) (Total:1863.02 GB) (Free:1386.84 GB) (Model: ST2000DM008-2FR102) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:3.2 GB) (Model: TOSHIBA MQ01ABF050 SCSI Disk Device) NTFS
Drive f: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:52.77 GB) (Model: TOSHIBA MQ04ABD200 USB Device) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: FE7BD535)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 0F750527)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=FAT32)
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118238
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Tady je log.
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-26-2023
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.2486)
# Cleaned: 20
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\irena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Downloader.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\1354b1e6f7bfcee09772e1183a700efc
Deleted HKCU\SOFTWARE\851a28f640fed99243cbd8b85123ecb1
Deleted HKCU\SOFTWARE\872c1a6ae59a3560c16a206519d976dfa40acbc7
Deleted HKCU\SOFTWARE\b95e18112c446fb12ac7ee9174b305d1b29d506f
Deleted HKCU\SOFTWARE\f20bc02dcc61b2f9e598c806e1ff199b
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted MyStart Search
Deleted MyStart Search
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\irena\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3370 octets] - [26/02/2023 07:56:20]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-26-2023
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.2486)
# Cleaned: 20
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\irena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Media Downloader.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\1354b1e6f7bfcee09772e1183a700efc
Deleted HKCU\SOFTWARE\851a28f640fed99243cbd8b85123ecb1
Deleted HKCU\SOFTWARE\872c1a6ae59a3560c16a206519d976dfa40acbc7
Deleted HKCU\SOFTWARE\b95e18112c446fb12ac7ee9174b305d1b29d506f
Deleted HKCU\SOFTWARE\f20bc02dcc61b2f9e598c806e1ff199b
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted MyStart Search
Deleted MyStart Search
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\irena\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3370 octets] - [26/02/2023 07:56:20]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118238
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Nové logy z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2023
Ran by irena (administrator) on IRENA-PC (HP HP ProDesk 400 G3 MT) (26-02-2023 11:18:06)
Running from C:\Users\irena\Desktop
Loaded Profiles: irena
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2486 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <18>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(explorer.exe ->) (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Lespeed Technology Co., Ltd -> WiseCleaner.COM) C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-09-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38966072 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [MicrosoftEdgeAutoLaunch_F46C44FF1D6C46FBDCA7A2B3ED8E915D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [GoogleChromeAutoLaunch_7EE3BDFEE45835C637F9FFAAED466373] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3288344 2023-02-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [GoogleChromeAutoLaunch_55E020A4BD8672A218223936965978A1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3354928 2023-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\RunOnce: [Application Restart #3] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3354928 2023-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3354928 2023-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\110.0.5481.177\Installer\chrmstp.exe [2023-02-22] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\110.1.48.171\Installer\chrmstp.exe [2023-02-24] (Brave Software, Inc. -> Brave Software, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {031BF6B4-6E50-47D5-B467-A01EB8C1BF07} - System32\Tasks\brave => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {079890DC-936C-4AD0-A698-F101C5750860} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-02-25] (HP Inc. -> HP Inc.)
Task: {09295649-8B94-4452-AB01-E97AA47E326D} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (No File)
Task: {09E3572C-BE10-4DCB-A3A2-DA3029E71C54} - System32\Tasks\NetworkCap => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {0D8AD2F5-88F7-48AF-85BD-FF1A936D102F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {17A4A448-95BA-4E02-8305-72240D2A2D07} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114624 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {20DC48AB-583E-4FAD-BC0C-A336E8BA61AA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2023-02-08] (Piriform Software Ltd -> Piriform)
Task: {2C20620D-AFA0-46D6-BEEC-A9DDFBA4503E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2CC198E7-6B84-494B-AEAC-DC5EA34972A0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114624 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {32FE47AA-276F-49B3-8704-F955D80E39E8} - System32\Tasks\TradingViewT => C:\TempFiles\TradingView.exe (No File)
Task: {36FE711C-21CD-4FBA-BF95-515F4C6CF8E6} - System32\Tasks\WiseAutoShutdownW => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {3718A993-AB75-46E1-B72D-20A66F998FE5} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2070184238-1747943612-3790908667-1001 => C:\Users\irena\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {4D304283-BBF4-4133-94EC-D97CB0124E79} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703544 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "8d7f463d-5e7b-48ca-b47d-c652327b884a" --version "6.09.10300" --silent
Task: {4E2DDB6F-AB59-4552-8D12-50172DCB3631} - System32\Tasks\CCleanerSkipUAC - irena => C:\Program Files\CCleaner\CCleaner.exe [32631096 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {567A7373-471A-44D6-B817-574B638CF299} - System32\Tasks\TradingView => C:\TempFiles\TradingView.exe (No File)
Task: {5EE68865-E10D-4BFB-BF31-A93A483FACD8} - System32\Tasks\MoUsoCoreWorker => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {60A6AFFC-122F-4087-BA66-52D2A9184FBA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5142728 2023-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {6EED149D-D857-4993-9255-7F6D2F5A3C5A} - System32\Tasks\MoUsoCoreWorkerM => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {74443067-81F3-4AFD-9D96-30A02E5F70E1} - System32\Tasks\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {7A59BF77-2788-4A74-931E-AA6290B706C2} - System32\Tasks\Wise Auto Shutdown Task.job => C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe -a
Task: {7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63} - System32\Tasks\Telegram => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {7CD1F9B1-16DC-48CF-BFE1-6F76291170A6} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {83EE8549-E7A6-46BE-96FE-C360ABAE4BFA} - System32\Tasks\DiagsCapD => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {87A1A0CD-648E-4BF1-947A-453D7819AA6E} - System32\Tasks\DiagsCap => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {B91F227A-B60B-42E2-94EE-97CE28BBCD4F} - System32\Tasks\TelegramT => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {BBE4AC99-E096-444F-87E2-CB4D672C7406} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {CDF41241-7111-46E7-A1DE-BE50E0E5E263} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D70B331F-38F1-44BF-BC00-A7433E44AAA6} - System32\Tasks\WiseAutoShutdown => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {D8E8E802-C796-4DA7-90CC-0454FDD444D4} - System32\Tasks\NetworkCapN => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {DE2CE02B-1A0B-403A-8193-9C60869286E6} - System32\Tasks\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {E20A3AFB-8CC9-470D-A1B1-6F01AB135580} - System32\Tasks\braveb => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {E582FCA5-AFFB-4881-8A9D-D5D8C3934614} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EE02F67B-7191-4164-98C6-1C36DC5F0785} - System32\Tasks\chromec => C:\Jts\charts\chrome.exe (No File)
Task: {F665D6FF-64AD-4902-8915-45AE34F0C993} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6DD334E-5AE3-46CA-89F7-61C7692ED3DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FC93DF02-6FF3-4272-9E59-17D18B556BE3} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEF0CF95-C93C-42B8-9775-47133AE05ACD} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2070184238-1747943612-3790908667-1005 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6edc9e38-bba7-4885-9417-eab4e54ca450}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\irena\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-26]
Edge Extension: (SerpClix ClickSense) - C:\Users\irena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bamgnhpbgpandihbdankcohicepdpoim [2023-01-29]
Edge Profile: C:\Users\irena\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-02-22]
Edge HomePage: Profile 1 -> hxxps://www.seznam.cz/
Edge StartupUrls: Profile 1 -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2070184238-1747943612-3790908667-1005: tdameritrade.com/thinkorswim -> C:\Users\irena\AppData\Local\thinkorswim\npthinkorswim.dll [2023-01-01] (TD Ameritrade, Inc -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-2070184238-1747943612-3790908667-1005: tdameritrade.com/tossc -> C:\Users\irena\AppData\Local\thinkorswim\nptossc.dll [2023-01-01] (TD Ameritrade, Inc -> TD Ameritrade)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default [2023-02-26]
CHR Notifications: Default -> hxxps://app.deriv.com; hxxps://kfc.cz; hxxps://roboforex.com; hxxps://satuhu.com; hxxps://stockstrader.roboforex.com; hxxps://www.bybit.com; hxxps://www.facebook.com; hxxps://www.filehorse.com; hxxps://www.netflix.com; hxxps://www.telemundo.com; hxxps://www.tradingview.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2022-04-10]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-01-22]
CHR Extension: (Image Downloader) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2022-10-20]
CHR Extension: (Bezplatná VPN pro Chrome - VPN proxy pomocí 1clickVPN) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfhplploccackoneaefokcmbjfbkenj [2023-02-12]
CHR Extension: (video downloader - CocoCut) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gddbgllpilhpnjpkdbopahnpealaklle [2022-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-31]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-02-22]
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2022-10-20]
CHR Extension: (DotVPN — Unlock the Web with VPN for Chrome) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2023-01-31]
CHR Extension: (Video DownloadHelper) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-10-20]
CHR Extension: (Live Stream Downloader) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-01-31]
CHR Extension: (Google Hangouts) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-15]
CHR Extension: (MetaMask) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-02-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-09]
CHR Extension: (SS TV Remote) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2022-04-10]
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-02-25]
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-05]
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-25]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
Brave:
=======
BRA Profile: C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-02-26]
BRA Notifications: Default -> hxxps://www.netflix.com
BRA Extension: (Easy Auto Refresh) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2022-04-10]
BRA Extension: (Překladač Google) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-04-10]
BRA Extension: (Safe Torrent Scanner) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-01-07]
BRA Extension: (Just Black) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2022-04-10]
BRA Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-01-26]
BRA Extension: (Image Downloader) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2022-10-20]
BRA Extension: (My O'Reilly Downloader) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\deebiaolijlopiocielojiipnpnaldlk [2023-01-11]
BRA Extension: (Open Subtitles) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gbagdbjhcmodnokmjfhkhagnhgmmpgan [2023-01-07]
BRA Extension: (video downloader - CocoCut) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gddbgllpilhpnjpkdbopahnpealaklle [2022-10-12]
BRA Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-02-22]
BRA Extension: (Download Master - Free Download Manager) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\laepcndcehndnjndpfjdcdgbneoimdgg [2023-01-31]
BRA Extension: (Video DownloadHelper) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-10-13]
BRA Extension: (Live Stream Downloader) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-02-02]
BRA Extension: (Google Hangouts) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-15]
BRA Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2023-02-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-02-26]
BRA Extension: (Brave NTP background images) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-13]
BRA Extension: (Wallet Data Files Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-02-22]
BRA Extension: (Brave Ad Block Updater (Easylist-Cookie List - Filter Obtrusive Cookie Notices (plaintext))) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-02-26]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-12-07]
BRA Extension: (Brave NTP sponsored images) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2023-02-26]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-01-13]
BRA Extension: (Brave Ads Resources) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\iejekkikpddbbockoldagmfcdbffomfc [2023-01-26]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-02-26]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-04-10]
BRA Extension: (Brave Ad Block Updater (Easylist-Cookie List - Filter Obtrusive Cookie Notices)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfgnenkkneohplacnfabidofpgcdpofm [2022-12-07]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2022-12-26]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak (plaintext))) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oegebjahecghlckbhkmojgnpcgdeajdi [2023-02-12]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2022-12-07]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-02-22]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1001272 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12554240 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 dosvc; C:\Windows\System32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dosvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncHelper.exe [3484544 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [761856 2022-02-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [760864 2022-02-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [756720 2022-02-24] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [760304 2022-02-24] (HP Inc. -> HP Inc.)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\OneDriveUpdaterService.exe [3854208 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 UsoSvc; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ANVSOFT_WaveExtensible; C:\Windows\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [63256 2018-08-29] (Comodo Security Solutions, Inc. -> COMODO)
R3 MpKsl44d44d46; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E63861D0-2F21-4E1B-9E96-7319D6A52848}\MpKslDrv.sys [214280 2023-02-26] (Microsoft Windows -> Microsoft Corporation)
R3 StnPport; C:\Windows\system32\DRIVERS\StnPport.sys [97280 2010-10-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 VBAudioVACMME; C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2023-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473336 2023-02-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-25] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-02-26 11:18 - 2023-02-26 11:18 - 000033402 _____ C:\Users\irena\Desktop\FRST.txt
2023-02-26 11:17 - 2023-02-26 11:17 - 000000000 ____D C:\Users\irena\Desktop\FRST-OlderVersion
2023-02-26 07:56 - 2023-02-26 07:57 - 000000000 ____D C:\AdwCleaner
2023-02-26 07:53 - 2023-02-26 07:53 - 008791352 _____ (Malwarebytes) C:\Users\irena\Desktop\adwcleaner.exe
2023-02-25 19:33 - 2023-02-25 19:33 - 000008544 _____ C:\Users\irena\Documents\cc_20230225_193338.reg
2023-02-24 16:43 - 2023-02-24 16:43 - 000000000 ___HD C:\$SysReset
2023-02-24 16:08 - 2023-02-24 16:08 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-02-24 15:32 - 2023-02-24 15:32 - 000001552 _____ C:\Users\irena\Downloads\Wureset Windows 10.zip
2023-02-24 15:32 - 2023-02-24 15:32 - 000000000 ____D C:\Users\irena\Downloads\Wureset Windows 10
2023-02-24 15:16 - 2023-02-26 11:18 - 000000000 ____D C:\FRST
2023-02-24 15:11 - 2023-02-26 11:17 - 002378752 _____ (Farbar) C:\Users\irena\Desktop\FRST64.exe
2023-02-22 19:27 - 2023-02-22 19:27 - 000006946 _____ C:\Users\irena\Documents\cc_20230222_192717.reg
2023-02-21 17:22 - 2023-02-21 17:22 - 000054668 _____ C:\Users\irena\Downloads\90409 90328 5D M1100 CL1D1 CS TS plus 0.01 LBL 25p tstart tp2 eqt clp 1pct TRIAL.ex4
2023-02-14 15:15 - 2023-02-14 15:15 - 000030266 _____ C:\Users\irena\Downloads\Invoice9252085565.pdf
2023-02-12 13:37 - 2023-02-12 13:37 - 000000000 ____D C:\Users\irena\AppData\Local\mbam
2023-02-12 13:36 - 2023-02-12 13:36 - 002555248 _____ (Malwarebytes) C:\Users\irena\Downloads\MBSetup.exe
2023-02-12 13:35 - 2023-02-12 13:35 - 000004204 _____ C:\Users\irena\Documents\cc_20230212_133516.reg
2023-02-07 17:24 - 2023-02-07 17:24 - 004236458 _____ C:\Users\irena\Downloads\BANCOMAT-4.8.rar
2023-02-07 15:13 - 2023-02-08 17:27 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-02-06 13:34 - 2023-02-07 15:14 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-02-06 13:34 - 2023-02-07 15:14 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-06 13:34 - 2023-02-06 13:34 - 000000000 ___RD C:\Users\Default\OneDrive
2023-02-06 13:33 - 2023-02-06 13:33 - 000002540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-02-06 13:29 - 2023-02-23 20:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-02-06 13:29 - 2023-02-06 13:29 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-02-06 13:15 - 2023-02-06 13:15 - 000005198 _____ C:\Users\irena\Downloads\[SkT]Office_2013-2021_C2R_Install_v7.5.0.1_ _(x64).torrent
2023-02-05 14:32 - 2023-02-05 14:32 - 000009620 _____ C:\Users\irena\Documents\cc_20230205_143206.reg
2023-02-05 11:09 - 2023-02-05 11:47 - 000000000 ____D C:\Users\irena\AppData\Roaming\obs-studio
2023-02-05 11:09 - 2023-02-05 11:09 - 000000000 ____D C:\ProgramData\obs-studio-hook
2023-02-05 11:09 - 2023-02-05 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2023-02-05 11:09 - 2023-02-05 11:09 - 000000000 ____D C:\Program Files\obs-studio
2023-02-05 11:08 - 2023-02-05 11:09 - 000003596 _____ C:\Windows\system32\Tasks\DiagsCapD
2023-02-05 11:08 - 2023-02-05 11:08 - 000003566 _____ C:\Windows\system32\Tasks\TelegramT
2023-02-05 11:08 - 2023-02-05 11:08 - 000003556 _____ C:\Windows\system32\Tasks\WiseAutoShutdownW
2023-02-05 11:08 - 2023-02-05 11:08 - 000003528 _____ C:\Windows\system32\Tasks\NetworkCapN
2023-02-05 11:08 - 2023-02-05 11:08 - 000003524 _____ C:\Windows\system32\Tasks\TradingViewT
2023-02-05 11:08 - 2023-02-05 11:08 - 000003338 _____ C:\Windows\system32\Tasks\DiagsCap
2023-02-05 11:08 - 2023-02-05 11:08 - 000003306 _____ C:\Windows\system32\Tasks\Telegram
2023-02-05 11:08 - 2023-02-05 11:08 - 000003298 _____ C:\Windows\system32\Tasks\WiseAutoShutdown
2023-02-05 11:08 - 2023-02-05 11:08 - 000003270 _____ C:\Windows\system32\Tasks\NetworkCap
2023-02-05 11:08 - 2023-02-05 11:08 - 000003266 _____ C:\Windows\system32\Tasks\TradingView
2023-02-05 11:07 - 2023-02-05 11:07 - 000000000 ____D C:\Users\irena\Downloads\Freebitcoin_script
2023-02-05 11:06 - 2023-02-05 11:07 - 124828767 _____ C:\Users\irena\Downloads\Freebitcoin_script.rar
2023-02-05 10:25 - 2023-02-12 13:41 - 000000000 ____D C:\TempFiles
2023-02-05 10:25 - 2023-02-05 11:08 - 000003692 _____ C:\Windows\system32\Tasks\MoUsoCoreWorkerM
2023-02-05 10:25 - 2023-02-05 11:08 - 000003524 _____ C:\Windows\system32\Tasks\braveb
2023-02-05 10:25 - 2023-02-05 11:08 - 000003434 _____ C:\Windows\system32\Tasks\MoUsoCoreWorker
2023-02-05 10:25 - 2023-02-05 11:08 - 000003266 _____ C:\Windows\system32\Tasks\brave
2023-02-05 10:25 - 2023-02-05 10:25 - 000003506 _____ C:\Windows\system32\Tasks\chromec
2023-02-04 17:58 - 2023-02-04 17:58 - 000193750 _____ C:\Users\irena\Downloads\11 MEETING (1).pdf
2023-02-04 17:53 - 2023-02-04 17:53 - 000193750 _____ C:\Users\irena\Downloads\11 MEETING.pdf
2023-02-02 18:02 - 2023-02-02 18:02 - 005900951 _____ C:\Users\irena\Downloads\Text odstavce.mp4
2023-02-02 13:40 - 2023-02-02 13:40 - 095865638 _____ C:\Users\irena\Downloads\pexels-cottonbro-5909978.mp4
2023-02-02 12:50 - 2023-02-02 12:50 - 000844469 _____ C:\Users\irena\Downloads\ssstik.io_1675338634296.mp4
2023-02-01 14:40 - 2023-02-01 14:41 - 304723632 _____ C:\Users\irena\Downloads\513507577_mp4_h264_aac_hq_1 (480p_aac).mp4
2023-02-01 14:06 - 2023-02-01 14:06 - 000000000 ____D C:\Program Files\VB
2023-02-01 13:56 - 2023-02-01 14:42 - 000000000 ____D C:\Users\irena\AppData\Roaming\Subtitle Edit
2023-02-01 13:56 - 2023-02-01 13:56 - 000001925 _____ C:\Users\irena\Desktop\Subtitle Edit.lnk
2023-02-01 13:56 - 2023-02-01 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
2023-02-01 13:56 - 2023-02-01 13:56 - 000000000 ____D C:\Program Files\Subtitle Edit
2023-02-01 13:55 - 2023-02-01 13:55 - 010746997 _____ (Nikse ) C:\Users\irena\Downloads\SubtitleEdit-3.6.11-Setup.exe
2023-02-01 13:53 - 2023-02-01 13:53 - 000000000 ____D C:\Users\irena\Downloads\VBCABLE_Driver_Pack43
2023-02-01 13:53 - 2014-09-02 18:01 - 000041192 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vbaudio_cable64_win7.sys
2023-01-29 12:21 - 2023-01-29 12:21 - 090481740 _____ C:\Users\irena\Downloads\Netflix_9.0.6 build 17025_17025_69b433.apk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-02-26 11:02 - 2022-04-09 09:39 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-26 11:01 - 2022-04-09 08:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-26 10:46 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-26 08:08 - 2022-04-09 09:36 - 001605428 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-26 08:08 - 2019-12-07 15:43 - 000682184 _____ C:\Windows\system32\perfh005.dat
2023-02-26 08:08 - 2019-12-07 15:43 - 000137000 _____ C:\Windows\system32\perfc005.dat
2023-02-26 08:08 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-02-26 08:07 - 2022-06-05 11:45 - 000002340 _____ C:\Users\irena\Desktop\Irena - Chrome.lnk
2023-02-26 08:07 - 2022-04-14 16:35 - 000000000 ____D C:\Program Files\CCleaner
2023-02-26 08:03 - 2022-04-09 15:42 - 000000000 __SHD C:\Users\irena\IntelGraphicsProfiles
2023-02-26 08:03 - 2022-04-09 09:34 - 000000000 ____D C:\Intel
2023-02-26 08:03 - 2022-04-09 08:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-26 08:03 - 2022-04-09 08:30 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-26 08:02 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-02-26 07:57 - 2022-05-04 18:15 - 000000000 ____D C:\Users\irena\AppData\Roaming\Hewlett-Packard
2023-02-26 07:57 - 2022-05-04 18:14 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2023-02-26 07:57 - 2022-05-04 18:13 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2023-02-25 19:31 - 2022-04-21 07:53 - 000000000 ____D C:\ProgramData\FreeGrabApp
2023-02-25 19:30 - 2022-04-09 08:58 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-02-25 19:29 - 2022-08-01 11:43 - 000000000 ____D C:\Users\irena\AppData\Roaming\MetaQuotes
2023-02-25 19:29 - 2022-08-01 11:43 - 000000000 ____D C:\Program Files (x86)\MEX Atlantic MT4 Terminal
2023-02-25 19:28 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-02-25 16:03 - 2022-07-06 07:23 - 000000000 ____D C:\Users\irena\AppData\Roaming\Telegram Desktop
2023-02-25 08:49 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-25 08:49 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-02-25 07:53 - 2023-01-17 15:08 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-25 07:53 - 2022-04-09 08:58 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-24 21:05 - 2022-04-10 14:09 - 000002370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-02-24 21:05 - 2022-04-10 14:09 - 000002329 _____ C:\Users\Public\Desktop\Brave.lnk
2023-02-24 16:08 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-02-23 19:13 - 2022-04-21 13:43 - 000000000 ____D C:\Users\irena\AppData\Local\ElevatedDiagnostics
2023-02-22 21:03 - 2022-04-09 09:40 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-22 21:03 - 2022-04-09 09:40 - 000002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-02-22 19:27 - 2022-04-09 15:41 - 000000000 ____D C:\Users\irena
2023-02-22 19:25 - 2023-01-07 19:22 - 000000000 ____D C:\Users\irena\AppData\Roaming\utorrent
2023-02-22 15:13 - 2022-04-23 17:47 - 000002382 ____H C:\Users\irena\Documents\Default.rdp
2023-02-21 15:44 - 2022-04-09 15:44 - 000000000 ____D C:\Users\irena\AppData\Local\D3DSCache
2023-02-20 19:39 - 2022-09-20 14:12 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-02-20 19:38 - 2022-04-25 08:09 - 000002392 _____ C:\Users\irena\Desktop\Osobní - Edge.lnk
2023-02-20 19:38 - 2022-04-09 10:13 - 000000000 ____D C:\Temp
2023-02-14 15:02 - 2022-10-30 19:00 - 000003476 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-02-14 15:02 - 2022-04-14 16:35 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-02-12 13:40 - 2022-04-09 08:57 - 000461296 _____ C:\Windows\system32\FNTCACHE.DAT
2023-02-12 13:34 - 2022-04-09 09:29 - 000000000 ____D C:\Windows\SoftwareDistribution.bak
2023-02-09 15:00 - 2022-04-09 08:58 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 15:00 - 2022-04-09 08:58 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-07 15:14 - 2022-04-09 15:44 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2070184238-1747943612-3790908667-1005
2023-02-06 19:03 - 2022-04-09 09:40 - 000000000 ____D C:\Program Files\Google
2023-02-06 13:34 - 2022-04-09 19:29 - 000000000 ___RD C:\Users\irena\OneDrive
2023-02-06 13:29 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-02-05 14:30 - 2022-07-24 11:30 - 000000000 ____D C:\Users\irena\AppData\Local\CrashDumps
2023-02-05 14:30 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-02-05 14:22 - 2023-01-07 19:23 - 000000000 ____D C:\Users\irena\AppData\Local\BitTorrentHelper
2023-02-05 11:08 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\TAPI
2023-02-02 18:19 - 2022-04-10 16:01 - 000000000 ____D C:\Users\irena\AppData\Roaming\avidemux
2023-02-01 14:36 - 2022-04-10 16:10 - 000000000 ____D C:\Users\irena\AppData\Local\JDownloader 2.0
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by irena (26-02-2023 11:18:55)
Running from C:\Users\irena\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2486 (X64) (2022-04-09 08:29:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2070184238-1747943612-3790908667-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2070184238-1747943612-3790908667-503 - Limited - Disabled)
Guest (S-1-5-21-2070184238-1747943612-3790908667-501 - Limited - Disabled)
irena (S-1-5-21-2070184238-1747943612-3790908667-1005 - Administrator - Enabled) => C:\Users\irena
WDAGUtilityAccount (S-1-5-21-2070184238-1747943612-3790908667-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {3D9428CB-50D2-A37E-F90F-1D238F042427}
FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\uTorrent) (Version: 3.6.0.46674 - BitTorrent Inc.)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_2_2) (Version: 23.2.2.325 - Adobe Inc.)
Any Video Converter Ultimate 7.1.5 (HKLM-x32\...\Any Video Converter_is1) (Version: 7.1.5 - LRepacks)
Avidemux VC++ 64bits (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\{b330a3fa-6829-4a5a-ae3c-db60651c1483}) (Version: 2.8.0 - Mean)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 110.1.48.171 - Autoři prohlížeče Brave)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.78.1093 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 6.09 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.177 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
Intel(R) Chipset Device Software (HKLM\...\{4A121459-D3F8-4908-A474-96D45641E357}) (Version: 10.1.18243.8188 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{f3b1c211-1159-4262-bb97-84150cda9096}) (Version: 10.1.18243.8188 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{18ECCB13-1AAB-4366-B8CD-D78EDDDCB37E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2014.14.0.1540 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{5F3D379F-069B-4BBB-B7AA-CBDFA1877343}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{8FFDA2DD-9B70-4A8A-8ACD-CBF774D1885B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{047f2156-ee7f-4a24-b3c2-c0c5c2c81557}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft .NET Host - 6.0.4 (x64) (HKLM\...\{E8F68286-7C62-4E7D-A28F-277FFEBC2B9D}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.4 (x64) (HKLM\...\{51701D62-C986-4508-B423-5EFE6FF708B7}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.4 (x64) (HKLM\...\{BA6DD641-C766-473C-B70A-451F96F4D88B}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.56 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.56 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusVolume - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusVolume - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.007.0109.0004 - Microsoft Corporation)
Microsoft Project Professional 2016 - cs-cz (HKLM\...\ProjectProVolume - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProVolume - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{7F09DF2D-9B17-4E4D-B247-9AE0E918C32B}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{5213821B-E78E-4346-9CEC-8F6BA7D6F115}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visio Professional 2016 - cs-cz (HKLM\...\VisioProVolume - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProVolume - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM\...\{A0EC4CD9-836A-4D8B-BBD7-D5BC3902465C}) (Version: 48.19.39090 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM-x32\...\{73e5de3a-8f61-4a4a-ac84-0d7d5c9b9b5f}) (Version: 6.0.4.31115 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.1.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20200 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.2183 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.)
Subtitle Edit (HKLM\...\Subtitle Edit_is1) (Version: 3.6.11.0 - Nikse)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.69 - Synaptics Incorporated)
Telegram Desktop (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.6.2 - Telegram FZ-LLC)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Trader Workstation (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\5889-6375-8446-2021) (Version: latest (10.20.1h) 20230110 16:31:40 - Interactive Brokers LLC)
Ulož.to FileManager 2.92 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.92 - Uloz.to cloud a.s.)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Wise Auto Shutdown 2.0.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 2.0.2 - WiseCleaner.com, Inc.)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.14.42.0_x64__v10z8vjag6ke6 [2022-05-10] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad]
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-08-13] (INTEL CORP) [Startup Task]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2022-04-15] (Samsung Electronics Co. Ltd.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2022-04-09] (Skype)
TradingView -> C:\Program Files\WindowsApps\TradingView.Desktop_2.2.0.4011_x64__n534cwy3pjxzj [2023-02-20] (TradingView, Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2070184238-1747943612-3790908667-1005_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2023-02-06 09:32 - 2023-02-06 09:32 - 001936896 _____ (Greenshot) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\26cce9d4b609ec43ed00cbf3c6b88e4a\GreenshotPlugin.ni.dll
2022-08-13 13:21 - 2022-07-15 15:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2023-02-06 09:32 - 2023-02-06 09:32 - 000740352 _____ (The Apache Software Foundation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\f7cc9a776e6a6bc95dd23b013a64afe9\log4net.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2022-07-05 07:54 - 000001252 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 genuine.adobe.com
127.0.0.1 prod.adobegenuine.com
127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com
127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\irena\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{611462EF-46D0-43CD-B3CB-8404FEF81CE8}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{42FD56AA-6E90-4473-9DF5-4ED78D2A4946}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{6227BD5D-0D3C-4DAD-9935-D6E5F7FEB506}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{6EF08891-39FC-4C40-82A8-42033F26CC4D}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{14BA9F91-1DAE-4E05-8ED6-1D9F2471A170}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe () [File not signed]
FirewallRules: [UDP Query User{A184B30D-4729-4C62-9364-9D36853CB44F}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe () [File not signed]
FirewallRules: [{439B97E7-5047-479F-9553-B7E473E493F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3BE9DA2-597B-465D-A9C2-40C9B09FAB18}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{43D44344-A207-4C63-B3D5-6CF56C04470C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2F2059EB-F6DA-4FD9-8B93-34B7918F320A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F2FF74CC-7E4E-4F5F-AE62-0CBC7270C9A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{905F7C25-12D5-4335-9CF4-77EEF08364C3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2F50C9F6-9167-4F84-A29A-5BB5ED13E56F}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{3C112B7C-71AF-4289-8EC7-42B99E7D9F9D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.56\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
24-02-2023 16:36:20 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Kompatibilní myš PS/2
Description: Kompatibilní myš PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (02/26/2023 10:14:30 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD SERIÁLY (F:), protože: Tato operace není v tomto systému souborů podporována. (0x89000020)
Error: (02/26/2023 10:14:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD Záloha (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (02/25/2023 07:28:26 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.
Error: (02/22/2023 07:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.
Operace:
Spouštění asynchronní operace
Kontext:
Aktuální stav: DoSnapshotSet
Error: (02/22/2023 07:21:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {81af5e4f-ccfc-4931-a793-e397b1c8f1fd}
Error: (02/19/2023 11:23:23 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD SERIÁLY (F:), protože: Tato operace není v tomto systému souborů podporována. (0x89000020)
Error: (02/19/2023 11:23:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD Záloha (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (02/18/2023 02:57:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WaaSMedicAgent.exe, verze: 10.0.19041.2311, časové razítko: 0x14a2eb36
Název chybujícího modulu: WaaSMedicCapsule.dll, verze: 10.0.19041.2311, časové razítko: 0x43f44a88
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000018109
ID chybujícího procesu: 0x3fbe0
Čas spuštění chybující aplikace: 0x01d943a0a49a49af
Cesta k chybující aplikaci: C:\Windows\System32\WaaSMedicAgent.exe
Cesta k chybujícímu modulu: C:\Windows\System32\WaaSMedicCapsule.dll
ID zprávy: e2c5b8f0-d60d-4e7d-8210-7910f6a8b557
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (02/26/2023 11:20:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/26/2023 11:20:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/26/2023 11:18:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/26/2023 11:18:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/26/2023 11:16:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/26/2023 11:16:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/26/2023 11:14:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/26/2023 11:14:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2023-02-12 13:41:10
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/r77Rootkit.A!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe; amsi:_\Device\HarddiskVolume1\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:41:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/r77Rootkit.A!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:34:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casur.A!cl
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Jts\charts\chrome.exe
Původ detekce: Neznámý
Typ detekce: FastPath
Zdroj detekce: AMSI
Uživatel: IRENA-PC\irena
Název procesu: C:\Jts\charts\chrome.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:34:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casur.A!cl
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Jts\charts\chrome.exe
Původ detekce: Neznámý
Typ detekce: FastPath
Zdroj detekce: AMSI
Uživatel: IRENA-PC\irena
Název procesu: C:\Jts\charts\chrome.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:34:45
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/Malgent!MSR
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Jts\charts\chrome.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: IRENA-PC\irena
Název procesu: C:\Jts\charts\chrome.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Event[0]:
Date: 2023-02-25 19:44:54
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.383.639.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20000.2
Kód chyby: 0x80080005
Popis chyby: Provádění serveru selhalo
Date: 2023-02-12 08:08:53
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3400.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-11 08:57:21
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3400.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-10 15:30:30
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3318.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-08 15:44:39
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3200.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
CodeIntegrity:
===============
Date: 2023-02-26 11:16:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: HP N03 Ver. 02.47 04/28/2020
Motherboard: HP 8061
Processor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 43%
Total physical RAM: 12184.58 MB
Available physical RAM: 6840.45 MB
Total Virtual: 21400.58 MB
Available Virtual: 15930.65 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:119.24 GB) (Free:15.34 GB) (Model: SAMSUNG SSD PM810 2.5" 7mm 128GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DISK) (Fixed) (Total:1863.02 GB) (Free:1386.84 GB) (Model: ST2000DM008-2FR102) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:3.2 GB) (Model: TOSHIBA MQ01ABF050 SCSI Disk Device) NTFS
Drive f: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:52.77 GB) (Model: TOSHIBA MQ04ABD200 USB Device) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: FE7BD535)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 0F750527)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=FAT32)
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2023
Ran by irena (administrator) on IRENA-PC (HP HP ProDesk 400 G3 MT) (26-02-2023 11:18:06)
Running from C:\Users\irena\Desktop
Loaded Profiles: irena
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2486 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <18>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(explorer.exe ->) (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Lespeed Technology Co., Ltd -> WiseCleaner.COM) C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102816 2021-09-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38966072 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [MicrosoftEdgeAutoLaunch_F46C44FF1D6C46FBDCA7A2B3ED8E915D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [GoogleChromeAutoLaunch_7EE3BDFEE45835C637F9FFAAED466373] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [3288344 2023-02-21] (Google LLC -> Google LLC)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\Run: [GoogleChromeAutoLaunch_55E020A4BD8672A218223936965978A1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3354928 2023-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\RunOnce: [Application Restart #3] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3354928 2023-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [3354928 2023-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Print\Monitors\us008 Langmon: C:\Windows\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\110.0.5481.177\Installer\chrmstp.exe [2023-02-22] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\110.1.48.171\Installer\chrmstp.exe [2023-02-24] (Brave Software, Inc. -> Brave Software, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {031BF6B4-6E50-47D5-B467-A01EB8C1BF07} - System32\Tasks\brave => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {079890DC-936C-4AD0-A698-F101C5750860} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-02-25] (HP Inc. -> HP Inc.)
Task: {09295649-8B94-4452-AB01-E97AA47E326D} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (No File)
Task: {09E3572C-BE10-4DCB-A3A2-DA3029E71C54} - System32\Tasks\NetworkCap => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {0D8AD2F5-88F7-48AF-85BD-FF1A936D102F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {17A4A448-95BA-4E02-8305-72240D2A2D07} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114624 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {20DC48AB-583E-4FAD-BC0C-A336E8BA61AA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2023-02-08] (Piriform Software Ltd -> Piriform)
Task: {2C20620D-AFA0-46D6-BEEC-A9DDFBA4503E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2CC198E7-6B84-494B-AEAC-DC5EA34972A0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114624 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {32FE47AA-276F-49B3-8704-F955D80E39E8} - System32\Tasks\TradingViewT => C:\TempFiles\TradingView.exe (No File)
Task: {36FE711C-21CD-4FBA-BF95-515F4C6CF8E6} - System32\Tasks\WiseAutoShutdownW => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {3718A993-AB75-46E1-B72D-20A66F998FE5} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2070184238-1747943612-3790908667-1001 => C:\Users\irena\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (No File)
Task: {4D304283-BBF4-4133-94EC-D97CB0124E79} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703544 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "8d7f463d-5e7b-48ca-b47d-c652327b884a" --version "6.09.10300" --silent
Task: {4E2DDB6F-AB59-4552-8D12-50172DCB3631} - System32\Tasks\CCleanerSkipUAC - irena => C:\Program Files\CCleaner\CCleaner.exe [32631096 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {567A7373-471A-44D6-B817-574B638CF299} - System32\Tasks\TradingView => C:\TempFiles\TradingView.exe (No File)
Task: {5EE68865-E10D-4BFB-BF31-A93A483FACD8} - System32\Tasks\MoUsoCoreWorker => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {60A6AFFC-122F-4087-BA66-52D2A9184FBA} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5142728 2023-01-11] (Microsoft Windows -> Microsoft Corporation)
Task: {6EED149D-D857-4993-9255-7F6D2F5A3C5A} - System32\Tasks\MoUsoCoreWorkerM => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {74443067-81F3-4AFD-9D96-30A02E5F70E1} - System32\Tasks\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {7A59BF77-2788-4A74-931E-AA6290B706C2} - System32\Tasks\Wise Auto Shutdown Task.job => C:\Program Files (x86)\Wise\Wise Auto Shutdown\WiseAutoShutdown.exe -a
Task: {7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63} - System32\Tasks\Telegram => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {7CD1F9B1-16DC-48CF-BFE1-6F76291170A6} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {83EE8549-E7A6-46BE-96FE-C360ABAE4BFA} - System32\Tasks\DiagsCapD => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {87A1A0CD-648E-4BF1-947A-453D7819AA6E} - System32\Tasks\DiagsCap => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {B91F227A-B60B-42E2-94EE-97CE28BBCD4F} - System32\Tasks\TelegramT => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {BBE4AC99-E096-444F-87E2-CB4D672C7406} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {CDF41241-7111-46E7-A1DE-BE50E0E5E263} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D70B331F-38F1-44BF-BC00-A7433E44AAA6} - System32\Tasks\WiseAutoShutdown => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {D8E8E802-C796-4DA7-90CC-0454FDD444D4} - System32\Tasks\NetworkCapN => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {DE2CE02B-1A0B-403A-8193-9C60869286E6} - System32\Tasks\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {E20A3AFB-8CC9-470D-A1B1-6F01AB135580} - System32\Tasks\braveb => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {E582FCA5-AFFB-4881-8A9D-D5D8C3934614} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EE02F67B-7191-4164-98C6-1C36DC5F0785} - System32\Tasks\chromec => C:\Jts\charts\chrome.exe (No File)
Task: {F665D6FF-64AD-4902-8915-45AE34F0C993} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334600 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6DD334E-5AE3-46CA-89F7-61C7692ED3DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FC93DF02-6FF3-4272-9E59-17D18B556BE3} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {FEF0CF95-C93C-42B8-9775-47133AE05ACD} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2070184238-1747943612-3790908667-1005 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4184976 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6edc9e38-bba7-4885-9417-eab4e54ca450}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\irena\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-26]
Edge Extension: (SerpClix ClickSense) - C:\Users\irena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bamgnhpbgpandihbdankcohicepdpoim [2023-01-29]
Edge Profile: C:\Users\irena\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-02-22]
Edge HomePage: Profile 1 -> hxxps://www.seznam.cz/
Edge StartupUrls: Profile 1 -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2070184238-1747943612-3790908667-1005: tdameritrade.com/thinkorswim -> C:\Users\irena\AppData\Local\thinkorswim\npthinkorswim.dll [2023-01-01] (TD Ameritrade, Inc -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-2070184238-1747943612-3790908667-1005: tdameritrade.com/tossc -> C:\Users\irena\AppData\Local\thinkorswim\nptossc.dll [2023-01-01] (TD Ameritrade, Inc -> TD Ameritrade)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default [2023-02-26]
CHR Notifications: Default -> hxxps://app.deriv.com; hxxps://kfc.cz; hxxps://roboforex.com; hxxps://satuhu.com; hxxps://stockstrader.roboforex.com; hxxps://www.bybit.com; hxxps://www.facebook.com; hxxps://www.filehorse.com; hxxps://www.netflix.com; hxxps://www.telemundo.com; hxxps://www.tradingview.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://seznam.cz/","hxxp://www.google.cz/","hxxps://www.google.com ... oogle.com/"
CHR Extension: (Easy Auto Refresh) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2022-04-10]
CHR Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-01-22]
CHR Extension: (Image Downloader) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2022-10-20]
CHR Extension: (Bezplatná VPN pro Chrome - VPN proxy pomocí 1clickVPN) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfhplploccackoneaefokcmbjfbkenj [2023-02-12]
CHR Extension: (video downloader - CocoCut) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gddbgllpilhpnjpkdbopahnpealaklle [2022-10-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-31]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-02-22]
CHR Extension: (VPN Free - Betternet Unlimited VPN Proxy) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2022-10-20]
CHR Extension: (DotVPN — Unlock the Web with VPN for Chrome) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2023-01-31]
CHR Extension: (Video DownloadHelper) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-10-20]
CHR Extension: (Live Stream Downloader) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-01-31]
CHR Extension: (Google Hangouts) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-15]
CHR Extension: (MetaMask) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2023-02-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-04-09]
CHR Extension: (SS TV Remote) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\npciacphlpgklgcjgiamnmfjipjdkacf [2022-04-10]
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-02-25]
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\irena\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-05]
CHR Profile: C:\Users\irena\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-25]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
Brave:
=======
BRA Profile: C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-02-26]
BRA Notifications: Default -> hxxps://www.netflix.com
BRA Extension: (Easy Auto Refresh) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2022-04-10]
BRA Extension: (Překladač Google) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-04-10]
BRA Extension: (Safe Torrent Scanner) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-01-07]
BRA Extension: (Just Black) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2022-04-10]
BRA Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ciclollkolafellcaolgccmfjldgpolo [2023-01-26]
BRA Extension: (Image Downloader) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2022-10-20]
BRA Extension: (My O'Reilly Downloader) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\deebiaolijlopiocielojiipnpnaldlk [2023-01-11]
BRA Extension: (Open Subtitles) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gbagdbjhcmodnokmjfhkhagnhgmmpgan [2023-01-07]
BRA Extension: (video downloader - CocoCut) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gddbgllpilhpnjpkdbopahnpealaklle [2022-10-12]
BRA Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-02-22]
BRA Extension: (Download Master - Free Download Manager) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\laepcndcehndnjndpfjdcdgbneoimdgg [2023-01-31]
BRA Extension: (Video DownloadHelper) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2022-10-13]
BRA Extension: (Live Stream Downloader) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-02-02]
BRA Extension: (Google Hangouts) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2022-04-15]
BRA Extension: (Browsec VPN - Free VPN for Chrome) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2023-02-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-02-26]
BRA Extension: (Brave NTP background images) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-08-13]
BRA Extension: (Wallet Data Files Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-02-22]
BRA Extension: (Brave Ad Block Updater (Easylist-Cookie List - Filter Obtrusive Cookie Notices (plaintext))) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-02-26]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-12-07]
BRA Extension: (Brave NTP sponsored images) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2023-02-26]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-01-13]
BRA Extension: (Brave Ads Resources) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\iejekkikpddbbockoldagmfcdbffomfc [2023-01-26]
BRA Extension: (Brave Ad Block Updater (Default (plaintext))) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-02-26]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-04-10]
BRA Extension: (Brave Ad Block Updater (Easylist-Cookie List - Filter Obtrusive Cookie Notices)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfgnenkkneohplacnfabidofpgcdpofm [2022-12-07]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2022-12-26]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak (plaintext))) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oegebjahecghlckbhkmojgnpcgdeajdi [2023-02-12]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2022-12-07]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\irena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-02-22]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [165120 2022-04-10] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1001272 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12554240 2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 dosvc; C:\Windows\System32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dosvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncHelper.exe [3484544 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [761856 2022-02-24] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [760864 2022-02-24] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [756720 2022-02-24] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [760304 2022-02-24] (HP Inc. -> HP Inc.)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.007.0109.0004\OneDriveUpdaterService.exe [3854208 2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 UsoSvc; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ANVSOFT_WaveExtensible; C:\Windows\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )
R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [63256 2018-08-29] (Comodo Security Solutions, Inc. -> COMODO)
R3 MpKsl44d44d46; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E63861D0-2F21-4E1B-9E96-7319D6A52848}\MpKslDrv.sys [214280 2023-02-26] (Microsoft Windows -> Microsoft Corporation)
R3 StnPport; C:\Windows\system32\DRIVERS\StnPport.sys [97280 2010-10-26] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 VBAudioVACMME; C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2023-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473336 2023-02-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-25] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-02-26 11:18 - 2023-02-26 11:18 - 000033402 _____ C:\Users\irena\Desktop\FRST.txt
2023-02-26 11:17 - 2023-02-26 11:17 - 000000000 ____D C:\Users\irena\Desktop\FRST-OlderVersion
2023-02-26 07:56 - 2023-02-26 07:57 - 000000000 ____D C:\AdwCleaner
2023-02-26 07:53 - 2023-02-26 07:53 - 008791352 _____ (Malwarebytes) C:\Users\irena\Desktop\adwcleaner.exe
2023-02-25 19:33 - 2023-02-25 19:33 - 000008544 _____ C:\Users\irena\Documents\cc_20230225_193338.reg
2023-02-24 16:43 - 2023-02-24 16:43 - 000000000 ___HD C:\$SysReset
2023-02-24 16:08 - 2023-02-24 16:08 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-02-24 15:32 - 2023-02-24 15:32 - 000001552 _____ C:\Users\irena\Downloads\Wureset Windows 10.zip
2023-02-24 15:32 - 2023-02-24 15:32 - 000000000 ____D C:\Users\irena\Downloads\Wureset Windows 10
2023-02-24 15:16 - 2023-02-26 11:18 - 000000000 ____D C:\FRST
2023-02-24 15:11 - 2023-02-26 11:17 - 002378752 _____ (Farbar) C:\Users\irena\Desktop\FRST64.exe
2023-02-22 19:27 - 2023-02-22 19:27 - 000006946 _____ C:\Users\irena\Documents\cc_20230222_192717.reg
2023-02-21 17:22 - 2023-02-21 17:22 - 000054668 _____ C:\Users\irena\Downloads\90409 90328 5D M1100 CL1D1 CS TS plus 0.01 LBL 25p tstart tp2 eqt clp 1pct TRIAL.ex4
2023-02-14 15:15 - 2023-02-14 15:15 - 000030266 _____ C:\Users\irena\Downloads\Invoice9252085565.pdf
2023-02-12 13:37 - 2023-02-12 13:37 - 000000000 ____D C:\Users\irena\AppData\Local\mbam
2023-02-12 13:36 - 2023-02-12 13:36 - 002555248 _____ (Malwarebytes) C:\Users\irena\Downloads\MBSetup.exe
2023-02-12 13:35 - 2023-02-12 13:35 - 000004204 _____ C:\Users\irena\Documents\cc_20230212_133516.reg
2023-02-07 17:24 - 2023-02-07 17:24 - 004236458 _____ C:\Users\irena\Downloads\BANCOMAT-4.8.rar
2023-02-07 15:13 - 2023-02-08 17:27 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-02-06 13:34 - 2023-02-07 15:14 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-02-06 13:34 - 2023-02-07 15:14 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-06 13:34 - 2023-02-06 13:34 - 000000000 ___RD C:\Users\Default\OneDrive
2023-02-06 13:33 - 2023-02-06 13:33 - 000002540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2023-02-06 13:33 - 2023-02-06 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2023-02-06 13:29 - 2023-02-23 20:56 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-02-06 13:29 - 2023-02-06 13:29 - 000000000 ____D C:\Program Files\Microsoft Office 15
2023-02-06 13:15 - 2023-02-06 13:15 - 000005198 _____ C:\Users\irena\Downloads\[SkT]Office_2013-2021_C2R_Install_v7.5.0.1_ _(x64).torrent
2023-02-05 14:32 - 2023-02-05 14:32 - 000009620 _____ C:\Users\irena\Documents\cc_20230205_143206.reg
2023-02-05 11:09 - 2023-02-05 11:47 - 000000000 ____D C:\Users\irena\AppData\Roaming\obs-studio
2023-02-05 11:09 - 2023-02-05 11:09 - 000000000 ____D C:\ProgramData\obs-studio-hook
2023-02-05 11:09 - 2023-02-05 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2023-02-05 11:09 - 2023-02-05 11:09 - 000000000 ____D C:\Program Files\obs-studio
2023-02-05 11:08 - 2023-02-05 11:09 - 000003596 _____ C:\Windows\system32\Tasks\DiagsCapD
2023-02-05 11:08 - 2023-02-05 11:08 - 000003566 _____ C:\Windows\system32\Tasks\TelegramT
2023-02-05 11:08 - 2023-02-05 11:08 - 000003556 _____ C:\Windows\system32\Tasks\WiseAutoShutdownW
2023-02-05 11:08 - 2023-02-05 11:08 - 000003528 _____ C:\Windows\system32\Tasks\NetworkCapN
2023-02-05 11:08 - 2023-02-05 11:08 - 000003524 _____ C:\Windows\system32\Tasks\TradingViewT
2023-02-05 11:08 - 2023-02-05 11:08 - 000003338 _____ C:\Windows\system32\Tasks\DiagsCap
2023-02-05 11:08 - 2023-02-05 11:08 - 000003306 _____ C:\Windows\system32\Tasks\Telegram
2023-02-05 11:08 - 2023-02-05 11:08 - 000003298 _____ C:\Windows\system32\Tasks\WiseAutoShutdown
2023-02-05 11:08 - 2023-02-05 11:08 - 000003270 _____ C:\Windows\system32\Tasks\NetworkCap
2023-02-05 11:08 - 2023-02-05 11:08 - 000003266 _____ C:\Windows\system32\Tasks\TradingView
2023-02-05 11:07 - 2023-02-05 11:07 - 000000000 ____D C:\Users\irena\Downloads\Freebitcoin_script
2023-02-05 11:06 - 2023-02-05 11:07 - 124828767 _____ C:\Users\irena\Downloads\Freebitcoin_script.rar
2023-02-05 10:25 - 2023-02-12 13:41 - 000000000 ____D C:\TempFiles
2023-02-05 10:25 - 2023-02-05 11:08 - 000003692 _____ C:\Windows\system32\Tasks\MoUsoCoreWorkerM
2023-02-05 10:25 - 2023-02-05 11:08 - 000003524 _____ C:\Windows\system32\Tasks\braveb
2023-02-05 10:25 - 2023-02-05 11:08 - 000003434 _____ C:\Windows\system32\Tasks\MoUsoCoreWorker
2023-02-05 10:25 - 2023-02-05 11:08 - 000003266 _____ C:\Windows\system32\Tasks\brave
2023-02-05 10:25 - 2023-02-05 10:25 - 000003506 _____ C:\Windows\system32\Tasks\chromec
2023-02-04 17:58 - 2023-02-04 17:58 - 000193750 _____ C:\Users\irena\Downloads\11 MEETING (1).pdf
2023-02-04 17:53 - 2023-02-04 17:53 - 000193750 _____ C:\Users\irena\Downloads\11 MEETING.pdf
2023-02-02 18:02 - 2023-02-02 18:02 - 005900951 _____ C:\Users\irena\Downloads\Text odstavce.mp4
2023-02-02 13:40 - 2023-02-02 13:40 - 095865638 _____ C:\Users\irena\Downloads\pexels-cottonbro-5909978.mp4
2023-02-02 12:50 - 2023-02-02 12:50 - 000844469 _____ C:\Users\irena\Downloads\ssstik.io_1675338634296.mp4
2023-02-01 14:40 - 2023-02-01 14:41 - 304723632 _____ C:\Users\irena\Downloads\513507577_mp4_h264_aac_hq_1 (480p_aac).mp4
2023-02-01 14:06 - 2023-02-01 14:06 - 000000000 ____D C:\Program Files\VB
2023-02-01 13:56 - 2023-02-01 14:42 - 000000000 ____D C:\Users\irena\AppData\Roaming\Subtitle Edit
2023-02-01 13:56 - 2023-02-01 13:56 - 000001925 _____ C:\Users\irena\Desktop\Subtitle Edit.lnk
2023-02-01 13:56 - 2023-02-01 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
2023-02-01 13:56 - 2023-02-01 13:56 - 000000000 ____D C:\Program Files\Subtitle Edit
2023-02-01 13:55 - 2023-02-01 13:55 - 010746997 _____ (Nikse ) C:\Users\irena\Downloads\SubtitleEdit-3.6.11-Setup.exe
2023-02-01 13:53 - 2023-02-01 13:53 - 000000000 ____D C:\Users\irena\Downloads\VBCABLE_Driver_Pack43
2023-02-01 13:53 - 2014-09-02 18:01 - 000041192 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\vbaudio_cable64_win7.sys
2023-01-29 12:21 - 2023-01-29 12:21 - 090481740 _____ C:\Users\irena\Downloads\Netflix_9.0.6 build 17025_17025_69b433.apk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-02-26 11:02 - 2022-04-09 09:39 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-26 11:01 - 2022-04-09 08:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-02-26 10:46 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-26 08:08 - 2022-04-09 09:36 - 001605428 _____ C:\Windows\system32\PerfStringBackup.INI
2023-02-26 08:08 - 2019-12-07 15:43 - 000682184 _____ C:\Windows\system32\perfh005.dat
2023-02-26 08:08 - 2019-12-07 15:43 - 000137000 _____ C:\Windows\system32\perfc005.dat
2023-02-26 08:08 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-02-26 08:07 - 2022-06-05 11:45 - 000002340 _____ C:\Users\irena\Desktop\Irena - Chrome.lnk
2023-02-26 08:07 - 2022-04-14 16:35 - 000000000 ____D C:\Program Files\CCleaner
2023-02-26 08:03 - 2022-04-09 15:42 - 000000000 __SHD C:\Users\irena\IntelGraphicsProfiles
2023-02-26 08:03 - 2022-04-09 09:34 - 000000000 ____D C:\Intel
2023-02-26 08:03 - 2022-04-09 08:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-02-26 08:03 - 2022-04-09 08:30 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-26 08:02 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-02-26 07:57 - 2022-05-04 18:15 - 000000000 ____D C:\Users\irena\AppData\Roaming\Hewlett-Packard
2023-02-26 07:57 - 2022-05-04 18:14 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2023-02-26 07:57 - 2022-05-04 18:13 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2023-02-25 19:31 - 2022-04-21 07:53 - 000000000 ____D C:\ProgramData\FreeGrabApp
2023-02-25 19:30 - 2022-04-09 08:58 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-02-25 19:29 - 2022-08-01 11:43 - 000000000 ____D C:\Users\irena\AppData\Roaming\MetaQuotes
2023-02-25 19:29 - 2022-08-01 11:43 - 000000000 ____D C:\Program Files (x86)\MEX Atlantic MT4 Terminal
2023-02-25 19:28 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-02-25 16:03 - 2022-07-06 07:23 - 000000000 ____D C:\Users\irena\AppData\Roaming\Telegram Desktop
2023-02-25 08:49 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-25 08:49 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-02-25 07:53 - 2023-01-17 15:08 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-25 07:53 - 2022-04-09 08:58 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-24 21:05 - 2022-04-10 14:09 - 000002370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2023-02-24 21:05 - 2022-04-10 14:09 - 000002329 _____ C:\Users\Public\Desktop\Brave.lnk
2023-02-24 16:08 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-02-23 19:13 - 2022-04-21 13:43 - 000000000 ____D C:\Users\irena\AppData\Local\ElevatedDiagnostics
2023-02-22 21:03 - 2022-04-09 09:40 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-22 21:03 - 2022-04-09 09:40 - 000002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-02-22 19:27 - 2022-04-09 15:41 - 000000000 ____D C:\Users\irena
2023-02-22 19:25 - 2023-01-07 19:22 - 000000000 ____D C:\Users\irena\AppData\Roaming\utorrent
2023-02-22 15:13 - 2022-04-23 17:47 - 000002382 ____H C:\Users\irena\Documents\Default.rdp
2023-02-21 15:44 - 2022-04-09 15:44 - 000000000 ____D C:\Users\irena\AppData\Local\D3DSCache
2023-02-20 19:39 - 2022-09-20 14:12 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2023-02-20 19:38 - 2022-04-25 08:09 - 000002392 _____ C:\Users\irena\Desktop\Osobní - Edge.lnk
2023-02-20 19:38 - 2022-04-09 10:13 - 000000000 ____D C:\Temp
2023-02-14 15:02 - 2022-10-30 19:00 - 000003476 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2023-02-14 15:02 - 2022-04-14 16:35 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2023-02-12 13:40 - 2022-04-09 08:57 - 000461296 _____ C:\Windows\system32\FNTCACHE.DAT
2023-02-12 13:34 - 2022-04-09 09:29 - 000000000 ____D C:\Windows\SoftwareDistribution.bak
2023-02-09 15:00 - 2022-04-09 08:58 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 15:00 - 2022-04-09 08:58 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-07 15:14 - 2022-04-09 15:44 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2070184238-1747943612-3790908667-1005
2023-02-06 19:03 - 2022-04-09 09:40 - 000000000 ____D C:\Program Files\Google
2023-02-06 13:34 - 2022-04-09 19:29 - 000000000 ___RD C:\Users\irena\OneDrive
2023-02-06 13:29 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-02-05 14:30 - 2022-07-24 11:30 - 000000000 ____D C:\Users\irena\AppData\Local\CrashDumps
2023-02-05 14:30 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-02-05 14:22 - 2023-01-07 19:23 - 000000000 ____D C:\Users\irena\AppData\Local\BitTorrentHelper
2023-02-05 11:08 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\TAPI
2023-02-02 18:19 - 2022-04-10 16:01 - 000000000 ____D C:\Users\irena\AppData\Roaming\avidemux
2023-02-01 14:36 - 2022-04-10 16:10 - 000000000 ____D C:\Users\irena\AppData\Local\JDownloader 2.0
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by irena (26-02-2023 11:18:55)
Running from C:\Users\irena\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2486 (X64) (2022-04-09 08:29:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2070184238-1747943612-3790908667-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2070184238-1747943612-3790908667-503 - Limited - Disabled)
Guest (S-1-5-21-2070184238-1747943612-3790908667-501 - Limited - Disabled)
irena (S-1-5-21-2070184238-1747943612-3790908667-1005 - Administrator - Enabled) => C:\Users\irena
WDAGUtilityAccount (S-1-5-21-2070184238-1747943612-3790908667-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {3D9428CB-50D2-A37E-F90F-1D238F042427}
FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\uTorrent) (Version: 3.6.0.46674 - BitTorrent Inc.)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_2_2) (Version: 23.2.2.325 - Adobe Inc.)
Any Video Converter Ultimate 7.1.5 (HKLM-x32\...\Any Video Converter_is1) (Version: 7.1.5 - LRepacks)
Avidemux VC++ 64bits (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\{b330a3fa-6829-4a5a-ae3c-db60651c1483}) (Version: 2.8.0 - Mean)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 110.1.48.171 - Autoři prohlížeče Brave)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.78.1093 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 6.09 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.177 - Google LLC)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HandBrake 1.5.1 (HKLM-x32\...\HandBrake) (Version: 1.5.1 - )
Intel(R) Chipset Device Software (HKLM\...\{4A121459-D3F8-4908-A474-96D45641E357}) (Version: 10.1.18243.8188 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{f3b1c211-1159-4262-bb97-84150cda9096}) (Version: 10.1.18243.8188 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{18ECCB13-1AAB-4366-B8CD-D78EDDDCB37E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2014.14.0.1540 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{5F3D379F-069B-4BBB-B7AA-CBDFA1877343}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{8FFDA2DD-9B70-4A8A-8ACD-CBF774D1885B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{047f2156-ee7f-4a24-b3c2-c0c5c2c81557}) (Version: 1.60.155.0 - Intel Corporation) Hidden
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft .NET Host - 6.0.4 (x64) (HKLM\...\{E8F68286-7C62-4E7D-A28F-277FFEBC2B9D}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.4 (x64) (HKLM\...\{51701D62-C986-4508-B423-5EFE6FF708B7}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.4 (x64) (HKLM\...\{BA6DD641-C766-473C-B70A-451F96F4D88B}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.56 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.56 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusVolume - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusVolume - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.007.0109.0004 - Microsoft Corporation)
Microsoft Project Professional 2016 - cs-cz (HKLM\...\ProjectProVolume - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProVolume - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{7F09DF2D-9B17-4E4D-B247-9AE0E918C32B}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{5213821B-E78E-4346-9CEC-8F6BA7D6F115}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visio Professional 2016 - cs-cz (HKLM\...\VisioProVolume - cs-cz) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProVolume - en-us) (Version: 16.0.16026.20200 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM\...\{A0EC4CD9-836A-4D8B-BBD7-D5BC3902465C}) (Version: 48.19.39090 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM-x32\...\{73e5de3a-8f61-4a4a-ac84-0d7d5c9b9b5f}) (Version: 6.0.4.31115 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 28.1.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20200 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.2183 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.)
Subtitle Edit (HKLM\...\Subtitle Edit_is1) (Version: 3.6.11.0 - Nikse)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.69 - Synaptics Incorporated)
Telegram Desktop (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.6.2 - Telegram FZ-LLC)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Trader Workstation (HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\...\5889-6375-8446-2021) (Version: latest (10.20.1h) 20230110 16:31:40 - Interactive Brokers LLC)
Ulož.to FileManager 2.92 (64-bit) (HKLM\...\3f2e2cd28b0e4e4396c2402fbc85a0f0_is1) (Version: 2.92 - Uloz.to cloud a.s.)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Wise Auto Shutdown 2.0.2 (HKLM-x32\...\Wise Auto Shutdown_is1) (Version: 2.0.2 - WiseCleaner.com, Inc.)
Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.14.42.0_x64__v10z8vjag6ke6 [2022-05-10] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad]
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-08-13] (INTEL CORP) [Startup Task]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2022-04-09] (Microsoft Corporation) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2022-04-15] (Samsung Electronics Co. Ltd.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2022-04-09] (Skype)
TradingView -> C:\Program Files\WindowsApps\TradingView.Desktop_2.2.0.4011_x64__n534cwy3pjxzj [2023-02-20] (TradingView, Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2070184238-1747943612-3790908667-1005_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.007.0109.0004\FileSyncShell64.dll [2023-02-07] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-24] (Adobe Inc. -> )
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2023-02-06 09:32 - 2023-02-06 09:32 - 001936896 _____ (Greenshot) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\26cce9d4b609ec43ed00cbf3c6b88e4a\GreenshotPlugin.ni.dll
2022-08-13 13:21 - 2022-07-15 15:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2023-02-06 09:32 - 2023-02-06 09:32 - 000740352 _____ (The Apache Software Foundation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\f7cc9a776e6a6bc95dd23b013a64afe9\log4net.ni.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2023-02-23] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-06] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2022-07-05 07:54 - 000001252 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 genuine.adobe.com
127.0.0.1 prod.adobegenuine.com
127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com
127.0.0.1 bandicam.com
127.0.0.1 ssl.bandisoft.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2070184238-1747943612-3790908667-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\irena\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{611462EF-46D0-43CD-B3CB-8404FEF81CE8}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{42FD56AA-6E90-4473-9DF5-4ED78D2A4946}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{6227BD5D-0D3C-4DAD-9935-D6E5F7FEB506}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{6EF08891-39FC-4C40-82A8-42033F26CC4D}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{14BA9F91-1DAE-4E05-8ED6-1D9F2471A170}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe () [File not signed]
FirewallRules: [UDP Query User{A184B30D-4729-4C62-9364-9D36853CB44F}D:\filmy\seriály\telenovely\moonbot\moonbot.exe] => (Allow) D:\filmy\seriály\telenovely\moonbot\moonbot.exe () [File not signed]
FirewallRules: [{439B97E7-5047-479F-9553-B7E473E493F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3BE9DA2-597B-465D-A9C2-40C9B09FAB18}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{43D44344-A207-4C63-B3D5-6CF56C04470C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2F2059EB-F6DA-4FD9-8B93-34B7918F320A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F2FF74CC-7E4E-4F5F-AE62-0CBC7270C9A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{905F7C25-12D5-4335-9CF4-77EEF08364C3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2F50C9F6-9167-4F84-A29A-5BB5ED13E56F}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{3C112B7C-71AF-4289-8EC7-42B99E7D9F9D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.56\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
24-02-2023 16:36:20 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Kompatibilní myš PS/2
Description: Kompatibilní myš PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: ========================
Application errors:
==================
Error: (02/26/2023 10:14:30 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD SERIÁLY (F:), protože: Tato operace není v tomto systému souborů podporována. (0x89000020)
Error: (02/26/2023 10:14:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD Záloha (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (02/25/2023 07:28:26 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.
Error: (02/22/2023 07:21:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.
Operace:
Spouštění asynchronní operace
Kontext:
Aktuální stav: DoSnapshotSet
Error: (02/22/2023 07:21:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {81af5e4f-ccfc-4931-a793-e397b1c8f1fd}
Error: (02/19/2023 11:23:23 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD SERIÁLY (F:), protože: Tato operace není v tomto systému souborů podporována. (0x89000020)
Error: (02/19/2023 11:23:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na HDD Záloha (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (02/18/2023 02:57:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: WaaSMedicAgent.exe, verze: 10.0.19041.2311, časové razítko: 0x14a2eb36
Název chybujícího modulu: WaaSMedicCapsule.dll, verze: 10.0.19041.2311, časové razítko: 0x43f44a88
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000018109
ID chybujícího procesu: 0x3fbe0
Čas spuštění chybující aplikace: 0x01d943a0a49a49af
Cesta k chybující aplikaci: C:\Windows\System32\WaaSMedicAgent.exe
Cesta k chybujícímu modulu: C:\Windows\System32\WaaSMedicCapsule.dll
ID zprávy: e2c5b8f0-d60d-4e7d-8210-7910f6a8b557
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (02/26/2023 11:20:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/26/2023 11:20:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/26/2023 11:18:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/26/2023 11:18:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/26/2023 11:16:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/26/2023 11:16:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (02/26/2023 11:14:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (02/26/2023 11:14:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2023-02-12 13:41:10
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/r77Rootkit.A!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe; amsi:_\Device\HarddiskVolume1\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:41:08
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/r77Rootkit.A!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:34:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casur.A!cl
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Jts\charts\chrome.exe
Původ detekce: Neznámý
Typ detekce: FastPath
Zdroj detekce: AMSI
Uživatel: IRENA-PC\irena
Název procesu: C:\Jts\charts\chrome.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:34:46
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casur.A!cl
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Jts\charts\chrome.exe
Původ detekce: Neznámý
Typ detekce: FastPath
Zdroj detekce: AMSI
Uživatel: IRENA-PC\irena
Název procesu: C:\Jts\charts\chrome.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Date: 2023-02-12 13:34:45
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/Malgent!MSR
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: amsi:_\Device\HarddiskVolume1\Jts\charts\chrome.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: IRENA-PC\irena
Název procesu: C:\Jts\charts\chrome.exe
Verze bezpečnostních informací: AV: 1.381.3470.0, AS: 1.381.3470.0, NIS: 1.381.3470.0
Verze modulu: AM: 1.1.19900.2, NIS: 1.1.19900.2
Event[0]:
Date: 2023-02-25 19:44:54
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.383.639.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20000.2
Kód chyby: 0x80080005
Popis chyby: Provádění serveru selhalo
Date: 2023-02-12 08:08:53
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3400.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-11 08:57:21
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3400.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-10 15:30:30
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3318.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
Date: 2023-02-08 15:44:39
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3200.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80040154
Popis chyby: Třída není zaregistrována
CodeIntegrity:
===============
Date: 2023-02-26 11:16:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: HP N03 Ver. 02.47 04/28/2020
Motherboard: HP 8061
Processor: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
Percentage of memory in use: 43%
Total physical RAM: 12184.58 MB
Available physical RAM: 6840.45 MB
Total Virtual: 21400.58 MB
Available Virtual: 15930.65 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:119.24 GB) (Free:15.34 GB) (Model: SAMSUNG SSD PM810 2.5" 7mm 128GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DISK) (Fixed) (Total:1863.02 GB) (Free:1386.84 GB) (Model: ST2000DM008-2FR102) NTFS
Drive e: (HDD Záloha) (Fixed) (Total:465.76 GB) (Free:3.2 GB) (Model: TOSHIBA MQ01ABF050 SCSI Disk Device) NTFS
Drive f: (HDD SERIÁLY) (Fixed) (Total:1862.56 GB) (Free:52.77 GB) (Model: TOSHIBA MQ04ABD200 USB Device) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: FE7BD535)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 0F750527)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DD2566A6)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 055752AB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=FAT32)
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 118238
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
Task: {031BF6B4-6E50-47D5-B467-A01EB8C1BF07} - System32\Tasks\brave => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {09295649-8B94-4452-AB01-E97AA47E326D} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (No File)
Task: {09E3572C-BE10-4DCB-A3A2-DA3029E71C54} - System32\Tasks\NetworkCap => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {32FE47AA-276F-49B3-8704-F955D80E39E8} - System32\Tasks\TradingViewT => C:\TempFiles\TradingView.exe (No File)
Task: {36FE711C-21CD-4FBA-BF95-515F4C6CF8E6} - System32\Tasks\WiseAutoShutdownW => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {567A7373-471A-44D6-B817-574B638CF299} - System32\Tasks\TradingView => C:\TempFiles\TradingView.exe (No File)
Task: {5EE68865-E10D-4BFB-BF31-A93A483FACD8} - System32\Tasks\MoUsoCoreWorker => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {74443067-81F3-4AFD-9D96-30A02E5F70E1} - System32\Tasks\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {6EED149D-D857-4993-9255-7F6D2F5A3C5A} - System32\Tasks\MoUsoCoreWorkerM => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63} - System32\Tasks\Telegram => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {83EE8549-E7A6-46BE-96FE-C360ABAE4BFA} - System32\Tasks\DiagsCapD => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {87A1A0CD-648E-4BF1-947A-453D7819AA6E} - System32\Tasks\DiagsCap => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {B91F227A-B60B-42E2-94EE-97CE28BBCD4F} - System32\Tasks\TelegramT => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {D70B331F-38F1-44BF-BC00-A7433E44AAA6} - System32\Tasks\WiseAutoShutdown => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {D8E8E802-C796-4DA7-90CC-0454FDD444D4} - System32\Tasks\NetworkCapN => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {DE2CE02B-1A0B-403A-8193-9C60869286E6} - System32\Tasks\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {E20A3AFB-8CC9-470D-A1B1-6F01AB135580} - System32\Tasks\braveb => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {EE02F67B-7191-4164-98C6-1C36DC5F0785} - System32\Tasks\chromec => C:\Jts\charts\chrome.exe (No File)
S3 dosvc; C:\Windows\System32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dosvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
\Device\HarddiskVolume1\Jts\charts\chrome.exe
Hosts:
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by irena (26-02-2023 14:42:48) Run:1
Running from C:\Users\irena\Desktop
Loaded Profiles: irena
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {031BF6B4-6E50-47D5-B467-A01EB8C1BF07} - System32\Tasks\brave => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {09295649-8B94-4452-AB01-E97AA47E326D} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (No File)
Task: {09E3572C-BE10-4DCB-A3A2-DA3029E71C54} - System32\Tasks\NetworkCap => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {32FE47AA-276F-49B3-8704-F955D80E39E8} - System32\Tasks\TradingViewT => C:\TempFiles\TradingView.exe (No File)
Task: {36FE711C-21CD-4FBA-BF95-515F4C6CF8E6} - System32\Tasks\WiseAutoShutdownW => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {567A7373-471A-44D6-B817-574B638CF299} - System32\Tasks\TradingView => C:\TempFiles\TradingView.exe (No File)
Task: {5EE68865-E10D-4BFB-BF31-A93A483FACD8} - System32\Tasks\MoUsoCoreWorker => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {74443067-81F3-4AFD-9D96-30A02E5F70E1} - System32\Tasks\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {6EED149D-D857-4993-9255-7F6D2F5A3C5A} - System32\Tasks\MoUsoCoreWorkerM => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63} - System32\Tasks\Telegram => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {83EE8549-E7A6-46BE-96FE-C360ABAE4BFA} - System32\Tasks\DiagsCapD => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {87A1A0CD-648E-4BF1-947A-453D7819AA6E} - System32\Tasks\DiagsCap => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {B91F227A-B60B-42E2-94EE-97CE28BBCD4F} - System32\Tasks\TelegramT => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {D70B331F-38F1-44BF-BC00-A7433E44AAA6} - System32\Tasks\WiseAutoShutdown => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {D8E8E802-C796-4DA7-90CC-0454FDD444D4} - System32\Tasks\NetworkCapN => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {DE2CE02B-1A0B-403A-8193-9C60869286E6} - System32\Tasks\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {E20A3AFB-8CC9-470D-A1B1-6F01AB135580} - System32\Tasks\braveb => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {EE02F67B-7191-4164-98C6-1C36DC5F0785} - System32\Tasks\chromec => C:\Jts\charts\chrome.exe (No File)
S3 dosvc; C:\Windows\System32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dosvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
\Device\HarddiskVolume1\Jts\charts\chrome.exe
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{031BF6B4-6E50-47D5-B467-A01EB8C1BF07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{031BF6B4-6E50-47D5-B467-A01EB8C1BF07}" => removed successfully
C:\Windows\System32\Tasks\brave => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\brave" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09295649-8B94-4452-AB01-E97AA47E326D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09295649-8B94-4452-AB01-E97AA47E326D}" => removed successfully
C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09E3572C-BE10-4DCB-A3A2-DA3029E71C54}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E3572C-BE10-4DCB-A3A2-DA3029E71C54}" => removed successfully
C:\Windows\System32\Tasks\NetworkCap => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetworkCap" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32FE47AA-276F-49B3-8704-F955D80E39E8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32FE47AA-276F-49B3-8704-F955D80E39E8}" => removed successfully
C:\Windows\System32\Tasks\TradingViewT => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TradingViewT" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36FE711C-21CD-4FBA-BF95-515F4C6CF8E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36FE711C-21CD-4FBA-BF95-515F4C6CF8E6}" => removed successfully
C:\Windows\System32\Tasks\WiseAutoShutdownW => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseAutoShutdownW" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{567A7373-471A-44D6-B817-574B638CF299}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567A7373-471A-44D6-B817-574B638CF299}" => removed successfully
C:\Windows\System32\Tasks\TradingView => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TradingView" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EE68865-E10D-4BFB-BF31-A93A483FACD8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EE68865-E10D-4BFB-BF31-A93A483FACD8}" => removed successfully
C:\Windows\System32\Tasks\MoUsoCoreWorker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MoUsoCoreWorker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74443067-81F3-4AFD-9D96-30A02E5F70E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74443067-81F3-4AFD-9D96-30A02E5F70E1}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EED149D-D857-4993-9255-7F6D2F5A3C5A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EED149D-D857-4993-9255-7F6D2F5A3C5A}" => removed successfully
C:\Windows\System32\Tasks\MoUsoCoreWorkerM => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MoUsoCoreWorkerM" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63}" => removed successfully
C:\Windows\System32\Tasks\Telegram => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Telegram" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83EE8549-E7A6-46BE-96FE-C360ABAE4BFA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83EE8549-E7A6-46BE-96FE-C360ABAE4BFA}" => removed successfully
C:\Windows\System32\Tasks\DiagsCapD => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DiagsCapD" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87A1A0CD-648E-4BF1-947A-453D7819AA6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87A1A0CD-648E-4BF1-947A-453D7819AA6E}" => removed successfully
C:\Windows\System32\Tasks\DiagsCap => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DiagsCap" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B91F227A-B60B-42E2-94EE-97CE28BBCD4F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B91F227A-B60B-42E2-94EE-97CE28BBCD4F}" => removed successfully
C:\Windows\System32\Tasks\TelegramT => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TelegramT" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D70B331F-38F1-44BF-BC00-A7433E44AAA6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D70B331F-38F1-44BF-BC00-A7433E44AAA6}" => removed successfully
C:\Windows\System32\Tasks\WiseAutoShutdown => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseAutoShutdown" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8E8E802-C796-4DA7-90CC-0454FDD444D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8E8E802-C796-4DA7-90CC-0454FDD444D4}" => removed successfully
C:\Windows\System32\Tasks\NetworkCapN => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetworkCapN" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE2CE02B-1A0B-403A-8193-9C60869286E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE2CE02B-1A0B-403A-8193-9C60869286E6}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E20A3AFB-8CC9-470D-A1B1-6F01AB135580}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E20A3AFB-8CC9-470D-A1B1-6F01AB135580}" => removed successfully
C:\Windows\System32\Tasks\braveb => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\braveb" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE02F67B-7191-4164-98C6-1C36DC5F0785}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE02F67B-7191-4164-98C6-1C36DC5F0785}" => removed successfully
C:\Windows\System32\Tasks\chromec => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\chromec" => removed successfully
HKLM\System\CurrentControlSet\Services\dosvc => removed successfully
dosvc => service removed successfully
dosvc => service not found.
HKLM\System\CurrentControlSet\Services\UsoSvc => removed successfully
UsoSvc => service removed successfully
UsoSvc => service not found.
HKLM\System\CurrentControlSet\Services\wuauserv => removed successfully
wuauserv => service removed successfully
wuauserv => service not found.
\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe => Error: No automatic fix found for this entry.
\Device\HarddiskVolume1\Jts\charts\chrome.exe => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12812213 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 43602816 B
Edge => 0 B
Chrome => 267968097 B
Brave => 19449146 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1471830 B
systemprofile32 => 60932519 B
LocalService => 60992773 B
NetworkService => 70979059 B
irena => 108488469 B
RecycleBin => 2466992 B
EmptyTemp: => 620.3 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:43:10 ====
Ran by irena (26-02-2023 14:42:48) Run:1
Running from C:\Users\irena\Desktop
Loaded Profiles: irena
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {031BF6B4-6E50-47D5-B467-A01EB8C1BF07} - System32\Tasks\brave => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {09295649-8B94-4452-AB01-E97AA47E326D} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe --cistrayUI (No File)
Task: {09E3572C-BE10-4DCB-A3A2-DA3029E71C54} - System32\Tasks\NetworkCap => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {32FE47AA-276F-49B3-8704-F955D80E39E8} - System32\Tasks\TradingViewT => C:\TempFiles\TradingView.exe (No File)
Task: {36FE711C-21CD-4FBA-BF95-515F4C6CF8E6} - System32\Tasks\WiseAutoShutdownW => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {567A7373-471A-44D6-B817-574B638CF299} - System32\Tasks\TradingView => C:\TempFiles\TradingView.exe (No File)
Task: {5EE68865-E10D-4BFB-BF31-A93A483FACD8} - System32\Tasks\MoUsoCoreWorker => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {74443067-81F3-4AFD-9D96-30A02E5F70E1} - System32\Tasks\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {6EED149D-D857-4993-9255-7F6D2F5A3C5A} - System32\Tasks\MoUsoCoreWorkerM => C:\Windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\MoUsoCoreWorker.exe (No File)
Task: {7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63} - System32\Tasks\Telegram => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {83EE8549-E7A6-46BE-96FE-C360ABAE4BFA} - System32\Tasks\DiagsCapD => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {87A1A0CD-648E-4BF1-947A-453D7819AA6E} - System32\Tasks\DiagsCap => C:\Jts\fikooakmllbhhefjllahkahcaenbnbbiajclmfgk\sounds\DiagsCap.exe (No File)
Task: {B91F227A-B60B-42E2-94EE-97CE28BBCD4F} - System32\Tasks\TelegramT => C:\Program Files\Uninstall Information\Telegram.exe (No File)
Task: {D70B331F-38F1-44BF-BC00-A7433E44AAA6} - System32\Tasks\WiseAutoShutdown => C:\system.sav\logs\WiseAutoShutdown.exe (No File)
Task: {D8E8E802-C796-4DA7-90CC-0454FDD444D4} - System32\Tasks\NetworkCapN => C:\Recovery\Logs\NetworkCap.exe (No File)
Task: {DE2CE02B-1A0B-403A-8193-9C60869286E6} - System32\Tasks\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-04-09] (Google LLC -> Google LLC)
Task: {E20A3AFB-8CC9-470D-A1B1-6F01AB135580} - System32\Tasks\braveb => C:\Windows\Logs\NetSetup\brave.exe (No File)
Task: {EE02F67B-7191-4164-98C6-1C36DC5F0785} - System32\Tasks\chromec => C:\Jts\charts\chrome.exe (No File)
S3 dosvc; C:\Windows\System32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 dosvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 UsoSvc; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\system32\svchost.exe [55320 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\Windows\SysWOW64\svchost.exe [46504 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
\Device\HarddiskVolume1\Jts\charts\chrome.exe
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{031BF6B4-6E50-47D5-B467-A01EB8C1BF07}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{031BF6B4-6E50-47D5-B467-A01EB8C1BF07}" => removed successfully
C:\Windows\System32\Tasks\brave => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\brave" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09295649-8B94-4452-AB01-E97AA47E326D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09295649-8B94-4452-AB01-E97AA47E326D}" => removed successfully
C:\Windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09E3572C-BE10-4DCB-A3A2-DA3029E71C54}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E3572C-BE10-4DCB-A3A2-DA3029E71C54}" => removed successfully
C:\Windows\System32\Tasks\NetworkCap => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetworkCap" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32FE47AA-276F-49B3-8704-F955D80E39E8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32FE47AA-276F-49B3-8704-F955D80E39E8}" => removed successfully
C:\Windows\System32\Tasks\TradingViewT => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TradingViewT" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36FE711C-21CD-4FBA-BF95-515F4C6CF8E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36FE711C-21CD-4FBA-BF95-515F4C6CF8E6}" => removed successfully
C:\Windows\System32\Tasks\WiseAutoShutdownW => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseAutoShutdownW" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{567A7373-471A-44D6-B817-574B638CF299}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{567A7373-471A-44D6-B817-574B638CF299}" => removed successfully
C:\Windows\System32\Tasks\TradingView => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TradingView" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EE68865-E10D-4BFB-BF31-A93A483FACD8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EE68865-E10D-4BFB-BF31-A93A483FACD8}" => removed successfully
C:\Windows\System32\Tasks\MoUsoCoreWorker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MoUsoCoreWorker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74443067-81F3-4AFD-9D96-30A02E5F70E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74443067-81F3-4AFD-9D96-30A02E5F70E1}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{BE96FF2B-6355-4E26-ADAE-C0813264E720}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EED149D-D857-4993-9255-7F6D2F5A3C5A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EED149D-D857-4993-9255-7F6D2F5A3C5A}" => removed successfully
C:\Windows\System32\Tasks\MoUsoCoreWorkerM => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MoUsoCoreWorkerM" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BFEFF97-66BC-4A45-A0B7-4E0B172B6F63}" => removed successfully
C:\Windows\System32\Tasks\Telegram => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Telegram" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83EE8549-E7A6-46BE-96FE-C360ABAE4BFA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83EE8549-E7A6-46BE-96FE-C360ABAE4BFA}" => removed successfully
C:\Windows\System32\Tasks\DiagsCapD => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DiagsCapD" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87A1A0CD-648E-4BF1-947A-453D7819AA6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87A1A0CD-648E-4BF1-947A-453D7819AA6E}" => removed successfully
C:\Windows\System32\Tasks\DiagsCap => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DiagsCap" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B91F227A-B60B-42E2-94EE-97CE28BBCD4F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B91F227A-B60B-42E2-94EE-97CE28BBCD4F}" => removed successfully
C:\Windows\System32\Tasks\TelegramT => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TelegramT" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D70B331F-38F1-44BF-BC00-A7433E44AAA6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D70B331F-38F1-44BF-BC00-A7433E44AAA6}" => removed successfully
C:\Windows\System32\Tasks\WiseAutoShutdown => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseAutoShutdown" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8E8E802-C796-4DA7-90CC-0454FDD444D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8E8E802-C796-4DA7-90CC-0454FDD444D4}" => removed successfully
C:\Windows\System32\Tasks\NetworkCapN => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetworkCapN" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE2CE02B-1A0B-403A-8193-9C60869286E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE2CE02B-1A0B-403A-8193-9C60869286E6}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{F340680C-2CFD-4BC3-B542-35FE79A3A654}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E20A3AFB-8CC9-470D-A1B1-6F01AB135580}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E20A3AFB-8CC9-470D-A1B1-6F01AB135580}" => removed successfully
C:\Windows\System32\Tasks\braveb => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\braveb" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE02F67B-7191-4164-98C6-1C36DC5F0785}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE02F67B-7191-4164-98C6-1C36DC5F0785}" => removed successfully
C:\Windows\System32\Tasks\chromec => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\chromec" => removed successfully
HKLM\System\CurrentControlSet\Services\dosvc => removed successfully
dosvc => service removed successfully
dosvc => service not found.
HKLM\System\CurrentControlSet\Services\UsoSvc => removed successfully
UsoSvc => service removed successfully
UsoSvc => service not found.
HKLM\System\CurrentControlSet\Services\wuauserv => removed successfully
wuauserv => service removed successfully
wuauserv => service not found.
\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe => Error: No automatic fix found for this entry.
\Device\HarddiskVolume1\Jts\charts\chrome.exe => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12812213 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 43602816 B
Edge => 0 B
Chrome => 267968097 B
Brave => 19449146 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1471830 B
systemprofile32 => 60932519 B
LocalService => 60992773 B
NetworkService => 70979059 B
irena => 108488469 B
RecycleBin => 2466992 B
EmptyTemp: => 620.3 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:43:10 ====
-
Rudy
- Site Admin
- Příspěvky: 118238
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Smazáno. Jak to vypadá nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
PC již vypadá v pořádku, není žádný problém. Děkuji 
-
Rudy
- Site Admin
- Příspěvky: 118238
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?