Win32/OpenCandy

Zpráva

vlastas · #1 Příspěvek od **vlastas** » 02 kvě 2023 21:24

Ahoj prosím o kontrolu logu píše mi to, že se našla potenciálně nežádoucí aplikace PUA:Win32/OpenCandy. Děkuji.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2023
Ran by vlast (02-05-2023 21:44:20)
Running from C:\Users\vlast\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.2846 (X64) (2021-07-05 06:31:39)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4132436051-199185681-1240583427-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4132436051-199185681-1240583427-503 - Limited - Disabled)
Guest (S-1-5-21-4132436051-199185681-1240583427-501 - Limited - Disabled) => C:\Users\Guest
vlast (S-1-5-21-4132436051-199185681-1240583427-1001 - Administrator - Enabled) => C:\Users\vlast
WDAGUtilityAccount (S-1-5-21-4132436051-199185681-1240583427-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.001.20143 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Audacity 3.2.4 (HKLM\...\Audacity_is1) (Version: 3.2.4 - Audacity Team)
Bandicam (HKLM-x32\...\Bandicam) (Version: 5.1.1.1837 - Bandicam.com)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandicam.com)
EncSpot Pro 2.1 beta 1 (HKLM-x32\...\EncSpot Professional_is1) (Version: - GuerillaSoft)
Epson Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 2.0.4.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{26A9B753-4B5D-46D8-A329-5CEF96FC22D2}) (Version: 4.6.5 - Seiko Epson Corporation)
FFmpeg 5.0.0 for Audacity - x86_64 (HKLM\...\FFmpeg for Audacity_is1) (Version: - )
FVC Launcher 1.1.8 (HKLM-x32\...\{958C825E-694D-4316-A8A9-A5DB5CA27875}_is1) (Version: 1.1.8 - FVC Studio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 112.0.5615.138 - Google LLC)
Intel(R) Computing Improvement Program (HKLM\...\{318C30A1-C7AF-414E-890F-6345E6E0FD33}) (Version: 2.4.09084 - Intel Corporation)
Intel(R) SUR QC Software Asset Manager (HKLM\...\{B3804557-9824-4918-AA88-0DFAC94CD3B5}) (Version: 3.5.5033 - Intel Corporation) Hidden
MediaInfo 21.09 (HKLM\...\MediaInfo) (Version: 21.09 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 112.0.1722.64 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 112.0.1722.64 - Microsoft Corporation)
Microsoft Office Professional 2019 - cs-cz (HKLM\...\Professional2019Retail - cs-cz) (Version: 16.0.16327.20214 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\OneDriveSetup.exe) (Version: 23.081.0416.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mp3tag v3.18 (HKLM\...\Mp3tag) (Version: 3.18 - Florian Heidenreich)
MSVCRT Redists (HKLM\...\{24DB3A5E-0BC8-11E5-9A27-F04DA23A5C58}) (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (HKLM\...\{E83D6FA1-B27C-11E9-B0DB-A5146957F833}) (Version: 1.0 - MAGIX Computer Products Intl. Co.) Hidden
NVIDIA Ovladač 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.13.7500 - NVIDIA Corporation) Hidden
Odinstalace tiskárny EPSON L3250 Series (HKLM\...\EPSON L3250 Series) (Version: - Seiko Epson Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16327.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
TotalCMD by Marek410 (HKLM-x32\...\TotalCMD by Marek410) (Version: - )
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Zoner Photo Studio X CS (HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\ZPS X) (Version: 19.2209.2.415 - ZONER a.s.)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-09] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-04-11] (Microsoft Corporation)
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.94.6962.0_x64__8wekyb3d8bbwe [2023-04-20] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10126.517.0_x64__8wekyb3d8bbwe [2023-02-13] (Microsoft Corporation)
Picsart - Photo Studio -> C:\Program Files\WindowsApps\2FE3CB00.PICSART-PHOTOSTUDIO_10.12.0.0_x64__crhqpqs3x1ygc [2023-04-21] (PicsArt Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4132436051-199185681-1240583427-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-4132436051-199185681-1240583427-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\vlast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\54e4c98ff3d2e220\Bitwarden – Bezplatný správce hesel.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nngceckbapebfimnlniiiahkandclblb
ShortcutWithArgument: C:\Users\vlast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) =============

2021-09-09 21:19 - 2018-03-24 01:05 - 000880024 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2021-09-09 21:19 - 2018-03-24 01:05 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2023-02-24 23:02 - 2023-02-24 23:02 - 001600512 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2023-02-24 23:02 - 2023-02-24 23:02 - 002165760 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-05-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2023-02-22 20:21 - 000000853 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 account.zoner.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4132436051-199185681-1240583427-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\vlast\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
HKU\S-1-5-21-4132436051-199185681-1240583427-501\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_F993743CA8AD919610DC032EB5C17547"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{C7DC3151-3BE8-4EE9-80BA-EB4D2BACA34C}C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe => No File
FirewallRules: [UDP Query User{4FB08075-5759-47D0-9381-386064107736}C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe => No File
FirewallRules: [{A1A73A92-2EA7-4CF0-A695-B9918312E9E4}] => (Block) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe => No File
FirewallRules: [{3877FC35-0F3D-4245-A24C-944E0C4109A9}] => (Block) C:\users\vlast\appdata\local\temp\7zs7367\enterprisedu.exe => No File
FirewallRules: [TCP Query User{936F4FD6-CF56-4200-9804-8660B3762FC4}C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe => No File
FirewallRules: [UDP Query User{436BBB6F-2A4E-4DA0-AAC9-373D7EA460BF}C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe] => (Allow) C:\users\vlast\appdata\local\temp\7zs7cf6\enterprisedu.exe => No File
FirewallRules: [{FC0DC141-E686-4EB8-AFD0-B988A1A6415E}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{42A281F3-E661-4D77-9AAF-DA78E683C843}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{D2C236B5-52E5-40E1-80F5-017CA5EC004F}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{45A2A6C8-DB5A-429D-BEDF-BB71F98BBACE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{D450A6DE-610A-4971-9F51-22967A421FF8}] => (Allow) C:\Users\vlast\AppData\Local\Programs\Opera\79.0.4143.22\opera.exe => No File
FirewallRules: [{21C4E73A-3A5E-4331-9F93-D1EF2BDBCE3C}] => (Allow) C:\Users\vlast\AppData\Local\Programs\Opera\95.0.4635.46\opera.exe => No File
FirewallRules: [{7524EF32-9FBA-45D1-9AFB-D887F112CB08}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe => No File
FirewallRules: [{40E0B55B-0C27-4900-8EBE-E917E2B5E5FA}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe => No File
FirewallRules: [{93BE15A7-94A0-4457-A268-C1FB6228462A}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{F5E62583-A8DA-4DC7-A298-F3407A0EE2BF}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{194E0BB6-759A-4846-9DD0-FB3FDF6B9E00}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{929E4043-A2E3-4C2B-917B-CBC9C3C89683}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{84216400-2DC3-456F-B961-BFEFE621E135}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A660B8DA-1D0E-4D31-B420-F4E9A60D6C06}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3204.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{EAE59823-2598-4734-8833-7BF0D70A64FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3204.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{92E8814D-5C88-4B5A-AF47-4BA3FA6BED62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3204.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{FD4395CC-036B-40DA-884E-E2DDE63A6CCF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3204.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{96FCD703-6A6C-4DB5-8EDA-BDBD3039FA67}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.64\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D076CDE0-9563-4318-B459-3AD2C0905275}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

12-04-2023 14:29:53 Instalační služba modulů systému Windows
23-04-2023 12:23:09 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/02/2023 08:44:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.19041.2846 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 5930

Čas spuštění: 01d97d26036b9f89

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: 9f20b542-6bc7-4862-9a7e-14c80cb61cd8

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (04/27/2023 11:31:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/27/2023 11:30:48 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na \\?\Volume{2bf59d76-0000-0000-0000-100000000000}\, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/26/2023 03:21:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program vegas130.exe verze 13.0.0.453 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 4954

Čas spuštění: 01d97834c678e7bc

Čas ukončení: 49

Cesta k aplikaci: C:\Program Files\Sony\Vegas Pro 13.0\vegas130.exe

ID hlášení: 486d0de4-0d1b-454d-afa8-b5e6c9cae964

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Unknown

Error: (04/19/2023 07:59:41 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/19/2023 07:59:23 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na \\?\Volume{2bf59d76-0000-0000-0000-100000000000}\, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/17/2023 08:37:31 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MOJEPC)
Description: Aplikaci nebo službu Microsoft Office SDX Helper nelze ukončit.

Error: (04/15/2023 12:41:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

System errors:
=============
Error: (04/29/2023 06:50:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (04/29/2023 10:27:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRFHVQM-MICROSOFT.WINDOWSCOMMUNICATIONSAPPS.

Error: (04/28/2023 06:33:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (04/26/2023 03:01:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (04/26/2023 12:33:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba kontroly sítě v Antivirové ochraně v programu Microsoft Defender závisí na službě Systémový ovladač kontroly sítě v Antivirové ochraně v programu Microsoft Defender, která neuspěla při spuštění v důsledku následující chyby:
Služba nebyla spuštěna.

Error: (04/19/2023 07:23:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/04/2023 07:29:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (04/02/2023 01:26:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 1krát.

Windows Defender:
================
Date: 2023-05-02 19:20:41
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {49BE20B6-0F54-4F7B-9CCB-E9FF20AC2A76}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-05-01 20:14:06
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CBFCAB25-B505-45AA-ADF1-9D2C015AA1FB}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-04-29 19:29:01
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {95C514F5-7E4D-4A49-B501-059BEC9A3BCD}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-04-28 20:13:20
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {978840D7-08CA-4BAF-B78C-36C38009E2E2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-04-27 22:00:10
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {9DAA8C90-375B-446B-843F-1365BBE6687C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2023-04-27 11:30:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-04-13 12:16:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-03-31 11:51:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-03-17 16:05:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-16 12:12:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-07 13:55:04
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Award Software International, Inc. FD 02/21/2012
Motherboard: Gigabyte Technology Co., Ltd. P67A-D3-B3
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 48%
Total physical RAM: 8175.11 MB
Available physical RAM: 4239.43 MB
Total Virtual: 9455.11 MB
Available Virtual: 4188.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:145.44 GB) (Free:86.16 GB) (Model: ST1000DM003-9YN162 ATA Device) NTFS
Drive d: (Data) (Fixed) (Total:785.03 GB) (Free:679.55 GB) (Model: ST1000DM003-9YN162 ATA Device) NTFS

\\?\Volume{2bf59d76-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.54 GB) (Free:0.1 GB) NTFS
\\?\Volume{2bf59d76-0000-0000-0000-a07e24000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2BF59D76)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=145.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=518 MB) - (Type=27)
Partition 4: (Not Active) - (Size=785 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-05-2023
Ran by vlast (administrator) on MOJEPC (Gigabyte Technology Co., Ltd. P67A-D3-B3) (02-05-2023 21:41:41)
Running from C:\Users\vlast\Downloads\FRST64.exe
Loaded Profiles: vlast & Guest
Platform: Microsoft Windows 10 Pro Version 22H2 19045.2846 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <16>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.212\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.212\GoogleCrashHandler64.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYWE.EXE
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21422.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21422.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23032.186.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2212.31.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\backup\2710AA03-3B78-4419-BCF8-A5D311FE4EA0\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\vlast\AppData\Local\Microsoft\OneDrive\23.081.0416.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\Run: [MicrosoftEdgeAutoLaunch_F993743CA8AD919610DC032EB5C17547] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4139984 2023-04-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4132436051-199185681-1240583427-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIYWE.EXE [485976 2020-09-11] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-4132436051-199185681-1240583427-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\EPSON L3250 Series 64MonitorBE: C:\Windows\system32\E_YLMBYWE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\HP C711 Status Monitor: C:\Windows\system32\hpinkstsC711LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\112.0.5615.138\Installer\chrmstp.exe [2023-04-23] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {239D571E-3BEF-4637-987B-25712A7DF151} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {3ED87647-5C44-49E6-94C0-AA0A3159EE49} - System32\Tasks\Opera scheduled Autoupdate 1677826653 => C:\Users\vlast\AppData\Local\Programs\Opera\launcher.exe [2635208 2023-02-15] (Opera Norway AS -> Opera Software)
Task: {4A5C4E22-48DD-4D2F-8C7C-C7AF09107B60} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123792 2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {5540DBFF-1599-42EF-A305-750C56E0A608} - System32\Tasks\GoogleUpdateTaskMachineCore{74F45EE8-49A1-4C5F-81D8-EBD487945EE9} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {63C9F124-0B8D-4023-A919-901B801BBC37} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {693836E4-B0E8-42A6-A2AA-F9837EB11C08} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513320 2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {7222F6BC-56E5-48BF-B93D-83E7C8591531} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002480 2023-02-21] (Intel Corporation -> Intel Corporation)
Task: {7609EBFF-6EB1-494E-84F0-CA758BB5CC32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {820379EB-2BB9-4C8C-8012-89BC9CC84701} - System32\Tasks\GoogleUpdateTaskMachineUA{5140FE95-2A7D-4105-9F19-9F2B71B9D453} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-05] (Google LLC -> Google LLC)
Task: {89381EEB-3911-4107-AA19-FF685BF042DB} - System32\Tasks\Zoner.Updater.S-1-5-21-4132436051-199185681-1240583427-1001 => C:\ProgramData\Zoner\Zoner.Installer.Core\Updater.exe [1610560 2023-02-22] (ZONER a.s. -> ZONER a.s.)
Task: {B8195819-92C9-480F-8B5F-5598C3E6C170} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C9D5605C-83B9-48C7-B209-FA427B4B1E81} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123792 2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE60D6D8-1F3F-4062-A44D-EFDBF1BDDAC5} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002480 2023-02-21] (Intel Corporation -> Intel Corporation)
Task: {D8472A81-14EF-4865-B3EB-DD4F4FE49C81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {F3113AC2-67B3-44C9-9619-201FE7DD1064} - System32\Tasks\EPSON L3250 Series Update {6D9B395E-F831-4F80-9EA3-9C3037F99E13} => C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\X64\3\E_YTSYWE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {F412266E-D41E-4BA2-8351-039DAB80BE82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F651ED83-184E-4398-A6DB-6CCEE411DDAE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513320 2023-05-02] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\EPSON L3250 Series Update {6D9B395E-F831-4F80-9EA3-9C3037F99E13}.job => C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\X64\3\E_YTSYWE.EXE:/EXE:{6D9B395E-F831-4F80-9EA3-9C3037F99E13} /F:UpdateMOJEPC\vlastĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.0 account.zoner.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{955e1025-6fd1-4f01-9a2a-971fe32b1de0}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\vlast\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-30]
Edge Extension: (Edge relevant text changes) - C:\Users\vlast\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-24]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-04-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]

Chrome:
=======
CHR DefaultProfile: Profile 4
CHR Profile: C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-12-12]
CHR Profile: C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-05-02]
CHR Notifications: Profile 4 -> hxxps://calendar.google.com; hxxps://crashbox.ru; hxxps://www.chess.com; hxxps://www.pcworld.cz
CHR StartupUrls: Profile 4 -> "hxxp://www.google.com/"
CHR Extension: (Překladač Google) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-03-23]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-04-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-20]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-05-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-11]
CHR Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\vlast\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nngceckbapebfimnlniiiahkandclblb [2023-05-02]
CHR Profile: C:\Users\vlast\AppData\Local\Google\Chrome\User Data\System Profile [2022-12-12]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749288 2023-05-02] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [206304 2021-06-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [285088 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe [3216064 2023-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe [133544 2023-04-26] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MsSecCore; C:\Windows\System32\drivers\msseccore.sys [26480 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 MsSecWfp; C:\Windows\System32\drivers\mssecwfp.sys [29568 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49616 2023-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-04-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-26] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-05-02 21:41 - 2023-05-02 21:43 - 000015840 _____ C:\Users\vlast\Downloads\FRST.txt
2023-05-02 21:41 - 2023-05-02 21:42 - 000000000 ____D C:\FRST
2023-05-02 21:35 - 2023-05-02 21:36 - 002382848 _____ (Farbar) C:\Users\vlast\Downloads\FRST64.exe
2023-05-02 21:00 - 2023-05-02 21:17 - 000000151 _____ C:\Windows\restoro.ini
2023-05-02 20:37 - 2023-05-02 20:38 - 000000000 ____D C:\Users\vlast\Desktop\SD
2023-05-02 19:56 - 2023-05-02 20:02 - 000000000 ____D C:\Users\vlast\Desktop\Nová složka
2023-04-30 10:15 - 2023-04-30 10:55 - 000000146 _____ C:\Users\vlast\Desktop\eret.txt
2023-04-25 13:29 - 2023-04-25 13:29 - 000000489 _____ C:\Users\vlast\Desktop\zaruka.txt
2023-04-12 15:32 - 2023-04-12 15:32 - 000000000 ____D C:\Windows\system32\Drivers\mde
2023-04-12 14:31 - 2023-04-12 14:31 - 000000000 ___HD C:\$WinREAgent
2023-04-11 19:24 - 2023-04-25 11:13 - 000003844 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{5140FE95-2A7D-4105-9F19-9F2B71B9D453}
2023-04-11 19:24 - 2023-04-25 11:13 - 000003720 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{74F45EE8-49A1-4C5F-81D8-EBD487945EE9}
2023-04-05 19:14 - 2023-04-05 19:14 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2023-04-05 19:14 - 2023-02-24 23:02 - 000047240 _____ C:\Windows\system32\Drivers\semav6msr64.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-05-02 21:43 - 2021-07-05 09:15 - 000000000 ____D C:\Program Files (x86)\Google
2023-05-02 21:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-05-02 21:21 - 2021-08-10 20:16 - 000000000 ____D C:\Users\vlast\AppData\Roaming\vlc
2023-05-02 20:20 - 2021-07-05 08:23 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-05-02 19:34 - 2023-03-03 10:52 - 000000000 ___HD C:\Users\vlast\.opera
2023-05-02 19:30 - 2021-07-05 08:54 - 000000000 ___RD C:\Users\vlast\OneDrive
2023-05-02 19:17 - 2021-07-05 10:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-05-02 19:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-05-01 20:47 - 2021-07-05 08:37 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-30 11:34 - 2023-02-22 12:21 - 000000000 ____D C:\Users\vlast\Desktop\Blue Style
2023-04-29 20:15 - 2021-07-05 08:25 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-04-29 20:15 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-29 10:12 - 2021-12-12 20:07 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4132436051-199185681-1240583427-1001
2023-04-29 10:12 - 2021-07-05 08:54 - 000003360 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4132436051-199185681-1240583427-1001
2023-04-29 10:12 - 2021-07-05 08:37 - 000002413 _____ C:\Users\vlast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-26 16:11 - 2021-07-13 21:07 - 000000000 ____D C:\Users\vlast\AppData\Roaming\Microsoft\Excel
2023-04-26 15:27 - 2021-07-05 08:36 - 001605666 _____ C:\Windows\system32\PerfStringBackup.INI
2023-04-26 15:27 - 2019-12-07 16:43 - 000682184 _____ C:\Windows\system32\perfh005.dat
2023-04-26 15:27 - 2019-12-07 16:43 - 000137000 _____ C:\Windows\system32\perfc005.dat
2023-04-26 15:27 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-04-26 12:33 - 2021-07-05 08:24 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-04-25 13:29 - 2021-07-05 10:15 - 000000000 ____D C:\Users\vlast\AppData\Roaming\Microsoft\Word
2023-04-23 11:14 - 2021-07-05 09:16 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-04-20 12:57 - 2021-07-05 08:58 - 000000000 ____D C:\Users\vlast\AppData\Local\Comms
2023-04-17 20:42 - 2023-03-06 22:42 - 000000296 _____ C:\Users\vlast\Desktop\heslo.txt
2023-04-14 20:18 - 2023-02-22 20:17 - 000000000 ____D C:\ProgramData\Zoner
2023-04-12 15:34 - 2021-07-05 08:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-04-12 15:34 - 2021-07-05 08:23 - 000438944 _____ C:\Windows\system32\FNTCACHE.DAT
2023-04-12 15:34 - 2021-07-05 08:23 - 000008192 ___SH C:\DumpStack.log.tmp
2023-04-12 15:33 - 2019-12-07 11:03 - 001048576 _____ C:\Windows\system32\config\BBI
2023-04-12 15:32 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-04-12 15:32 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-04-12 15:11 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-04-12 14:57 - 2021-07-05 08:26 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-04-12 14:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2023-04-12 13:58 - 2021-07-07 12:04 - 000000000 ____D C:\Users\vlast\OneDrive\Dokumenty\Vlastní šablony Office
2023-04-12 13:49 - 2021-07-05 12:49 - 000000000 ____D C:\Windows\system32\MRT
2023-04-12 13:44 - 2021-07-05 12:49 - 156112424 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-04-11 18:48 - 2022-10-14 10:52 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-04-11 18:46 - 2021-07-05 22:09 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-04-05 19:14 - 2021-09-09 20:56 - 000003762 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2023-04-05 19:14 - 2021-09-09 20:56 - 000003528 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2023-04-04 20:20 - 2023-03-30 19:54 - 000000000 ____D C:\Program Files (x86)\epson
2023-04-04 20:20 - 2023-03-30 09:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-04-04 20:20 - 2023-03-30 09:35 - 000000000 ____D C:\Program Files (x86)\Epson Software
2023-04-04 20:00 - 2023-03-30 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#2 Příspěvek od **JaRon** » 03 kvě 2023 06:07

ahoj,
vycisti PC s ADWCleanerom - log sem

vlastas · #3 Příspěvek od **vlastas** » 03 kvě 2023 18:21

Posílám log
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-03-2023
# Duration: 00:00:04
# OS: Windows 10 (Build 19045.2846)
# Cleaned: 14
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted C:\Users\vlast\AppData\Local\Temp\restoro-setup.log
Deleted C:\Windows\restoro.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Local AppWizard-Generated Applications\Restoro
Deleted HKCU\Software\Restoro
Deleted HKLM\Software\Classes\CLSID\{AE198C69-7358-4856-9029-F4C0FAD524C1}
Deleted HKLM\Software\Classes\CLSID\{BA827421-E282-479E-AE60-34796877B8AE}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\Restoro.Engine
Deleted HKLM\Software\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
Deleted HKLM\Software\Restoro
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2630 octets] - [03/05/2023 19:17:26]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#4 Příspěvek od **JaRon** » 03 kvě 2023 19:18

Mohlo by to byt OK

vlastas · #5 Příspěvek od **vlastas** » 05 kvě 2023 11:48

Něco mi to stále hlásí.

#6 Příspěvek od **JaRon** » 05 kvě 2023 11:58

uvedeny subor zmaz

vlastas · #7 Příspěvek od **vlastas** » 07 kvě 2023 11:38

OK děkuji.

#8 Příspěvek od **JaRon** » 07 kvě 2023 11:52

Za malo

VIRY.CZ

Win32/OpenCandy

Win32/OpenCandy

Re: Win32/OpenCandy

Re: Win32/OpenCandy

Re: Win32/OpenCandy

Re: Win32/OpenCandy

Re: Win32/OpenCandy

Re: Win32/OpenCandy

Re: Win32/OpenCandy