VIRY.CZ

Ahoj, dnes jsem si všimnul, že po najetí na tento počítač, vidím jakési umístění v síti dva neidentifikovatelná začízení lenovo-pc nemám lenovo.. a jakása pupjinka lenovo-pc

Jsem to zčeknul a zjistil, jsem z toho IP adresu

25.90.239.72

Po zčeknutí na whois domain mi to zahlásilo org-name: UK Ministry of Defence

To mě jako hacknuli špioní z VB nebo jak to mám chápat.

Jo a dal jsem u obou odebrat zařízení, nevím kdy a jak dlouho to tam bylo, ale dnes jsem si toho všimnul.

Zdravím!
Je možné, že to jsou nějací hackeři. Koukneme na logy a uvidíme, zda tam po nich něco nezbylo. Ale pochybuji. Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2023
Ran by pozde (21-08-2023 18:38:47)
Running from C:\Users\pozde\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.3208 (X64) (2023-03-15 17:37:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2645675381-1114551939-3584535674-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2645675381-1114551939-3584535674-503 - Limited - Disabled)
Guest (S-1-5-21-2645675381-1114551939-3584535674-501 - Limited - Disabled)
pozde (S-1-5-21-2645675381-1114551939-3584535674-1001 - Administrator - Enabled) => C:\Users\pozde
WDAGUtilityAccount (S-1-5-21-2645675381-1114551939-3584535674-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Bright VPN 1.342.773 (HKLM-x32\...\54cf4d4c-268a-577e-8fe3-97e36e306708) (Version: 1.342.773 - Bright Data Ltd.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 11.1.0.2037 - Disc Soft Ltd)
Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.3.0 - IObit)
Exodus (HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\...\exodus) (Version: 23.3.29 - Exodus Movement Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.173 - Google LLC)
IObit Uninstaller 12 (HKLM-x32\...\IObitUninstall) (Version: 12.3.0.9 - IObit)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.203 - Microsoft Corporation)
Microsoft Office Access MUI (Czech) 2007 (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\...\OneDriveSetup.exe) (Version: 23.153.0724.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 116.0.3 (x64 cs)) (Version: 116.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 111.0 - Mozilla)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
NHL 2023 (HKLM-x32\...\NHL 2023) (Version: 2023 - NHL-TURNIR.RU)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 101.0.4843.43 (HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\...\Opera 101.0.4843.43) (Version: 101.0.4843.43 - Opera Software)
Registrace uživatele zařízení Canon MG2500 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2500 series) (Version: - ‭Canon Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\advancedmicrodevicesinc-2.amdradeonsoftware_10.20.50017.0_x64__0a9344xs7nr4m [2023-03-15] (Advanced Micro Devices Inc.) [Startup Task]
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-12] (Microsoft Corporation)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-05-12] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8040.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0 [2023-08-20] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2023-03-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2023-03-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-05-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2023-08-21 11:42 - 2023-08-21 11:42 - 000452608 _____ () [File not signed] \\?\C:\Users\pozde\AppData\Local\Temp\06d9e818-fa58-472d-aa1f-3d07882ca09b.tmp.node
2023-03-16 18:08 - 2023-03-16 18:08 - 002586624 _____ () [File not signed] C:\Program Files (x86)\Bright VPN\ffmpeg.dll
2023-03-16 18:08 - 2023-03-16 18:08 - 000354816 _____ () [File not signed] C:\Program Files (x86)\Bright VPN\libegl.dll
2023-03-16 18:08 - 2023-03-16 18:08 - 006924800 _____ () [File not signed] C:\Program Files (x86)\Bright VPN\libglesv2.dll
2023-03-17 18:45 - 2013-04-26 19:31 - 000521216 _____ (CANON INC.) [File not signed] [File is in use] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2023-03-17 18:45 - 2013-04-26 19:28 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2022-10-20] (IObit Information Technology -> IObit)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pozde\Downloads\2350e509-334a-425b-ba29-fe954d9351ef.jpg
DNS Servers: 31.30.90.11 - 31.30.90.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{724890AF-171F-4DB4-8DED-76226513DB48}C:\nhl\nhl23.exe] => (Allow) C:\nhl\nhl23.exe () [File not signed]
FirewallRules: [UDP Query User{7060DD12-BAC6-4A41-A159-FE6F953E0FBC}C:\nhl\nhl23.exe] => (Allow) C:\nhl\nhl23.exe () [File not signed]
FirewallRules: [TCP Query User{23075046-43D0-4DC7-BE13-863BD0678972}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{B3914369-2E46-4946-8BAE-E4DE869B2C73}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{339C0EF3-3F92-4BB0-B1F8-80F8BFC6D9E8}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [UDP Query User{BA6F2412-B9FA-4D41-828C-D18AD3E2B926}C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{E7269E52-0401-4ECB-A1C8-EF9E432D87A6}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7460C771-6CB4-4DC2-96EB-7107E30B513F}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3059C5A5-612E-4FF5-B110-FA5C6649A63A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C9DEF43B-C875-4B74-A8D4-55178EE50B8D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{517B468B-CA16-40F3-AC1E-279C6E025B44}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{5427E6BC-87D4-4D27-B1BA-D07EF2B9B9A2}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{C9DF7B07-5117-43C4-911A-089265EFB25F}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{9E2007FF-96DD-40AF-85D6-F6346EFE944B}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{236A515E-F0CF-47C7-93FC-E743E38C30DC}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{CE2236C3-03A1-41E0-91C6-FE9CC7291580}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70071C70-2276-4042-9CFC-8CC9E873F26C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8F013332-70CD-43E9-8BF3-02C4D7960F51}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{00EEA1B2-CD29-46CC-B8DC-6E73F3C6AD8F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.203\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CD9B1688-E3C7-46FC-8DC9-F4189A2C58E2}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{229219A1-192B-465A-BDFD-78A5822F84F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{34EA068D-2667-4743-9519-D4EE49D636FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{71B0866C-8659-494C-B2E6-723D3195368D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2383FA8F-F0DA-47BD-8161-BB10BA270C17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{66D508E6-7033-4C91-8423-70A3A2D4D27F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5968FC2D-4D23-454E-91A8-78F98358CD65}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{27522F41-B5DC-436A-A4D2-BB181855A6F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6B8D462E-F311-4EDD-8EDD-2B0DD7CFAC79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{513E553C-D578-4F04-A542-1875C42161A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{68F93C51-F14E-4666-B2CD-6BC639B6F336}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.218.999.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

==================== Restore Points =========================

30-07-2023 17:18:34 Naplánovaný kontrolní bod
05-08-2023 16:46:42 Driver Booster : AMD SMBus
12-08-2023 16:55:18 Instalační služba modulů systému Windows
20-08-2023 11:39:48 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/21/2023 02:49:13 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/20/2023 07:12:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program HxTsr.exe verze 16.0.14326.21538 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2ffc

Čas spuštění: 01d9d387bfe2e6bb

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21538.0_x64__8wekyb3d8bbwe\HxTsr.exe

ID hlášení: e8ba1375-e44f-4623-b503-d636a3ad59c8

Úplný název balíčku s chybou: microsoft.windowscommunicationsapps_16005.14326.21538.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: ppleae38af2e007f4358a809ac99a64a67c1

Typ zablokování: Quiesce

Error: (08/20/2023 07:10:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program HxAccounts.exe verze 16.0.14326.21538 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 3244

Čas spuštění: 01d9d387c2c2b336

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21538.0_x64__8wekyb3d8bbwe\HxAccounts.exe

ID hlášení: bbd6849b-e94f-4b7f-ac14-1ae1b889a3db

Úplný název balíčku s chybou: microsoft.windowscommunicationsapps_16005.14326.21538.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: microsoft.windowslive.manageaccounts

Typ zablokování: Navigation

Error: (08/20/2023 02:49:14 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/19/2023 02:49:13 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (08/18/2023 08:14:39 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/18/2023 08:14:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (08/18/2023 06:50:48 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2


System errors:
=============
Error: (08/20/2023 11:53:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80240016): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.395.889.0).

Error: (08/20/2023 12:00:54 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1L2HF5P)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (08/20/2023 12:00:54 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1L2HF5P)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (08/20/2023 12:00:54 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1L2HF5P)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (08/20/2023 12:00:53 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1L2HF5P)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (08/20/2023 12:00:53 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1L2HF5P)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (08/20/2023 12:00:53 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1L2HF5P)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.

Error: (08/20/2023 12:00:53 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1L2HF5P)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2023-08-18 19:32:38
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {41E2826A-41CF-466C-BEBD-0064BF572E8F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-08-17 16:54:36
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C1F37111-769E-441E-BE9B-973075206CA0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-08-16 18:24:31
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {71EA79D6-98DC-4106-B94F-64BE9B756E74}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-08-15 17:05:37
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BF399559-6775-4CB8-900E-76CC49EF0429}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-08-14 17:12:30
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {E1A4237F-C70F-4142-B7A0-B2931F49F8DA}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2023-08-21 03:19:36
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.934.0;1.395.934.0
Verze modulu: 1.1.23070.1005

Date: 2023-08-19 12:31:36
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.395.806.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23070.1005
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2023-08-19 12:31:36
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.395.806.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23070.1005
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2023-08-13 10:48:27
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.395.147.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23070.1005
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2023-08-13 10:48:27
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.395.147.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23070.1005
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

CodeIntegrity:
===============
Date: 2023-08-20 19:03:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-08-03 16:34:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-07-17 16:57:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 3803 01/22/2018
Motherboard: ASUSTeK COMPUTER INC. PRIME A320M-K
Processor: AMD A8-9600 RADEON R7, 10 COMPUTE CORES 4C+6G
Percentage of memory in use: 81%
Total physical RAM: 7609.93 MB
Available physical RAM: 1390.75 MB
Total Virtual: 14799.11 MB
Available Virtual: 4746.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.54 GB) (Free:139.48 GB) (Model: TOSHIBA HDWD110) NTFS
Drive d: (Data) (Fixed) (Total:687.37 GB) (Free:135.23 GB) (Model: TOSHIBA HDWD110) NTFS

\\?\Volume{021c5c0c-9e50-450b-8871-4a934cf0b902}\ (Obnovení) (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{c86c9a0b-9742-48df-87f5-6f479d412bba}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2023
Ran by pozde (administrator) on DESKTOP-1L2HF5P (21-08-2023 18:28:59)
Running from C:\Users\pozde\Downloads\FRST64.exe
Loaded Profiles: pozde
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3208 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE ->) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE ->) (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(DriverStore\FileRepository\u0367912.inf_amd64_1567db284dfba458\B366469\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0367912.inf_amd64_1567db284dfba458\B366469\atieclxx.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (Bright Data Ltd -> Bright Data Ltd.) C:\Program Files (x86)\Bright VPN\Bright VPN.exe <3>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <38>
(explorer.exe ->) (Mirek Wojtowicz) [File not signed] C:\Program Files (x86)\MWSnap\MWSnap.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (VideoLAN -> VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0367912.inf_amd64_1567db284dfba458\B366469\atiesrxx.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Bright Data Ltd -> BrightData Ltd.) C:\Program Files (x86)\Bright VPN\net_updater32.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\Driver Booster\10.3.0\DriverBooster.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\pozde\AppData\Local\Microsoft\OneDrive\23.153.0724.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\...\Run: [Opera Stable] => C:\Users\pozde\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4374376 2023-07-28] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [482128 2023-03-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\...\Run: [Bright VPN] => C:\Program Files (x86)\Bright VPN\Bright VPN.exe [117925384 2023-03-16] (Bright Data Ltd -> Bright Data Ltd.)
HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\...\MountPoints2: {9b023747-c35c-11ed-8d64-4cedfb461ec6} - "G:\SETUP.EXE"
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series XPS: C:\WINDOWS\system32\CNMXLMBX.DLL [393728 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\115.0.5790.173\Installer\chrmstp.exe [2023-08-18] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {982C727F-E108-4318-BC55-85146F28034E} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\10.3.0\Scheduler.exe [157784 2023-02-10] (IObit CO., LTD -> IObit)
Task: {645E51A9-1572-43DF-A766-C967F33ADE60} - System32\Tasks\Driver Booster SkipUAC (pozde) => C:\Program Files (x86)\IObit\Driver Booster\10.3.0\DriverBooster.exe [9018328 2023-02-28] (IObit CO., LTD -> IObit)
Task: {C919C992-F35C-45D7-AE2C-457E447C434A} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.3.0\AutoUpdate.exe [2516968 2023-02-10] (IObit CO., LTD -> IObit)
Task: {A7F25FE3-B433-4FF7-B96A-9162E7B81A84} - System32\Tasks\GoogleUpdateTaskMachineCore{3CFB3549-C086-42AC-877D-EA0CE60E924D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-15] (Google LLC -> Google LLC)
Task: {6E0F507B-FE86-434E-868C-C05F4132AED7} - System32\Tasks\GoogleUpdateTaskMachineUA{137028B1-5CD3-4527-B71C-C07AA07A7134} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-15] (Google LLC -> Google LLC)
Task: {C76E1AA9-2392-474B-A940-83BA0DEFD5F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {397C3B83-0C72-4E03-9E53-44A113B29979} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF36245B-F40E-410E-A620-95DFD73C3EF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {05A9C3E8-7063-4A80-8251-E830E9B72FE4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MpCmdRun.exe [1596320 2023-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF9921FA-CDED-41A5-A775-09C52C33CAB2} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [687008 2023-08-17] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B8D073EA-8FCA-4913-87AB-DC8A433E6C67} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {5D58A853-C40F-4BFE-A251-B1A1000128AB} - System32\Tasks\Opera scheduled Autoupdate 1678904630 => C:\Users\pozde\AppData\Local\Programs\Opera\launcher.exe [2730912 2023-08-09] (Opera Norway AS -> Opera Software)
Task: {6EF5AB7D-6D35-4D96-A7E5-59B5E0BD5D50} - System32\Tasks\Uninstaller_SkipUac_pozde => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [9395720 2023-02-06] (IObit CO., LTD -> IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{d7018454-7c7f-417e-87eb-538454de8b90}: [DhcpNameServer] 31.30.90.11 31.30.90.12

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pozde\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-03]
Edge Extension: (Dokumenty Google offline) - C:\Users\pozde\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-20]
Edge Extension: (Edge relevant text changes) - C:\Users\pozde\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-25]

FireFox:
========
FF DefaultProfile: sdmsypdp.default
FF ProfilePath: C:\Users\pozde\AppData\Roaming\Mozilla\Firefox\Profiles\sdmsypdp.default [2023-03-15]
FF ProfilePath: C:\Users\pozde\AppData\Roaming\Mozilla\Firefox\Profiles\h3vxezw7.default-release [2023-08-21]
FF Extension: (Browsec VPN - Free VPN for Firefox) - C:\Users\pozde\AppData\Roaming\Mozilla\Firefox\Profiles\h3vxezw7.default-release\Extensions\browsec@browsec.com.xpi [2023-08-19]
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\pozde\AppData\Local\Google\Chrome\User Data\Default [2023-08-21]
CHR Notifications: Default -> hxxps://www.ifortuna.cz
CHR Extension: (Tipli do prohlížeče) - C:\Users\pozde\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbnfnbehhjknomdbfhcobpgpphnlnikp [2023-07-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\pozde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-20]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\pozde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-08-10]
CHR Extension: (ySense Addon) - C:\Users\pozde\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnhcgkngeeahimbfhejeaiijecekhba [2023-03-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pozde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-15]
CHR Extension: (NeoBux AdAlert) - C:\Users\pozde\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaepeijninfcgjdnighjnlgdkkgpnaen [2023-04-01]

Opera:
=======
OPR Profile: C:\Users\pozde\AppData\Roaming\Opera Software\Opera Stable [2023-08-21]
OPR DefaultSearchURL: Opera Stable -> hxxps://www.google.com/search?client=opera&q={s ... utEncoding}
OPR DefaultSearchKeyword: Opera Stable -> g
OPR Extension: (Rich Hints Agent) - C:\Users\pozde\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-06]
OPR Extension: (Opera Wallet) - C:\Users\pozde\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-07]
OPR Extension: (Aria) - C:\Users\pozde\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-08-17]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\pozde\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2023-03-15]
OPR Extension: (opera-intro) - C:\Users\pozde\AppData\Local\Programs\Opera\101.0.4843.33\resources\opera_intro_extension [2023-08-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4976976 2023-03-16] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] (Canon Inc. -> )
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [167432 2022-10-20] (IObit CO., LTD -> IObit)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 luminati_net_updater_win_brightvpn_com; C:\Program Files (x86)\Bright VPN\net_updater32.exe [9159760 2023-03-16] (Bright Data Ltd -> BrightData Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402216 2023-07-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\NisSrv.exe [3104488 2023-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23070.1004-0\MsMpEng.exe [133576 2023-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [36928 2023-02-27] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-09-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 Amfilter; C:\WINDOWS\System32\drivers\Amfltx64.sys [12288 2022-05-07] (Microsoft Windows Hardware Compatibility Publisher -> (Standard mouse types))
S3 Amps2prt; C:\WINDOWS\System32\drivers\Amps2x64.sys [21504 2022-05-07] (Microsoft Windows Hardware Compatibility Publisher -> (Standard mouse types))
S3 Amusbprt; C:\WINDOWS\System32\drivers\Amusbx64.sys [17920 2022-05-07] (Microsoft Windows Hardware Compatibility Publisher -> A4Tech Co.,Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2022-04-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [63696 2022-04-27] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2023-01-13] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2023-01-13] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2023-01-13] (IObit Information Technology -> IObit)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55704 2023-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [572656 2023-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [104688 2023-08-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-21 18:28 - 2023-08-21 18:34 - 000018740 _____ C:\Users\pozde\Downloads\FRST.txt
2023-08-21 18:26 - 2023-08-21 18:32 - 000000000 ___DC C:\FRST
2023-08-21 18:25 - 2023-08-21 18:26 - 002385408 _____ (Farbar) C:\Users\pozde\Downloads\FRST64.exe
2023-08-17 16:28 - 2023-08-19 12:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-13 10:42 - 2023-08-13 10:42 - 000000000 ____D C:\Users\pozde\Desktop\ACLib
2023-08-09 05:44 - 2023-08-09 05:44 - 000000000 __HDC C:\$WinREAgent
2023-07-25 20:10 - 2023-07-25 20:10 - 000035190 _____ C:\Users\pozde\Downloads\1623663665.pdf
2023-07-25 20:07 - 2023-07-25 20:07 - 000018615 _____ C:\Users\pozde\Downloads\5730783415.pdf
2023-07-25 20:06 - 2023-07-25 20:07 - 000034935 _____ C:\Users\pozde\Downloads\1623667967.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-08-21 18:33 - 2023-03-15 23:20 - 000000000 ____D C:\Program Files (x86)\Steam
2023-08-21 18:33 - 2023-03-15 20:23 - 000000000 ____D C:\Users\pozde\AppData\Roaming\vlc
2023-08-21 18:33 - 2023-03-15 20:06 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-21 18:33 - 2023-03-15 18:41 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-21 18:14 - 2023-03-15 20:37 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-21 17:42 - 2023-03-16 18:08 - 000000000 ____D C:\Users\pozde\AppData\Roaming\bright-vpn
2023-08-21 14:17 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-21 12:34 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-21 12:31 - 2023-03-15 20:01 - 000000000 ____D C:\Users\pozde\AppData\Local\D3DSCache
2023-08-21 12:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-21 12:30 - 2023-03-15 20:05 - 000000000 ____D C:\Users\pozde\AppData\Local\PlaceholderTileLogoFolder
2023-08-21 12:24 - 2023-04-01 23:37 - 000003446 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2023-08-21 11:41 - 2023-04-13 17:57 - 000000000 ____D C:\Users\pozde\AppData\Local\LogMeIn Hamachi
2023-08-21 11:41 - 2023-03-15 20:05 - 000000000 ___RD C:\Users\pozde\OneDrive
2023-08-21 11:39 - 2023-03-15 19:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-21 11:39 - 2023-03-15 19:20 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-21 03:19 - 2023-03-15 19:24 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2023-08-21 03:19 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-08-20 11:53 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-08-19 12:15 - 2023-03-15 22:59 - 000000000 ____D C:\ProgramData\ProductData
2023-08-19 12:09 - 2023-03-15 20:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-19 12:09 - 2023-03-15 19:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-18 05:33 - 2023-03-15 20:07 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-08-18 05:33 - 2023-03-15 20:07 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-08-17 16:38 - 2023-03-15 20:37 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-16 19:03 - 2023-03-15 23:26 - 000000000 ____D C:\Users\pozde\AppData\Local\Steam
2023-08-16 17:17 - 2023-03-15 20:24 - 000004206 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1678904630
2023-08-16 17:17 - 2023-03-15 20:24 - 000001403 _____ C:\Users\pozde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2023-08-15 05:34 - 2023-03-15 20:06 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2645675381-1114551939-3584535674-1001
2023-08-15 05:34 - 2023-03-15 20:05 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2645675381-1114551939-3584535674-1001
2023-08-15 05:34 - 2023-03-15 19:53 - 000002381 _____ C:\Users\pozde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-13 20:13 - 2023-03-17 18:46 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-08-12 13:52 - 2023-03-16 19:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-08-12 13:47 - 2023-03-16 19:36 - 175983240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-08-12 13:45 - 2023-03-15 19:25 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-12 13:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-08-10 17:53 - 2023-03-15 20:01 - 000000000 ____D C:\Users\pozde\AppData\Local\Packages
2023-08-06 17:55 - 2023-03-16 19:18 - 000000000 ____D C:\Users\pozde\AppData\Roaming\Microsoft\Excel
2023-08-06 16:08 - 2023-03-19 23:18 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2023-08-05 16:47 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-08-04 15:57 - 2023-03-15 19:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-08-02 05:25 - 2023-03-15 20:06 - 000003844 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{137028B1-5CD3-4527-B71C-C07AA07A7134}
2023-08-02 05:25 - 2023-03-15 20:06 - 000003720 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{3CFB3549-C086-42AC-877D-EA0CE60E924D}
2023-07-28 05:30 - 2023-03-15 22:17 - 000918960 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-24 04:49 - 2023-03-15 19:40 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-24 04:49 - 2019-12-07 16:43 - 000716726 _____ C:\WINDOWS\system32\perfh005.dat
2023-07-24 04:49 - 2019-12-07 16:43 - 000144904 _____ C:\WINDOWS\system32\perfc005.dat
2023-07-23 20:48 - 2023-03-15 19:20 - 000440344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-23 20:45 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-23 20:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-23 20:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-23 20:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-23 20:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-23 20:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-23 20:44 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-07-23 20:44 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-23 13:13 - 2023-03-15 19:24 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-22 15:54 - 2020-04-11 19:34 - 000035840 _____ C:\Users\pozde\Desktop\Earn2023.xlsx

==================== Files in the root of some directories ========

2023-05-03 19:03 - 2023-05-03 19:03 - 000000001 _____ () C:\Users\pozde\AppData\Local\llftool.4.40.agreement

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-2645675381-1114551939-3584535674-1001\...\MountPoints2: {9b023747-c35c-11ed-8d64-4cedfb461ec6} - "G:\SETUP.EXE"
Task: {A7F25FE3-B433-4FF7-B96A-9162E7B81A84} - System32\Tasks\GoogleUpdateTaskMachineCore{3CFB3549-C086-42AC-877D-EA0CE60E924D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-15] (Google LLC -> Google LLC)
Task: {6E0F507B-FE86-434E-868C-C05F4132AED7} - System32\Tasks\GoogleUpdateTaskMachineUA{137028B1-5CD3-4527-B71C-C07AA07A7134} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-15] (Google LLC -> Google LLC)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{137028B1-5CD3-4527-B71C-C07AA07A7134}
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{3CFB3549-C086-42AC-877D-EA0CE60E924D}
C:\Users\pozde\AppData\Local\Temp\06d9e818-fa58-472d-aa1f-3d07882ca09b.tmp.node

EmptyTemp:
End

Uložte do C:\Users\pozde\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Po restartování PC se to zase objevilo.

Tak malware, ani jiný šmejd to není. Jedná se o toto: https://www-practicallynetworked-com.tr ... _tr_pto=sc . Sdílení medií, které jste si zřejmě sán spustil. Je to zcela neškodné.