zdravim, mohl bych poprosit o preventivku staršího pomalého noťasu ?
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by sirot (06-08-2022 18:51:15)
Running from C:\Users\sirot\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1826 (X64) (2021-04-05 20:20:12)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1551859246-199576435-3342040479-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1551859246-199576435-3342040479-503 - Limited - Disabled)
Guest (S-1-5-21-1551859246-199576435-3342040479-501 - Limited - Disabled)
sirot (S-1-5-21-1551859246-199576435-3342040479-1001 - Administrator - Enabled) => C:\Users\sirot
WDAGUtilityAccount (S-1-5-21-1551859246-199576435-3342040479-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Enabled - Up to date) {DF8BEACB-94C9-218A-73AD-A78362A8C516}
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {E7B06BEE-DEA6-20D2-58F2-0EB69C7B826D}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.001.20169 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 15.2.11.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Kontrola stavu osobního počítače s Windows (HKLM\...\{531BDBAA-AB4D-4BBB-9EA0-263FD75E7A5E}) (Version: 3.0.2109.14001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Media Player Codec Pack 4.5.7 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.5.7 - Media Player Codec Pack)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft Access MUI (Czech) 2013 (HKLM\...\{90150000-0015-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0015-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Czech) 2013 (HKLM\...\{90150000-0090-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0090-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.77 - Microsoft Corporation)
Microsoft Excel MUI (Czech) 2013 (HKLM\...\{90150000-0016-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0016-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Czech) 2013 (HKLM\...\{90150000-00BA-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00BA-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Czech) 2013 (HKLM\...\{90150000-0044-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0044-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Czech) 2013 (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office O MUI (Czech) 2013 (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Czech) 2013 (HKLM\...\{90150000-00E1-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00E1-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Czech) 2013 (HKLM\...\{90150000-00E2-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00E2-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing (Czech) 2013 (HKLM\...\{90150000-002C-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-002C-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Czech) 2013 (HKLM\...\{90150000-00C1-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00C1-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2013 (HKLM\...\{90150000-006E-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-006E-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (Czech) 2013 (HKLM\...\{90150000-00A1-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-00A1-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Czech) 2013 (HKLM\...\{90150000-001A-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-001A-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Czech) 2013 (HKLM\...\{90150000-0018-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0018-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Czech) 2013 (HKLM\...\{90150000-0019-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-0019-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft SharePoint Designer MUI (Czech) 2013 (HKLM\...\{90150000-0017-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Word MUI (Czech) 2013 (HKLM\...\{90150000-001B-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Word MUI (Portuguese (Brazil)) 2013 (HKLM\...\{90150000-001B-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft X MUI (Czech) 2013 (HKLM\...\{90150000-0101-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7606 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0017-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{85EB11C5-7793-4386-8F93-3D15494EC269}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{1E8252A7-D489-4BB6-9694-93799FFD33ED}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{DABB9E2A-F054-4F97-9EB2-6992316C6EC7}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}_Office15.PROPLUS_{72C9E028-F9E7-4172-AC45-0C8029B591D5}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-041B-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{4601BD00-BC9B-4CA2-940C-2552782C7347}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{EC915383-0457-4D83-BE7A-009D7841E9C5}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0416-1000-0000000FF1CE}_Office15.PROPLUS_{84C4718D-C949-454F-B6D0-E77C212DBF11}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{3F685A71-DF4A-4AC0-A110-0FA0B7FFD86C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0416-1000-0000000FF1CE}_Office15.PROPLUS_{67811A68-6D8B-4316-8ACB-4AEADC838509}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1931508C-C004-4983-81E3-70BE6252904B}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{6E88843F-58F2-45EB-8C4A-0DDFE45366E1}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0416-1000-0000000FF1CE}_Office15.PROPLUS_{05DE08FE-96EE-4BFE-A731-AE2985231632}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0101-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{8ECA38FB-BA64-4DF3-A770-936F18495B2C}) (Version: - Microsoft) Hidden
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKLM-x32\...\{7DB7FD43-6CB4-4977-A0EB-94EC08BED3B5}) (Version: 15.0.0.0 - Viber Media S.a.r.l) Hidden
Viber (HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\{eb9b0a06-f80d-4346-ac73-18af1b417fc9}) (Version: 15.0.0.0 - 2010-2021 Viber Media S.a.r.l)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.16.7 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-04-08] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-29] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1551859246-199576435-3342040479-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll => No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-07-16] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-07-16] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-07-16] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1551859246-199576435-3342040479-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1551859246-199576435-3342040479-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll -> No File
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [vidc.x264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [vidc.lags] => C:\Windows\SysWOW64\lagarith.dll [230080 2016-09-21] (Cole Williams Software Limited -> )
HKLM\...\Drivers32: [msacm.divxa32] => C:\Windows\SysWOW64\DivXa32.acm [291408 2013-12-17] (Packed With Joy !) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-06-12] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-04-05 22:04 - 2021-04-05 21:59 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sirot\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\1132069.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\StartupApproved\Run: => "Viber"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{819513DB-8744-4D0F-8699-2A9619206B42}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21564A0F-C4C7-4CDE-8CDA-C26CD7098C04}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5586F657-377F-4EFE-8E4C-DB364563C406}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{096A0947-6A34-4C31-B1FE-23B3200FCF91}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F453C254-56A6-459D-9015-20D3ABC7FBAC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BEA15B54-783E-4599-960F-F703EB376E39}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4358E3A0-DECF-4807-9BEB-7F87AF339004}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DD8BF133-7F19-44CB-9DC0-8DF4709B9DEE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{59A9B866-6FB1-445F-8419-56897FBA176E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
18-07-2022 23:34:36 Naplánovaný kontrolní bod
02-08-2022 09:49:49 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
Name: Intel(R) Trusted Execution Engine Interface
Description: Intel(R) Trusted Execution Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: TXEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (08/06/2022 02:30:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.1806 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: c88
Čas spuštění: 01d8a98c1a7060ff
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
ID hlášení: 2fb7e267-c70e-4522-ae3b-8bc2569f2971
Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.6.19041_neutral_neutral_cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: ShellFeedsUI
Typ zablokování: Cross-process
Error: (08/06/2022 02:01:07 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (08/05/2022 06:00:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.1806 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 12d4
Čas spuštění: 01d8a8deba065303
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
ID hlášení: 0c2294b4-ba58-4eda-b927-b3c0b13c86e7
Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.6.19041_neutral_neutral_cw5n1h2txyewy
ID aplikace relativní podle balíčku s chybou: ShellFeedsUI
Typ zablokování: Quiesce
Error: (08/05/2022 04:57:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (08/04/2022 04:57:40 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (08/03/2022 06:44:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.19041.1806 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 1d58
Čas spuštění: 01d8a7468431f059
Čas ukončení: 0
Cesta k aplikaci: C:\Windows\explorer.exe
ID hlášení: 3d9ec9de-c7dc-4d2a-98ca-f44d46ec6959
Úplný název balíčku s chybou:
ID aplikace relativní podle balíčku s chybou:
Typ zablokování: Cross-process
Error: (08/03/2022 06:35:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchApp.exe, verze: 10.0.19041.1806, časové razítko: 0xe2377848
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1826, časové razítko: 0x299341e8
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010fb62
ID chybujícího procesu: 0x2070
Čas spuštění chybující aplikace: 0x01d8a7569beb8ba7
Cesta k chybující aplikaci: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 4b467f60-a77c-4b41-8149-42d6292a3932
Úplný název chybujícího balíčku: Microsoft.Windows.Search_1.14.6.19041_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI
Error: (08/03/2022 04:40:15 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (08/05/2022 07:47:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2QB9P90)
Description: Server Microsoft.Windows.Photos_2022.30060.30007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (08/05/2022 07:13:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2QB9P90)
Description: Server Microsoft.Windows.Photos_2022.30060.30007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (08/05/2022 06:37:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2QB9P90)
Description: Server Microsoft.Windows.Photos_2022.30060.30007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (08/05/2022 05:08:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2QB9P90)
Description: Server {283EDD52-69B2-473D-BEB6-2C0B4C01FD73} se v daném časovém limitu neregistroval u služby DCOM.
Error: (08/05/2022 04:54:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (19:23:58, 04.08.2022) bylo neočekávané.
Error: (08/04/2022 05:02:03 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: NT AUTHORITY)
Description: Došlo k závažné chybě hardwaru. Záznam chyby s popisem stavu je obsažen v datové části této události.
Error: (08/02/2022 06:34:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:07:46, 02.08.2022) bylo neočekávané.
Error: (08/02/2022 11:02:13 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2QB9P90)
Description: Server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2022-04-09 14:58:17
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {32A4EB4B-E107-4B98-9932-0D831E817633}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2022-04-07 20:00:15
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/Presenoker
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\$Recycle.Bin\S-1-5-21-1551859246-199576435-3342040479-1001\$RPF0Z7H.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-2QB9P90\sirot
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.361.1294.0, AS: 1.361.1294.0, NIS: 1.361.1294.0
Verze modulu: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-02-02 18:23:52
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2052A250-F8F5-401E-B20B-58DBF890B903}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-11-26 17:08:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BF5B3837-D54F-4E32-B8B6-146430F8BC14}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-05-16 13:16:23
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6FC23D58-BAFF-4131-9D27-0B1F0F1A9BA7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2022-04-07 19:49:14
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.361.1294.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19000.8
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.
Date: 2022-04-07 19:23:45
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: Ovladač filtru přeskočil prohledávání položek a je v režimu průchodu. Příčinou může být nízký stav prostředků.
Date: 2022-04-05 18:01:35
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.355.2929.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18800.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2022-04-05 18:01:35
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.355.2929.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18800.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2022-04-05 18:01:35
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.355.2929.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18800.4
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
CodeIntegrity:
===============
Date: 2022-08-06 15:00:26
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Insyde Corp. V1.07 09/11/2014
Motherboard: Acer Aspire ES1-512
Processor: Intel(R) Celeron(R) CPU N2940 @ 1.83GHz
Percentage of memory in use: 66%
Total physical RAM: 3977.98 MB
Available physical RAM: 1315.68 MB
Total Virtual: 6956.08 MB
Available Virtual: 3025.38 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:175.95 GB) (Free:87.6 GB) (Model: WDC WD5000LPVX-22V0TT0) NTFS
Drive d: () (Fixed) (Total:273.23 GB) (Free:263.46 GB) (Model: WDC WD5000LPVX-22V0TT0) NTFS
Drive e: (A-DATA SH93) (Fixed) (Total:465.76 GB) (Free:256.97 GB) (Model: A-DATA SH93 USB Device) NTFS
\\?\Volume{ca5a3665-0f8e-4427-8d9e-e97c3fe3d496}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{f10360ef-b226-4dc5-a7c8-edf6095818e8}\ (ESP) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D4D8FAEF)
Partition: GPT.
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: C6B16518)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by sirot (administrator) on DESKTOP-2QB9P90 (Acer Aspire ES1-512) (06-08-2022 19:02:53)
Running from C:\Users\sirot\Desktop
Loaded Profiles: sirot
Platform: Microsoft Windows 10 Home Version 21H1 19043.1826 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(explorer.exe ->) (Cole Williams Software Limited -> ) C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.554.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194736 2022-07-16] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (No File)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [71760 2021-01-17] (Cole Williams Software Limited -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe" (No File)
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\Run: [Viber] => C:\Users\sirot\AppData\Local\Viber\Viber.exe [52488008 2022-03-30] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2021-10-19]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {6ADCD440-70EC-4E6A-B4CE-8EFAD9B11902} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {7BBE54BD-A90F-4B38-BD25-E1E931363E86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {8ADBBD17-029A-42DA-B58A-1ED3957B88AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
Task: {D78F6185-9195-4C0F-8AF7-80EA90313CCE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D833A2C9-0BC4-4B41-B66B-0CF289B7F23F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
Task: {EEC4D0D4-2347-40BA-8C28-80346AA2EB4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d54f72e0-43a7-4314-88b1-8b979a74e193}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f013dfee-1986-409f-944a-410ef2d705d9}: [DhcpNameServer] 10.0.0.138
Edge:
=======
Edge Profile: C:\Users\sirot\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-31]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-07-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default [2022-08-06]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://smartcaptchasolve.top; hxxps://www.aliexpress.com; hxxps://www.expondo.cz; hxxps://www.facebook.com; hxxps://www.prvni-lekarna.cz; hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Seznam doplněk - Email) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2021-07-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-25]
CHR Extension: (Save to Facebook) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2021-06-13]
CHR Extension: (Netpanel) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbidbgoheiddfilfipcobicemncfogno [2022-07-22]
CHR Extension: (Black Blue Nebula) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjbgbhoefhnnoldipdojpenemkdjgfg [2021-04-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-05]
CHR Profile: C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-14]
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka, starší notebook
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka, starší notebook
Zdravím!
Log FRST není kompletní, Addition OK. Dejte znovu log FRST. Děkuji.
Log FRST není kompletní, Addition OK. Dejte znovu log FRST. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivka, starší notebook
zdravím a děkuji, log přikládám
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by sirot (administrator) on DESKTOP-2QB9P90 (Acer Aspire ES1-512) (07-08-2022 22:10:30)
Running from C:\Users\sirot\Desktop
Loaded Profiles: sirot
Platform: Microsoft Windows 10 Home Version 21H1 19043.1826 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(explorer.exe ->) (Cole Williams Software Limited -> ) C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.554.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194736 2022-07-16] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (No File)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [71760 2021-01-17] (Cole Williams Software Limited -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe" (No File)
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\Run: [Viber] => C:\Users\sirot\AppData\Local\Viber\Viber.exe [52488008 2022-03-30] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2021-10-19]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {6ADCD440-70EC-4E6A-B4CE-8EFAD9B11902} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {7BBE54BD-A90F-4B38-BD25-E1E931363E86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {8ADBBD17-029A-42DA-B58A-1ED3957B88AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
Task: {D78F6185-9195-4C0F-8AF7-80EA90313CCE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D833A2C9-0BC4-4B41-B66B-0CF289B7F23F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
Task: {EEC4D0D4-2347-40BA-8C28-80346AA2EB4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d54f72e0-43a7-4314-88b1-8b979a74e193}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f013dfee-1986-409f-944a-410ef2d705d9}: [DhcpNameServer] 10.0.0.138
Edge:
=======
Edge Profile: C:\Users\sirot\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-31]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-07-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default [2022-08-07]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://smartcaptchasolve.top; hxxps://www.aliexpress.com; hxxps://www.expondo.cz; hxxps://www.facebook.com; hxxps://www.prvni-lekarna.cz; hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Seznam doplněk - Email) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2021-07-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-25]
CHR Extension: (Save to Facebook) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2021-06-13]
CHR Extension: (Netpanel) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbidbgoheiddfilfipcobicemncfogno [2022-07-22]
CHR Extension: (Black Blue Nebula) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjbgbhoefhnnoldipdojpenemkdjgfg [2021-04-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-05]
CHR Profile: C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3342536 2022-07-16] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3342536 2022-07-16] (ESET, spol. s r.o. -> ESET)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-09-12] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 cdrombus; C:\WINDOWS\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-19] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-19] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [192880 2022-07-16] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [116960 2022-07-16] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [234192 2022-07-16] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [52880 2022-07-16] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [79216 2022-07-16] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [119528 2022-07-16] (ESET, spol. s r.o. -> ESET)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [59840 2015-11-16] (WDKTestCert sys_dpebuild,130674149657513416 -> Intel Corporation)
S3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [443664 2022-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-09] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-08-07 22:10 - 2022-08-07 22:14 - 000012774 _____ C:\Users\sirot\Desktop\FRST.txt
2022-08-06 18:38 - 2022-08-07 22:12 - 000000000 ____D C:\FRST
2022-08-06 18:20 - 2022-08-06 18:22 - 002370048 _____ (Farbar) C:\Users\sirot\Desktop\FRST64.exe
2022-08-06 14:48 - 2022-08-06 14:49 - 229523756 _____ C:\Users\sirot\Downloads\6ca3d6fb-1a26-4799-a89f-f1f32eb2d388.tmp
2022-07-22 20:00 - 2022-07-22 20:17 - 000000000 ____D C:\Users\sirot\Desktop\sd sarka
2022-07-22 18:23 - 2022-07-22 20:32 - 000000000 ____D C:\Users\sirot\Desktop\ssss
2022-07-16 10:11 - 2022-07-16 10:11 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-16 10:11 - 2022-07-16 10:11 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-16 10:11 - 2022-07-16 10:11 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-16 10:11 - 2022-07-16 10:11 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-16 10:11 - 2022-07-16 10:11 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-16 10:11 - 2022-07-16 10:11 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-16 10:10 - 2022-07-16 10:10 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-16 10:10 - 2022-07-16 10:10 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-16 10:10 - 2022-07-16 10:10 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-16 10:10 - 2022-07-16 10:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-16 10:10 - 2022-07-16 10:10 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-16 10:10 - 2022-07-16 10:10 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-16 10:10 - 2022-07-16 10:10 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-16 10:08 - 2022-07-16 10:08 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-16 10:08 - 2022-07-16 10:08 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-16 10:06 - 2022-07-16 10:06 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-16 10:06 - 2022-07-16 10:06 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-16 10:06 - 2022-07-16 10:06 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-16 10:05 - 2022-07-16 10:05 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-15 16:41 - 2022-07-15 16:41 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-08-07 22:13 - 2021-04-05 23:06 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-07 22:03 - 2021-04-05 22:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-07 22:03 - 2021-04-05 21:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-07 18:39 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-07 18:38 - 2021-04-05 22:16 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-07 18:38 - 2021-04-05 22:04 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-07 08:04 - 2021-04-05 22:32 - 000000000 __SHD C:\Users\sirot\IntelGraphicsProfiles
2022-08-07 08:03 - 2021-04-05 22:30 - 000000000 ____D C:\Users\sirot
2022-08-07 08:00 - 2021-04-05 21:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-07 08:00 - 2021-04-05 21:55 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-06 14:53 - 2021-04-05 21:39 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-07-27 18:27 - 2021-04-05 22:15 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-27 18:27 - 2021-04-05 22:15 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-22 18:21 - 2021-04-05 23:07 - 000002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-17 20:44 - 2021-04-05 22:00 - 000000000 ____D C:\WINDOWS\INF
2022-07-16 17:44 - 2021-05-09 08:41 - 000116960 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2022-07-16 17:44 - 2020-10-26 10:28 - 000052880 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2022-07-16 17:44 - 2020-10-26 09:28 - 000234192 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2022-07-16 17:44 - 2020-10-26 09:28 - 000192880 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2022-07-16 17:44 - 2020-10-26 09:28 - 000119528 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2022-07-16 17:44 - 2020-10-26 09:28 - 000079216 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2022-07-16 10:48 - 2022-05-11 23:47 - 000714320 _____ C:\WINDOWS\system32\perfh005.dat
2022-07-16 10:48 - 2022-05-11 23:47 - 000144002 _____ C:\WINDOWS\system32\perfc005.dat
2022-07-16 10:48 - 2021-04-05 22:23 - 001683936 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-16 10:40 - 2022-05-06 20:53 - 000445728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-16 10:37 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-16 10:37 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-16 10:37 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-16 10:29 - 2021-04-05 21:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-16 10:05 - 2021-04-05 21:59 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-16 08:47 - 2021-04-05 22:38 - 000000000 ____D C:\Users\sirot\AppData\Local\PlaceholderTileLogoFolder
2022-07-15 16:32 - 2021-04-06 00:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-15 16:04 - 2021-04-06 00:04 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-13 17:03 - 2021-04-13 20:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-07-13 17:01 - 2022-01-02 20:41 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-07-13 17:01 - 2022-01-02 20:41 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-07-12 18:09 - 2022-07-06 15:51 - 000000000 ____D C:\Users\sirot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2022-07-12 18:09 - 2022-07-06 15:50 - 000000000 ____D C:\Users\sirot\AppData\Local\WhatsApp
2022-07-12 18:08 - 2022-07-06 15:51 - 000000000 ____D C:\Users\sirot\AppData\Roaming\WhatsApp
==================== Files in the root of some directories ========
2021-06-10 18:52 - 2021-06-10 18:52 - 000000001 _____ () C:\Users\sirot\AppData\Local\llftool.4.40.agreement
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-08-2022
Ran by sirot (administrator) on DESKTOP-2QB9P90 (Acer Aspire ES1-512) (07-08-2022 22:10:30)
Running from C:\Users\sirot\Desktop
Loaded Profiles: sirot
Platform: Microsoft Windows 10 Home Version 21H1 19043.1826 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(explorer.exe ->) (Cole Williams Software Limited -> ) C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22052.554.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16405744 2015-09-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [194736 2022-07-16] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (No File)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [71760 2021-01-17] (Cole Williams Software Limited -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe" (No File)
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\Run: [Viber] => C:\Users\sirot\AppData\Local\Viber\Viber.exe [52488008 2022-03-30] (Viber Media S.à r.l. -> Viber Media S.Ã r.l.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2021-10-19]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe (Cole Williams Software Limited -> )
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {6ADCD440-70EC-4E6A-B4CE-8EFAD9B11902} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {7BBE54BD-A90F-4B38-BD25-E1E931363E86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {8ADBBD17-029A-42DA-B58A-1ED3957B88AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
Task: {D78F6185-9195-4C0F-8AF7-80EA90313CCE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D833A2C9-0BC4-4B41-B66B-0CF289B7F23F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
Task: {EEC4D0D4-2347-40BA-8C28-80346AA2EB4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d54f72e0-43a7-4314-88b1-8b979a74e193}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{f013dfee-1986-409f-944a-410ef2d705d9}: [DhcpNameServer] 10.0.0.138
Edge:
=======
Edge Profile: C:\Users\sirot\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-31]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-07-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default [2022-08-07]
CHR Notifications: Default -> hxxps://mail.google.com; hxxps://smartcaptchasolve.top; hxxps://www.aliexpress.com; hxxps://www.expondo.cz; hxxps://www.facebook.com; hxxps://www.prvni-lekarna.cz; hxxps://www.youtube.com
CHR HomePage: Default -> hxxps://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Seznam doplněk - Email) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2021-07-13]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-25]
CHR Extension: (Save to Facebook) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfikkaogpplgnfjmbjdpalkhclendgd [2021-06-13]
CHR Extension: (Netpanel) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbidbgoheiddfilfipcobicemncfogno [2022-07-22]
CHR Extension: (Black Blue Nebula) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjbgbhoefhnnoldipdojpenemkdjgfg [2021-04-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-05]
CHR Profile: C:\Users\sirot\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3342536 2022-07-16] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3342536 2022-07-16] (ESET, spol. s r.o. -> ESET)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-09-12] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 cdrombus; C:\WINDOWS\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-06-19] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-06-19] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [192880 2022-07-16] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [116960 2022-07-16] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [234192 2022-07-16] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\System32\drivers\ekbdflt.sys [52880 2022-07-16] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [79216 2022-07-16] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [119528 2022-07-16] (ESET, spol. s r.o. -> ESET)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [59840 2015-11-16] (WDKTestCert sys_dpebuild,130674149657513416 -> Intel Corporation)
S3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14680 2013-07-18] (Acer Incorporated -> Acer Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2022-04-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [443664 2022-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-09] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-08-07 22:10 - 2022-08-07 22:14 - 000012774 _____ C:\Users\sirot\Desktop\FRST.txt
2022-08-06 18:38 - 2022-08-07 22:12 - 000000000 ____D C:\FRST
2022-08-06 18:20 - 2022-08-06 18:22 - 002370048 _____ (Farbar) C:\Users\sirot\Desktop\FRST64.exe
2022-08-06 14:48 - 2022-08-06 14:49 - 229523756 _____ C:\Users\sirot\Downloads\6ca3d6fb-1a26-4799-a89f-f1f32eb2d388.tmp
2022-07-22 20:00 - 2022-07-22 20:17 - 000000000 ____D C:\Users\sirot\Desktop\sd sarka
2022-07-22 18:23 - 2022-07-22 20:32 - 000000000 ____D C:\Users\sirot\Desktop\ssss
2022-07-16 10:11 - 2022-07-16 10:11 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-16 10:11 - 2022-07-16 10:11 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-16 10:11 - 2022-07-16 10:11 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-16 10:11 - 2022-07-16 10:11 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-16 10:11 - 2022-07-16 10:11 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-16 10:11 - 2022-07-16 10:11 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-16 10:10 - 2022-07-16 10:10 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-16 10:10 - 2022-07-16 10:10 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-16 10:10 - 2022-07-16 10:10 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-16 10:10 - 2022-07-16 10:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-16 10:10 - 2022-07-16 10:10 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-16 10:10 - 2022-07-16 10:10 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-16 10:10 - 2022-07-16 10:10 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-16 10:08 - 2022-07-16 10:08 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-16 10:08 - 2022-07-16 10:08 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-16 10:06 - 2022-07-16 10:06 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-16 10:06 - 2022-07-16 10:06 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-16 10:06 - 2022-07-16 10:06 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-16 10:05 - 2022-07-16 10:05 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-15 16:41 - 2022-07-15 16:41 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-08-07 22:13 - 2021-04-05 23:06 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-07 22:03 - 2021-04-05 22:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-07 22:03 - 2021-04-05 21:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-08-07 18:39 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-08-07 18:38 - 2021-04-05 22:16 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-07 18:38 - 2021-04-05 22:04 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-07 08:04 - 2021-04-05 22:32 - 000000000 __SHD C:\Users\sirot\IntelGraphicsProfiles
2022-08-07 08:03 - 2021-04-05 22:30 - 000000000 ____D C:\Users\sirot
2022-08-07 08:00 - 2021-04-05 21:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-08-07 08:00 - 2021-04-05 21:55 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-06 14:53 - 2021-04-05 21:39 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-07-27 18:27 - 2021-04-05 22:15 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-27 18:27 - 2021-04-05 22:15 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-22 18:21 - 2021-04-05 23:07 - 000002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-17 20:44 - 2021-04-05 22:00 - 000000000 ____D C:\WINDOWS\INF
2022-07-16 17:44 - 2021-05-09 08:41 - 000116960 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2022-07-16 17:44 - 2020-10-26 10:28 - 000052880 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2022-07-16 17:44 - 2020-10-26 09:28 - 000234192 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2022-07-16 17:44 - 2020-10-26 09:28 - 000192880 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2022-07-16 17:44 - 2020-10-26 09:28 - 000119528 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2022-07-16 17:44 - 2020-10-26 09:28 - 000079216 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2022-07-16 10:48 - 2022-05-11 23:47 - 000714320 _____ C:\WINDOWS\system32\perfh005.dat
2022-07-16 10:48 - 2022-05-11 23:47 - 000144002 _____ C:\WINDOWS\system32\perfc005.dat
2022-07-16 10:48 - 2021-04-05 22:23 - 001683936 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-16 10:40 - 2022-05-06 20:53 - 000445728 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-16 10:37 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-16 10:37 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-16 10:37 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-16 10:36 - 2021-04-05 22:04 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-16 10:29 - 2021-04-05 21:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-16 10:05 - 2021-04-05 21:59 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-16 08:47 - 2021-04-05 22:38 - 000000000 ____D C:\Users\sirot\AppData\Local\PlaceholderTileLogoFolder
2022-07-15 16:32 - 2021-04-06 00:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-15 16:04 - 2021-04-06 00:04 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-13 17:03 - 2021-04-13 20:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-07-13 17:01 - 2022-01-02 20:41 - 000002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-07-13 17:01 - 2022-01-02 20:41 - 000002065 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-07-12 18:09 - 2022-07-06 15:51 - 000000000 ____D C:\Users\sirot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2022-07-12 18:09 - 2022-07-06 15:50 - 000000000 ____D C:\Users\sirot\AppData\Local\WhatsApp
2022-07-12 18:08 - 2022-07-06 15:51 - 000000000 ____D C:\Users\sirot\AppData\Roaming\WhatsApp
==================== Files in the root of some directories ========
2021-06-10 18:52 - 2021-06-10 18:52 - 000000001 _____ () C:\Users\sirot\AppData\Local\llftool.4.40.agreement
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka, starší notebook
OK. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe" (No File)
Task: {8ADBBD17-029A-42DA-B58A-1ED3957B88AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
Task: {D833A2C9-0BC4-4B41-B66B-0CF289B7F23F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
C:\Users\sirot\Downloads\6ca3d6fb-1a26-4799-a89f-f1f32eb2d388.tmp
C:\DumpStack.log.tmp
CustomCLSID: HKU\S-1-5-21-1551859246-199576435-3342040479-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll => No File
ContextMenuHandlers1_S-1-5-21-1551859246-199576435-3342040479-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1551859246-199576435-3342040479-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll -> No File
C:\$Recycle.Bin\S-1-5-21-1551859246-199576435-3342040479-1001\$RPF0Z7H.exe
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivka, starší notebook
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-08-2022
Ran by sirot (08-08-2022 10:46:42) Run:1
Running from C:\Users\sirot\Desktop
Loaded Profiles: sirot
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe" (No File)
Task: {8ADBBD17-029A-42DA-B58A-1ED3957B88AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
Task: {D833A2C9-0BC4-4B41-B66B-0CF289B7F23F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
C:\Users\sirot\Downloads\6ca3d6fb-1a26-4799-a89f-f1f32eb2d388.tmp
C:\DumpStack.log.tmp
CustomCLSID: HKU\S-1-5-21-1551859246-199576435-3342040479-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll => No File
ContextMenuHandlers1_S-1-5-21-1551859246-199576435-3342040479-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1551859246-199576435-3342040479-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll -> No File
C:\$Recycle.Bin\S-1-5-21-1551859246-199576435-3342040479-1001\$RPF0Z7H.exe
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-1551859246-199576435-3342040479-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Codec Pack Update Checker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8ADBBD17-029A-42DA-B58A-1ED3957B88AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ADBBD17-029A-42DA-B58A-1ED3957B88AF}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D833A2C9-0BC4-4B41-B66B-0CF289B7F23F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D833A2C9-0BC4-4B41-B66B-0CF289B7F23F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\Users\sirot\Downloads\6ca3d6fb-1a26-4799-a89f-f1f32eb2d388.tmp => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKU\S-1-5-21-1551859246-199576435-3342040479-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B} => removed successfully
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\Software\Classes\*\ShellEx\ContextMenuHandlers\ kwpsshellext => not found
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ kwpsshellext => not found
"C:\$Recycle.Bin\S-1-5-21-1551859246-199576435-3342040479-1001\$RPF0Z7H.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 408918474 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 3533085 B
Edge => 0 B
Chrome => 854360449 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 717106 B
NetworkService => 149543826 B
sirot => 182671031 B
RecycleBin => 53074 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-08-2022 10:55:37)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 10:55:38 ====
Ran by sirot (08-08-2022 10:46:42) Run:1
Running from C:\Users\sirot\Desktop
Loaded Profiles: sirot
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe" (No File)
Task: {8ADBBD17-029A-42DA-B58A-1ED3957B88AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
Task: {D833A2C9-0BC4-4B41-B66B-0CF289B7F23F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-05] (Google LLC -> Google LLC)
C:\Users\sirot\Downloads\6ca3d6fb-1a26-4799-a89f-f1f32eb2d388.tmp
C:\DumpStack.log.tmp
CustomCLSID: HKU\S-1-5-21-1551859246-199576435-3342040479-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll => No File
ContextMenuHandlers1_S-1-5-21-1551859246-199576435-3342040479-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-1551859246-199576435-3342040479-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\sirot\AppData\Local\Kingsoft\WPS Office\11.2.0.11074\office6\kwpsmenushellext64.dll -> No File
C:\$Recycle.Bin\S-1-5-21-1551859246-199576435-3342040479-1001\$RPF0Z7H.exe
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-1551859246-199576435-3342040479-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Codec Pack Update Checker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8ADBBD17-029A-42DA-B58A-1ED3957B88AF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ADBBD17-029A-42DA-B58A-1ED3957B88AF}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D833A2C9-0BC4-4B41-B66B-0CF289B7F23F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D833A2C9-0BC4-4B41-B66B-0CF289B7F23F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
C:\Users\sirot\Downloads\6ca3d6fb-1a26-4799-a89f-f1f32eb2d388.tmp => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKU\S-1-5-21-1551859246-199576435-3342040479-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B} => removed successfully
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\Software\Classes\*\ShellEx\ContextMenuHandlers\ kwpsshellext => not found
HKU\S-1-5-21-1551859246-199576435-3342040479-1001\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ kwpsshellext => not found
"C:\$Recycle.Bin\S-1-5-21-1551859246-199576435-3342040479-1001\$RPF0Z7H.exe" => not found
=========== EmptyTemp: ==========
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 408918474 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 3533085 B
Edge => 0 B
Chrome => 854360449 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 717106 B
NetworkService => 149543826 B
sirot => 182671031 B
RecycleBin => 53074 B
EmptyTemp: => 1.5 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-08-2022 10:55:37)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 10:55:38 ====
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka, starší notebook
Smazáno, log je již OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
- Rudy
- Site Admin
- Příspěvky: 118715
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka, starší notebook
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.