Zdravím a díky :)
Nic jsem nedělal, jen to včera restartoval a začlo to zase vyskakovat.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2022
Ran by PC (26-01-2022 17:47:46)
Running from C:\Users\PC\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) (2020-12-17 11:29:32)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2292173371-2852632103-4251059972-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2292173371-2852632103-4251059972-503 - Limited - Disabled)
Guest (S-1-5-21-2292173371-2852632103-4251059972-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2292173371-2852632103-4251059972-1003 - Limited - Enabled)
PC (S-1-5-21-2292173371-2852632103-4251059972-1000 - Administrator - Enabled) => C:\Users\PC
tobia (S-1-5-21-2292173371-2852632103-4251059972-1017 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2292173371-2852632103-4251059972-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Disabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Disabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 21.011.20039 - Adobe)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.8.0 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.88 - Piriform)
Discord (HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
eObčanka (HKLM\...\{29E42C78-1B6E-4A25-9829-6E007C157483}) (Version: 3.2.0.21483 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
ESET Security (HKLM\...\{6B1BBDBF-507A-4736-82B0-DE772C1D2AFE}) (Version: 15.0.23.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
GridinSoft Anti-Malware (HKLM-x32\...\GridinSoft Anti-Malware) (Version: 3.0.2 - GridinSoft LLC)
HappyFoto-Designer 5.4 (HKLM-x32\...\HappyFoto-Designer_is1) (Version: - )
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
K-Lite Codec Pack 12.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.5.0 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.69 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visio - cs-cz (HKLM\...\VisioProRetail - cs-cz) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
NVIDIA Ovladač řídící jednotky 3D Vision 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12527.22060 - Microsoft Corporation) Hidden
qBittorrent 4.4.0 (HKLM-x32\...\qBittorrent) (Version: 4.4.0 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.)
Roblox Player for PC (HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\roblox-player) (Version: - Roblox Corporation)
RogueKiller version 15.2.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.2.0.0 - Adlice Software)
Skype verze 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22a - Ghisler Software GmbH)
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VIA Platforma Ovladače zařízení (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zemana AntiMalware verze 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_CZ_is1) (Version: 15.0.1.8 - ZONER software)
Zoom (HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\ZoomUMX) (Version: 5.7.5 (1020) - Zoom Video Communications, Inc.)
Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-22] (Microsoft Corporation)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.45.4502.0_x86__ytsefhwckbdv6 [2022-01-22] (G5 Entertainment AB)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-01-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-01-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-22] (Microsoft Studios) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-20] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-20] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-01-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-01-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2022-01-20] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-01-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncShell64.dll [2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) =============
2022-01-23 20:49 - 2022-01-23 20:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2022-01-23 20:49 - 2022-01-23 20:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-25] (Google Inc -> Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-25] (Google Inc -> Google Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2022-01-26 07:47 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2021-08-28 14:30 - 2021-12-29 14:28 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:WindowsSysWow64;
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\nastol.com.ua-1571.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: EpicOnlineServices => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: Service KMSELDI => 2
HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\StartupApproved\Run: => "SpybotSD TeaTimer"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9F5CE521-6E47-41FE-B8C1-5469D344838D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{C39BC0C6-868C-4BD0-9B6E-13DB012D6A0F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{3363DEBC-E1FA-4D7C-B043-6E40A898DF13}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9BE885B3-C18D-4F44-B476-8D3D9E5231E0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7BC3F54A-2496-403F-A530-638187CADE65}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6FE4F99A-99FC-4EAE-9D11-CA98DCE45AF8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A7E6B1D7-4A57-4276-AC3E-3B3A1C5FD122}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A3831AA9-A7D2-4130-BDB7-C368E5F493A4}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3693A7D2-2E1C-42D6-8CEE-77F7AE5F7F28}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{D84BFC06-32DC-4B02-9688-29D5FC50DC3F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{808AFFCD-FC10-4E54-9C92-FD8A96876DCF}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{BA10A0AF-0273-4676-8DBC-4FA60005D87F}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe (ASUSTeK COMPUTER INC.) [File not signed]
FirewallRules: [{F4DE61D0-8EB4-465A-B93A-FA0A816A7247}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C92B0912-9396-4990-BCE9-309D54D93CAE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BF363008-BE9C-45DA-BBC4-9B39165606E2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{290951B4-96F5-402B-901A-1FD2518508A0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FA6492F7-4C17-4F88-956C-ED30928351B3}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{CDC3F501-DB35-4710-8170-9BB4417CC6BD}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{333A80A8-A3B8-4D09-8530-B0078D32B0CF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe => No File
FirewallRules: [{74917332-30C1-489B-A6F4-8252D60FCD66}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{04042E07-BF1C-4D6B-B47D-DF46BE591E3B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
20-01-2022 16:11:08 Installed Microsoft Office Professional Plus 2010
20-01-2022 17:35:32 Configured Microsoft Office Professional Plus 2010
22-01-2022 11:26:15 Operace obnovení
23-01-2022 20:41:48 Odebráno: Office 16 Click-to-Run Extensibility Component 64-bit Registration
25-01-2022 19:44:16 JRT Pre-Junkware Removal
25-01-2022 19:58:38 Installed Sophos Virus Removal Tool.
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/26/2022 05:51:09 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program ESET command-line scanner.
Program: ESET command-line scanner
Soubor:
Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.
Další údaje
Hodnota chyby: 00000000
Typ disku: 0
Error: (01/26/2022 05:51:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RPWVJJOUQAISEHSV.exe, verze: 10.24.18.0, časové razítko: 0x61b09ce1
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc000001d
Posun chyby: 0x000002619822610d
ID chybujícího procesu: 0x18bc
Čas spuštění chybující aplikace: 0x01d812d4e50db297
Cesta k chybující aplikaci: C:\Users\PC\AppData\Roaming\dvdcss\RPWVJJOUQAISEHSV.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 83fcc484-7779-4054-8022-bfc02c110495
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/26/2022 05:50:52 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program ESET command-line scanner.
Program: ESET command-line scanner
Soubor:
Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.
Další údaje
Hodnota chyby: 00000000
Typ disku: 0
Error: (01/26/2022 05:50:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RPWVJJOUQAISEHSV.exe, verze: 10.24.18.0, časové razítko: 0x61b09ce1
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc000001d
Posun chyby: 0x000001da2db2610d
ID chybujícího procesu: 0x262c
Čas spuštění chybující aplikace: 0x01d812d4dbec5628
Cesta k chybující aplikaci: C:\Users\PC\AppData\Roaming\dvdcss\RPWVJJOUQAISEHSV.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 86ad6dbb-b810-434d-84f3-f2f3d0df97ac
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/26/2022 05:50:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program ESET command-line scanner.
Program: ESET command-line scanner
Soubor:
Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.
Další údaje
Hodnota chyby: 00000000
Typ disku: 0
Error: (01/26/2022 05:50:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RPWVJJOUQAISEHSV.exe, verze: 10.24.18.0, časové razítko: 0x61b09ce1
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc000001d
Posun chyby: 0x000001dd1b22610d
ID chybujícího procesu: 0x259c
Čas spuštění chybující aplikace: 0x01d812d4cfe6a406
Cesta k chybující aplikaci: C:\Users\PC\AppData\Roaming\dvdcss\RPWVJJOUQAISEHSV.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: bdcb138a-4e32-4e30-bca9-a768b38d0281
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/26/2022 05:50:13 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program ESET command-line scanner.
Program: ESET command-line scanner
Soubor:
Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.
Další údaje
Hodnota chyby: 00000000
Typ disku: 0
Error: (01/26/2022 05:50:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RPWVJJOUQAISEHSV.exe, verze: 10.24.18.0, časové razítko: 0x61b09ce1
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc000001d
Posun chyby: 0x000001da1a15610d
ID chybujícího procesu: 0x2bb8
Čas spuštění chybující aplikace: 0x01d812d4c2b272c6
Cesta k chybující aplikaci: C:\Users\PC\AppData\Roaming\dvdcss\RPWVJJOUQAISEHSV.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 3d5fe713-b4fa-4e13-b49a-6393113fe8cf
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (01/26/2022 08:29:12 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: Nepodařilo se zavést knihovnu DLL oznámení o heslech C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter kvůli chybě 126. Ověřte, zda cesta ke knihovně DLL oznámení definovaná v registru (HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages) odkazuje na správnou absolutní cestu (<jednotka>:\<cesta>\<název_souboru>.<přípona>). Pokud je cesta ke knihovně DLL správná, ověřte, zda jsou ve stejném adresáři umístěny všechny podpůrné soubory a zda má systémový účet přístup pro čtení k cestě knihovny DLL i všem podpůrným souborům. O další podporu můžete požádat poskytovatele knihovny DLL oznámení. Podrobnější informace najdete na adrese http://go.microsoft.com/fwlink/?LinkId=245898.
Error: (01/26/2022 08:17:27 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/26/2022 08:17:27 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/26/2022 08:17:27 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/26/2022 08:17:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/26/2022 08:17:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (01/25/2022 09:42:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Optimalizace doručení přestala během spouštění reagovat.
Error: (01/25/2022 09:37:59 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: Nepodařilo se zavést knihovnu DLL oznámení o heslech C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter kvůli chybě 126. Ověřte, zda cesta ke knihovně DLL oznámení definovaná v registru (HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages) odkazuje na správnou absolutní cestu (<jednotka>:\<cesta>\<název_souboru>.<přípona>). Pokud je cesta ke knihovně DLL správná, ověřte, zda jsou ve stejném adresáři umístěny všechny podpůrné soubory a zda má systémový účet přístup pro čtení k cestě knihovny DLL i všem podpůrným souborům. O další podporu můžete požádat poskytovatele knihovny DLL oznámení. Podrobnější informace najdete na adrese http://go.microsoft.com/fwlink/?LinkId=245898.
Windows Defender:
================
Date: 2021-05-10 17:34:40
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {0D3D3DBA-B0B2-441B-9CFC-7854F4F82E2E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-05-10 17:16:58
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B7A0E1DE-63F9-4F42-8BD6-7FC756C8C9F1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-05-10 17:09:36
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5A0018CF-923A-4C56-87C7-DB7A6D675C70}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-05-10 16:56:02
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {74AF9039-9D6D-4EAA-9477-F75DFE1B7818}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2021-03-30 09:30:36
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {713D36FD-AAA0-4086-BC16-B7719EEC5FA0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\NETWORK SERVICE
Event[0]:
Date: 2021-07-14 12:58:49
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.343.957.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18300.4
Kód chyby: 0x8050a003
Popis chyby: Balíček neobsahuje aktuální soubor definic pro tento program. Další informace naleznete v nápovědě a podpoře.
Date: 2021-07-14 12:58:49
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.343.957.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18300.4
Kód chyby: 0x8050a003
Popis chyby: Balíček neobsahuje aktuální soubor definic pro tento program. Další informace naleznete v nápovědě a podpoře.
Date: 2021-07-14 12:58:49
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.343.957.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18300.4
Kód chyby: 0x8050a003
Popis chyby: Balíček neobsahuje aktuální soubor definic pro tento program. Další informace naleznete v nápovědě a podpoře.
Date: 2021-07-14 12:44:42
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.957.0
Předchozí verze bezpečnostních informací: 1.339.429.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80509004
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Date: 2021-07-14 12:44:42
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.343.957.0
Předchozí verze bezpečnostních informací: 1.339.429.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.18300.4
Předchozí verze modulu: 1.1.18100.6
Kód chyby: 0x80509004
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
CodeIntegrity:
===============
Date: 2022-01-26 17:43:10
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F1 04/08/2013
Motherboard: Gigabyte Technology Co., Ltd. 970A-DS3P
Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 53%
Total physical RAM: 6124.68 MB
Available physical RAM: 2843.83 MB
Total Virtual: 6572.68 MB
Available Virtual: 1951.62 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:273.71 GB) (Free:133.97 GB) NTFS
Drive d: () (Fixed) (Total:191.41 GB) (Free:165.77 GB) NTFS
\\?\Volume{9b24e7f7-b28b-11e6-b8f7-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS
\\?\Volume{69205244-0000-0000-0000-807344000000}\ () (Fixed) (Total:0.55 GB) (Free:0.12 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 69205244)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=273.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=562 MB) - (Type=27)
Partition 4: (Not Active) - (Size=191.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Trojan
Re: Trojan
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-01-2022
Ran by PC (administrator) on PC-PC (26-01-2022 17:43:54)
Running from C:\Users\PC\Downloads
Loaded Profiles: PC
Platform: Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) [File not signed] C:\Users\PC\AppData\Roaming\dvdcss\RPWVJJOUQAISEHSV.exe <5>
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\TiWorker.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19572536 2021-07-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [167496 2022-01-20] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [BingSvc] => C:\Users\PC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [146312 2020-08-27] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [779776 2014-03-13] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [Discord] => C:\Users\PC\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33268192 2021-08-10] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-25] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-11-24]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00E10E41-AE69-49C6-8E86-20CA62EA9373} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {0AA1A41D-7A5E-458B-AE48-7D84BF427F7F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {0C662DFF-17F3-46BB-B3BA-2A2A7C8D3D3E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform)
Task: {15C172D0-C2B0-44AA-BDD8-EE4C15FF3D9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {1CFA06EC-B186-4E68-BEF2-55F7A37CA759} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {23A5129D-10A4-48D2-857C-4BB1D877C779} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {320A5F0F-AC28-4B5E-BB87-8A216F9469D6} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (No File)
Task: {336F4125-5079-42D8-8432-F32F16113027} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2292173371-2852632103-4251059972-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A6A01FE-E659-4BB0-9277-2E95A201AD80} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {41898DB0-6D0A-47FA-8FC9-C7C5F8942A6E} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {41B8F9DE-290C-4CAC-AC61-BD425BDAD8A7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {489EBB81-22D6-4180-AD57-3481407EC5F1} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {50042B2E-A9AD-42F9-B2C2-0BC4F877958C} - System32\Tasks\RPWVJJOUQAISEHSV_run => C:\Users\PC\AppData\Roaming\dvdcss\RPWVJJOUQAISEHSV.exe [681432 2022-01-20] (ESET) [File not signed]
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D33D469-AE07-40CB-97B1-25D6EA5F603B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [1662552 2018-05-22] (McAfee, Inc. -> McAfee, Inc.)
Task: {63202385-0661-4B01-A168-1CAA055EA118} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-25] (Google Inc -> Google Inc.)
Task: {64259F42-E472-465A-8B04-8BB6F9B0E7A1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {645BD208-EFAC-4AD4-8BD0-066A6258354D} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe -Daily (No File)
Task: {646248B4-0F4C-484A-B7E4-06CFB5E39078} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {673228A0-F668-4A03-AE7C-ED3E77E69F0F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {6E79B20E-B9FC-482C-A4D4-69509E28ACD6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {709616F9-2E34-4938-9DF5-211AA511C152} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {71E23DA1-C573-485E-B7E4-7E39C6467C1D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {75D378B8-129B-45B8-BD65-5CBA71409B73} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {79452130-EFFE-4CF3-8C77-E0EB1BAA4357} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {79E6D19A-296C-47FC-946E-5607339E1FC1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {856669E1-22B7-46C1-99E5-74D702A8094F} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B59FCAC-971A-46BB-A0CC-97941FDB8066} - System32\Tasks\CCleanerSkipUAC - PC => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8B6CC2A6-862C-4D95-979C-5D97935A6020} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-25] (Google Inc -> Google Inc.)
Task: {90E22631-EA1F-4599-B60B-FFE297F6EF5F} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {9F2DEB12-2B28-4FB1-A9D5-3F1A5B2C05D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {A2870562-B9EF-4E86-BD09-DC7F7124266C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B5808259-0C25-4A6B-BAF9-F302216CB4CB} - System32\Tasks\{AACED256-ACBD-4C08-A00B-C84869D3FC69} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\AppData\Local\Temp\jre-8u151-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {BC66B33D-ACC7-4DF3-985D-EECAFFB5986E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {CA6BDF30-D939-41BC-AAAC-9E22D1DF8DB6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {CBD917C8-C4BA-48AF-8673-64F3D1021740} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {CC342248-F247-4F17-96E1-91AEFB922FB3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC46C1AE-5052-473E-8AFC-68DBA191CBDB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {CE26B0B8-820B-4787-9E24-E7ADA473A067} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {CFEEDF4C-926D-437D-BD5C-35E9288DDF83} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D6A479DE-088D-4602-B84C-67DC4CA4475F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {DD065ABA-4AE4-48C2-9370-51E3B8F39AD6} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [14324688 2015-10-08] (Gridinsoft, LLC -> GridinSoft LLC) [File not signed]
Task: {E57A7E3B-1662-4403-AB11-F9F8F98E7DA6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E63A5A82-B1D1-4063-80FD-E8CDAB5B0F3D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {E66A3F49-F5C5-470E-B220-9C238BB7FCCA} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {E689D025-0F7B-4831-9966-AEA371D34BB7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {EFA39FFB-EC48-40E2-927A-9EC598AB5651} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4C35CAD-9200-4794-AB5C-0D274BC7D20B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {F4E66301-F17D-4ACA-9746-0684A5D985F4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {FF514C9A-A0D5-4BDE-982A-CD85DEE7A7E6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d5174a16-5bd2-4052-a286-1c93cefa5495}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 4
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: aywsrjoi.default
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default [2022-01-26]
FF Homepage: Mozilla\Firefox\Profiles\aywsrjoi.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\aywsrjoi.default -> about:newtab
FF Extension: (Bing Search) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-12-08] [Legacy]
FF Extension: (Seznam pro Firefox - Esko) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\sko-extension@firma.seznam.cz [2022-01-26]
FF Extension: (Seznam doplněk - Esko) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-12-05]
FF Extension: (Seznam lištička) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-10-31] [Legacy]
FF Extension: (Seznam doplněk - Email) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-12-05]
FF Extension: (Site Deployment Checker) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\features\{4da277d6-6238-4cfb-900a-42f71c945cd1}\deployment-checker@mozilla.org.xpi [2017-03-30] [Legacy]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\searchplugins\bing-.xml [2016-12-09]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-01-26]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-01-26]
CHR Notifications: Profile 1 -> hxxps://www.tipsport.cz
CHR HomePage: Profile 1 -> hxxp://seznam.cz/
CHR Extension: (Prezentace) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-01-26]
CHR Extension: (Dokumenty) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2022-01-26]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-01-26]
CHR Extension: (Seznam doplněk - Email) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2022-01-26]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-01-26]
CHR Extension: (Tabulky) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-01-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-01-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-26]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2022-01-26]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-01-26]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\System Profile [2022-01-26]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-20] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-20] (ESET, spol. s r.o. -> ESET)
S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncHelper.exe [3354520 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
U2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-01-25] (Malwarebytes Inc -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\OneDriveUpdaterService.exe [3812248 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14386160 2022-01-20] (ADLICE -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2022-01-25] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [184464 2022-01-20] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [122944 2022-01-20] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [201976 2022-01-20] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43904 2022-01-20] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [69704 2022-01-20] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [110560 2022-01-20] (ESET, spol. s r.o. -> ESET)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-01-25] (Malwarebytes Inc -> Malwarebytes)
S3 TrojanKillerDriver; C:\WINDOWS\System32\DRIVERS\gtkdrv.sys [17568 2015-10-07] (Gridinsoft, LLC -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-07-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425192 2021-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-14] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-01-26 17:36 - 2022-01-26 17:36 - 002311680 _____ (Farbar) C:\Users\PC\Downloads\FRST64 (1).exe
2022-01-26 08:30 - 2022-01-26 08:30 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-01-26 08:30 - 2022-01-26 08:30 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-01-26 08:30 - 2022-01-26 08:30 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-01-26 08:27 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2022-01-26 08:14 - 2022-01-26 08:31 - 000000000 ____D C:\zoek
2022-01-26 07:38 - 2022-01-26 08:19 - 000000000 ____D C:\zoek_backup
2022-01-26 07:37 - 2022-01-26 07:37 - 000000000 ____D C:\Users\PC\Downloads\zoek1 (1)
2022-01-26 07:36 - 2022-01-26 07:36 - 001800862 _____ C:\Users\PC\Downloads\zoek1 (1).rar
2022-01-25 21:43 - 2022-01-25 21:43 - 000000000 ____D C:\ProgramData\Sophos
2022-01-25 21:39 - 2022-01-26 09:46 - 000000000 ____D C:\Users\PC\AppData\LocalLow\IGDump
2022-01-25 21:34 - 2022-01-25 21:35 - 185115928 _____ (Sophos Limited) C:\Users\PC\Downloads\Sophos Virus Removal Tool.exe
2022-01-25 21:19 - 2022-01-26 17:46 - 001543131 _____ C:\WINDOWS\ZAM.krnl.trace
2022-01-25 21:19 - 2022-01-25 21:19 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2022-01-25 21:19 - 2022-01-25 21:19 - 000003532 _____ C:\WINDOWS\system32\Tasks\AMHelper
2022-01-25 21:19 - 2022-01-25 21:19 - 000001333 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2022-01-25 21:19 - 2022-01-25 21:19 - 000000000 ____D C:\Users\PC\AppData\Local\Zemana
2022-01-25 21:19 - 2022-01-25 21:19 - 000000000 ____D C:\Users\PC\AppData\Local\AMSDK
2022-01-25 21:19 - 2022-01-25 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2022-01-25 21:19 - 2022-01-25 21:19 - 000000000 ____D C:\Program Files (x86)\Zemana
2022-01-25 21:18 - 2022-01-25 21:18 - 013922376 _____ (Zemana Ltd. ) C:\Users\PC\Downloads\AntiMalware_Setup.exe
2022-01-25 20:37 - 2022-01-25 20:37 - 000000000 ____D C:\Users\PC\Documents\Vlastní šablony Office
2022-01-25 20:30 - 2022-01-25 20:30 - 000003378 _____ C:\Users\PC\Desktop\RK.txt
2022-01-25 20:26 - 2022-01-26 08:35 - 000000000 ____D C:\ProgramData\RogueKiller
2022-01-25 20:26 - 2022-01-25 20:26 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-01-25 20:26 - 2022-01-25 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-01-25 20:26 - 2022-01-25 20:26 - 000000000 ____D C:\Program Files\RogueKiller
2022-01-25 20:23 - 2022-01-25 20:24 - 042051760 _____ (Adlice Software ) C:\Users\PC\Downloads\RogueKiller_setup.exe
2022-01-25 20:09 - 2022-01-25 20:09 - 000001741 _____ C:\Users\PC\Downloads\Sken Malwarebytes_1.txt
2022-01-25 20:08 - 2022-01-25 20:08 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2022-01-25 20:08 - 2022-01-25 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2022-01-25 20:08 - 2022-01-25 20:08 - 000000000 ____D C:\Program Files (x86)\Sophos
2022-01-25 19:50 - 2022-01-25 19:50 - 000000963 _____ C:\Users\PC\Desktop\JRT.txt
2022-01-25 19:28 - 2022-01-25 19:28 - 001790024 _____ (Malwarebytes) C:\Users\PC\Downloads\JRT.exe
2022-01-25 18:54 - 2022-01-25 18:54 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-01-25 18:54 - 2022-01-25 18:54 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-01-25 18:54 - 2022-01-25 18:54 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-01-25 18:54 - 2022-01-25 18:53 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-01-25 18:54 - 2022-01-25 18:53 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-01-25 18:53 - 2022-01-25 18:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-01-25 18:53 - 2022-01-25 18:53 - 000000000 ____D C:\Program Files\Malwarebytes
2022-01-25 18:52 - 2022-01-25 18:52 - 002911928 _____ (Malwarebytes) C:\Users\PC\Downloads\MBSetup.exe
2022-01-25 18:45 - 2022-01-25 19:25 - 000000000 ____D C:\AdwCleaner
2022-01-25 18:43 - 2022-01-25 18:43 - 008540344 _____ (Malwarebytes) C:\Users\PC\Downloads\AdwCleaner.exe
2022-01-25 18:25 - 2022-01-25 18:25 - 000448512 _____ (OldTimer Tools) C:\Users\PC\Downloads\TFC.exe
2022-01-25 18:23 - 2022-01-25 18:23 - 000050688 _____ (Atribune.org) C:\Users\PC\Downloads\ATF-Cleaner.exe
2022-01-25 12:26 - 2022-01-25 12:26 - 000388608 _____ (Trend Micro Inc.) C:\Users\PC\Downloads\hijackthis.exe
2022-01-24 18:42 - 2022-01-24 18:42 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2022-01-23 21:24 - 2022-01-23 21:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-01-23 20:51 - 2022-01-23 20:51 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2022-01-23 20:51 - 2022-01-23 20:51 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-01-23 20:51 - 2022-01-23 20:51 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-01-23 20:51 - 2022-01-23 20:51 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-01-23 20:51 - 2022-01-23 20:51 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-01-23 20:49 - 2022-01-23 20:49 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-01-23 10:12 - 2022-01-23 10:12 - 001207208 _____ (Gridinsoft LLC) C:\Users\PC\Downloads\setup.exe
2022-01-22 18:01 - 2022-01-26 08:37 - 000003298 _____ C:\WINDOWS\system32\Tasks\GridinSoft Anti-Malware
2022-01-22 17:46 - 2022-01-22 17:46 - 000000934 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2022-01-22 17:45 - 2022-01-22 19:37 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2022-01-22 17:17 - 2022-01-23 11:08 - 000001070 _____ C:\Users\PC\Desktop\Rkill.txt
2022-01-22 17:17 - 2022-01-22 17:17 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\rkill64.exe
2022-01-22 17:15 - 2022-01-22 17:27 - 000000000 ____D C:\Users\PC\Downloads\výstup
2022-01-22 17:07 - 2022-01-22 17:07 - 000074526 _____ C:\Users\PC\Downloads\Shortcut.txt
2022-01-22 17:06 - 2022-01-22 17:06 - 005659583 _____ (Swearware) C:\Users\PC\Downloads\ComboFix.exe
2022-01-22 17:06 - 2022-01-22 17:06 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\rkill.exe
2022-01-22 17:02 - 2022-01-22 17:07 - 000048741 _____ C:\Users\PC\Downloads\Addition.txt
2022-01-22 16:56 - 2022-01-26 17:46 - 000025926 _____ C:\Users\PC\Downloads\FRST.txt
2022-01-22 16:55 - 2022-01-26 17:45 - 000000000 ____D C:\FRST
2022-01-22 16:50 - 2022-01-22 16:54 - 002311680 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2022-01-22 14:37 - 2022-01-25 18:03 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-01-22 14:37 - 2022-01-25 18:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2022-01-22 14:34 - 2022-01-22 14:37 - 000000000 ____D C:\Users\PC\Downloads\spybotsd162
2022-01-22 14:31 - 2022-01-22 14:31 - 016408977 _____ C:\Users\PC\Downloads\spybotsd162.rar
2022-01-21 16:44 - 2022-01-21 16:44 - 000011848 _____ C:\Users\PC\Downloads\[SkT]GridinSoft_Anti-Malware__Ultimate_Silent_Security_v3.0.2_(CZ).torrent
2022-01-21 13:08 - 2022-01-21 13:08 - 000000000 ____D C:\Users\PC\AppData\Local\mbam
2022-01-21 11:42 - 2022-01-22 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2022-01-21 11:42 - 2022-01-21 11:42 - 000000000 ____D C:\ProgramData\GridinSoft
2022-01-20 23:37 - 2022-01-20 23:37 - 000037552 _____ C:\url_setting_definitions.txt
2022-01-20 16:16 - 2022-01-20 16:16 - 000000000 ____D C:\WINDOWS\PCHEALTH
2022-01-20 16:16 - 2022-01-20 16:16 - 000000000 ____D C:\Program Files\Microsoft Sync Framework
2022-01-20 16:16 - 2022-01-20 16:16 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2022-01-20 16:14 - 2022-01-22 12:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2022-01-20 16:14 - 2022-01-20 16:14 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2022-01-20 16:14 - 2022-01-20 16:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2022-01-20 16:13 - 2022-01-24 11:42 - 000000000 ____D C:\Program Files\Microsoft Office
2022-01-20 16:12 - 2022-01-20 16:12 - 000000000 __RHD C:\MSOCache
2022-01-20 15:47 - 2022-01-20 15:47 - 000014871 _____ C:\Users\PC\Downloads\[SkT]Microsoft_Office_2010_CZ_32_bit,_64_bit_Profesional_Plus.torrent
2022-01-20 15:39 - 2022-01-20 15:39 - 000384038 _____ C:\Users\PC\Documents\cc_20220120_153903.reg
2022-01-20 15:39 - 2022-01-20 15:39 - 000037942 _____ C:\Users\PC\Documents\cc_20220120_153945.reg
2022-01-20 15:06 - 2022-01-20 15:06 - 000003214 _____ C:\WINDOWS\system32\Tasks\RPWVJJOUQAISEHSV_run
2022-01-20 15:03 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2022-01-18 09:19 - 2022-01-18 09:19 - 000000000 ____D C:\Users\PC\AppData\Local\SolidDocuments
2022-01-17 23:07 - 2022-01-17 23:07 - 000007788 _____ C:\Users\PC\Documents\cc_20220117_230724.reg
2022-01-17 23:07 - 2022-01-17 23:07 - 000000728 _____ C:\Users\PC\Documents\cc_20220117_230748.reg
2022-01-17 15:02 - 2022-01-17 15:06 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-01-17 15:02 - 2022-01-17 15:06 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-01-17 15:00 - 2022-01-17 15:00 - 000000000 ____D C:\Program Files\Adobe
2022-01-17 14:58 - 2022-01-17 15:00 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-01-12 10:17 - 2022-01-12 10:17 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-12 10:17 - 2022-01-12 10:17 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-12 10:17 - 2022-01-12 10:17 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-12 09:27 - 2022-01-12 09:27 - 000000000 ___HD C:\$WinREAgent
2022-01-10 17:25 - 2022-01-10 17:25 - 000015544 _____ C:\Users\PC\Downloads\[SkT]VA_-_Bravo_the_Hits_2021_FLAC.torrent
2022-01-10 17:20 - 2022-01-21 16:47 - 000000000 ____D C:\Users\PC\Downloads\temp
2022-01-10 17:16 - 2022-01-10 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-01-10 17:16 - 2022-01-10 17:16 - 000000000 ____D C:\Program Files\qBittorrent
2022-01-10 17:14 - 2022-01-10 17:14 - 030177492 _____ (The qBittorrent project) C:\Users\PC\Downloads\qbittorrent_4.4.0_x64_setup.exe
2022-01-10 17:12 - 2022-01-10 17:12 - 000018305 _____ C:\Users\PC\Downloads\[SkT]VA-BRAVO_Hits_Vol.114-WEB-(2021)_320_kbit_s.torrent
2022-01-10 17:12 - 2022-01-10 17:12 - 000018119 _____ C:\Users\PC\Downloads\[SkT]VA_-_Bravo_Hits_Vol._115_(2021)_MP3.torrent
2022-01-10 17:11 - 2022-01-10 17:11 - 000018353 _____ C:\Users\PC\Downloads\[SkT]VA_-_Bravo_Hits_Vol.113.torrent
2022-01-10 12:18 - 2022-01-10 18:02 - 000000000 ____D C:\Users\PC\Desktop\Pracovní boty
2022-01-08 09:59 - 2022-01-08 09:59 - 000000552 _____ C:\Users\PC\Documents\cc_20220108_095919.reg
2022-01-08 09:58 - 2022-01-08 09:58 - 000001894 _____ C:\Users\PC\Documents\cc_20220108_095852.reg
2022-01-07 13:22 - 2022-01-22 19:35 - 000771242 _____ C:\WINDOWS\system32\perfh007.dat
2022-01-07 13:22 - 2022-01-22 19:35 - 000166302 _____ C:\WINDOWS\system32\perfc007.dat
2022-01-07 13:22 - 2022-01-07 13:22 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2022-01-07 13:22 - 2022-01-07 13:21 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat
2022-01-07 13:22 - 2022-01-07 13:21 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat
2022-01-07 13:21 - 2022-01-07 13:21 - 000000000 ____D C:\WINDOWS\system32\de
2022-01-06 14:03 - 2022-01-06 14:03 - 019447836 _____ C:\Users\PC\Downloads\Photos-001 (3).zip
2022-01-04 12:33 - 2022-01-04 13:16 - 000000000 ____D C:\Users\PC\Desktop\Košile
2022-01-01 15:14 - 2022-01-01 15:14 - 005052791 _____ C:\Users\PC\Desktop\Uzivatelsky-manual-pro-telefony-Xiaomi.pdf
2022-01-01 14:50 - 2022-01-01 14:50 - 000000000 ____D C:\Users\PC\AppData\Local\EopAuthApp
2022-01-01 14:03 - 2022-01-01 14:03 - 000002150 _____ C:\Users\Public\Desktop\eObčanka - Správce karty.lnk
2022-01-01 14:03 - 2022-01-01 14:03 - 000002145 _____ C:\Users\Public\Desktop\eObčanka - identifikace.lnk
2022-01-01 14:03 - 2022-01-01 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eObčanka
2022-01-01 14:03 - 2022-01-01 14:03 - 000000000 ____D C:\Program Files\eObcanka
2022-01-01 14:01 - 2022-01-01 14:01 - 019608704 _____ C:\Users\PC\Downloads\eObcanka_x64.exe
2021-12-31 00:11 - 2021-12-31 00:11 - 000160059 _____ C:\Users\PC\Desktop\Výpis Tobík.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-01-26 17:47 - 2016-11-25 17:44 - 000000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2022-01-26 17:39 - 2016-11-24 22:46 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-26 17:29 - 2021-02-17 10:11 - 000000000 ____D C:\Users\PC\AppData\Local\D3DSCache
2022-01-26 16:02 - 2020-12-17 12:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-26 11:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-26 09:22 - 2017-02-05 17:49 - 000000000 ____D C:\Program Files\CCleaner
2022-01-26 08:29 - 2020-12-17 12:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-26 08:29 - 2020-12-17 12:00 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-26 08:28 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-01-26 08:22 - 2017-04-17 11:55 - 000000000 ____D C:\Users\TEMP\AppData\Local\Google
2022-01-26 08:22 - 2017-01-12 17:50 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2022-01-26 06:18 - 2021-01-12 15:13 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6d465ce40d2de
2022-01-26 06:18 - 2020-12-17 12:28 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-25 19:34 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-25 19:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-25 18:54 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-01-25 18:36 - 2020-12-17 12:00 - 000453424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-25 18:35 - 2016-11-25 16:07 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-01-25 16:02 - 2016-11-24 22:46 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-25 15:56 - 2021-07-26 13:33 - 000000000 ____D C:\Users\PC\Desktop\Autopojištění Kooperativa
2022-01-25 14:09 - 2020-12-28 15:07 - 000002410 _____ C:\Users\PC\Desktop\Libor - Chrome.lnk
2022-01-25 14:09 - 2017-06-08 16:42 - 000002370 _____ C:\Users\PC\Desktop\Eva - Chrome.lnk
2022-01-24 11:42 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-01-24 09:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-24 09:18 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-23 12:48 - 2021-06-26 12:07 - 000000000 ____D C:\Users\PC\AppData\Roaming\.minecraft
2022-01-23 11:05 - 2021-04-04 15:38 - 000000000 ____D C:\Users\PC\AppData\Local\Discord
2022-01-23 10:15 - 2021-01-01 18:50 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-01-23 09:05 - 2020-01-15 23:00 - 000000000 ___RD C:\Users\PC\OneDrive
2022-01-23 08:55 - 2020-12-17 12:28 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-01-22 19:35 - 2020-12-17 12:18 - 002780754 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-22 19:35 - 2019-12-07 15:41 - 000750852 _____ C:\WINDOWS\system32\perfh005.dat
2022-01-22 19:35 - 2019-12-07 15:41 - 000162426 _____ C:\WINDOWS\system32\perfc005.dat
2022-01-22 17:25 - 2016-11-24 22:24 - 000000000 ____D C:\Users\PC\AppData\Local\VirtualStore
2022-01-22 16:52 - 2017-06-18 14:04 - 000000000 ____D C:\Users\PC\Downloads\Staženo filmy z torrentů
2022-01-22 14:44 - 2020-06-11 08:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-22 14:44 - 2020-06-11 08:23 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-22 14:34 - 2020-12-17 12:28 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-22 14:34 - 2020-12-17 12:28 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-22 14:21 - 2020-12-17 12:06 - 000000000 ____D C:\Users\PC
2022-01-22 14:15 - 2021-07-28 09:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-01-22 14:15 - 2020-12-17 12:06 - 000000000 ____D C:\Users\UpdatusUser
2022-01-22 14:15 - 2020-01-15 22:36 - 000000000 ____D C:\Program Files\Common Files\logishrd
2022-01-22 14:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-01-22 14:15 - 2019-12-06 18:42 - 000000000 ____D C:\Users\PC\AppData\Roaming\GHISLER
2022-01-22 14:15 - 2017-01-12 17:53 - 000000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2022-01-22 14:15 - 2016-11-24 22:57 - 000000000 ____D C:\Users\PC\AppData\Roaming\TP-LINK
2022-01-22 13:45 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2022-01-22 13:43 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-01-22 12:09 - 2011-04-12 09:45 - 000000000 ____D C:\WINDOWS\ShellNew
2022-01-20 15:52 - 2021-07-18 10:21 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-01-20 15:51 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI(2621)
2022-01-20 15:51 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI(2619)
2022-01-20 15:22 - 2020-12-17 11:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-01-20 15:07 - 2017-10-08 10:41 - 000000000 ____D C:\Users\PC\AppData\Roaming\dvdcss
2022-01-20 14:36 - 2020-01-15 22:52 - 000000000 ____D C:\Users\PC\AppData\Local\Packages
2022-01-20 14:07 - 2021-06-25 12:01 - 000201976 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000184464 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000122944 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000110560 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000069704 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000043904 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2022-01-20 12:37 - 2021-12-11 11:40 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2292173371-2852632103-4251059972-1000
2022-01-20 12:37 - 2021-07-18 10:21 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-01-20 12:37 - 2021-07-18 10:21 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-18 09:19 - 2016-11-25 16:24 - 000000000 ____D C:\Users\PC\AppData\Roaming\Adobe
2022-01-17 15:06 - 2020-12-17 12:28 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-17 14:58 - 2016-11-25 16:12 - 000000000 ____D C:\ProgramData\Adobe
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-12 10:28 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-12 09:21 - 2017-06-18 09:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-12 09:14 - 2017-06-18 09:57 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-08 10:07 - 2021-07-19 10:25 - 000000000 ____D C:\Users\PC\Desktop\Alagenex
2022-01-08 10:00 - 2016-11-25 16:12 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2022-01-08 09:52 - 2016-11-24 22:49 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-01-08 09:43 - 2021-01-01 19:27 - 000000000 ____D C:\WINDOWS\Minidump
2022-01-07 13:59 - 2020-01-15 22:59 - 000000000 ____D C:\Users\PC\AppData\Local\PlaceholderTileLogoFolder
2022-01-07 13:22 - 2020-12-17 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2022-01-07 13:21 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-01-07 13:21 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-01-07 13:21 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2022-01-07 13:00 - 2019-12-07 15:43 - 000000000 ____D C:\WINDOWS\OCR
2021-12-29 14:28 - 2021-08-28 14:30 - 000000436 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
==================== Files in the root of some directories ========
2021-04-04 15:54 - 2021-04-04 16:28 - 000000209 _____ () C:\Users\PC\AppData\Roaming\jjv5conf.json
2018-02-16 13:19 - 2018-02-16 13:19 - 000003584 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Ran by PC (administrator) on PC-PC (26-01-2022 17:43:54)
Running from C:\Users\PC\Downloads
Loaded Profiles: PC
Platform: Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) [File not signed] C:\Users\PC\AppData\Roaming\dvdcss\RPWVJJOUQAISEHSV.exe <5>
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\TiWorker.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19572536 2021-07-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [167496 2022-01-20] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [BingSvc] => C:\Users\PC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [146312 2020-08-27] (Microsoft Corporation -> © 2015 Microsoft Corporation)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2593128 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [779776 2014-03-13] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [Discord] => C:\Users\PC\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33268192 2021-08-10] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2292173371-2852632103-4251059972-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-25] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-11-24]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00E10E41-AE69-49C6-8E86-20CA62EA9373} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {0AA1A41D-7A5E-458B-AE48-7D84BF427F7F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {0C662DFF-17F3-46BB-B3BA-2A2A7C8D3D3E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform)
Task: {15C172D0-C2B0-44AA-BDD8-EE4C15FF3D9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {1CFA06EC-B186-4E68-BEF2-55F7A37CA759} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {23A5129D-10A4-48D2-857C-4BB1D877C779} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {320A5F0F-AC28-4B5E-BB87-8A216F9469D6} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (No File)
Task: {336F4125-5079-42D8-8432-F32F16113027} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2292173371-2852632103-4251059972-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A6A01FE-E659-4BB0-9277-2E95A201AD80} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {41898DB0-6D0A-47FA-8FC9-C7C5F8942A6E} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {41B8F9DE-290C-4CAC-AC61-BD425BDAD8A7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {489EBB81-22D6-4180-AD57-3481407EC5F1} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {50042B2E-A9AD-42F9-B2C2-0BC4F877958C} - System32\Tasks\RPWVJJOUQAISEHSV_run => C:\Users\PC\AppData\Roaming\dvdcss\RPWVJJOUQAISEHSV.exe [681432 2022-01-20] (ESET) [File not signed]
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D33D469-AE07-40CB-97B1-25D6EA5F603B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [1662552 2018-05-22] (McAfee, Inc. -> McAfee, Inc.)
Task: {63202385-0661-4B01-A168-1CAA055EA118} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-25] (Google Inc -> Google Inc.)
Task: {64259F42-E472-465A-8B04-8BB6F9B0E7A1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {645BD208-EFAC-4AD4-8BD0-066A6258354D} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe -Daily (No File)
Task: {646248B4-0F4C-484A-B7E4-06CFB5E39078} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {673228A0-F668-4A03-AE7C-ED3E77E69F0F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {6E79B20E-B9FC-482C-A4D4-69509E28ACD6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {709616F9-2E34-4938-9DF5-211AA511C152} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {71E23DA1-C573-485E-B7E4-7E39C6467C1D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {75D378B8-129B-45B8-BD65-5CBA71409B73} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {79452130-EFFE-4CF3-8C77-E0EB1BAA4357} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {79E6D19A-296C-47FC-946E-5607339E1FC1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {856669E1-22B7-46C1-99E5-74D702A8094F} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4078440 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B59FCAC-971A-46BB-A0CC-97941FDB8066} - System32\Tasks\CCleanerSkipUAC - PC => C:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8B6CC2A6-862C-4D95-979C-5D97935A6020} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-25] (Google Inc -> Google Inc.)
Task: {90E22631-EA1F-4599-B60B-FFE297F6EF5F} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {9F2DEB12-2B28-4FB1-A9D5-3F1A5B2C05D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {A2870562-B9EF-4E86-BD09-DC7F7124266C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B5808259-0C25-4A6B-BAF9-F302216CB4CB} - System32\Tasks\{AACED256-ACBD-4C08-A00B-C84869D3FC69} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\AppData\Local\Temp\jre-8u151-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {BC66B33D-ACC7-4DF3-985D-EECAFFB5986E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {CA6BDF30-D939-41BC-AAAC-9E22D1DF8DB6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {CBD917C8-C4BA-48AF-8673-64F3D1021740} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {CC342248-F247-4F17-96E1-91AEFB922FB3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC46C1AE-5052-473E-8AFC-68DBA191CBDB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {CE26B0B8-820B-4787-9E24-E7ADA473A067} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {CFEEDF4C-926D-437D-BD5C-35E9288DDF83} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D6A479DE-088D-4602-B84C-67DC4CA4475F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {DD065ABA-4AE4-48C2-9370-51E3B8F39AD6} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [14324688 2015-10-08] (Gridinsoft, LLC -> GridinSoft LLC) [File not signed]
Task: {E57A7E3B-1662-4403-AB11-F9F8F98E7DA6} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E63A5A82-B1D1-4063-80FD-E8CDAB5B0F3D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {E66A3F49-F5C5-470E-B220-9C238BB7FCCA} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {E689D025-0F7B-4831-9966-AEA371D34BB7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {EFA39FFB-EC48-40E2-927A-9EC598AB5651} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4C35CAD-9200-4794-AB5C-0D274BC7D20B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {F4E66301-F17D-4ACA-9746-0684A5D985F4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {FF514C9A-A0D5-4BDE-982A-CD85DEE7A7E6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d5174a16-5bd2-4052-a286-1c93cefa5495}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 4
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: aywsrjoi.default
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default [2022-01-26]
FF Homepage: Mozilla\Firefox\Profiles\aywsrjoi.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\aywsrjoi.default -> about:newtab
FF Extension: (Bing Search) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-12-08] [Legacy]
FF Extension: (Seznam pro Firefox - Esko) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\sko-extension@firma.seznam.cz [2022-01-26]
FF Extension: (Seznam doplněk - Esko) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-12-05]
FF Extension: (Seznam lištička) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-10-31] [Legacy]
FF Extension: (Seznam doplněk - Email) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-12-05]
FF Extension: (Site Deployment Checker) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\features\{4da277d6-6238-4cfb-900a-42f71c945cd1}\deployment-checker@mozilla.org.xpi [2017-03-30] [Legacy]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\searchplugins\bing-.xml [2016-12-09]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-01-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-01-26]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-01-26]
CHR Notifications: Profile 1 -> hxxps://www.tipsport.cz
CHR HomePage: Profile 1 -> hxxp://seznam.cz/
CHR Extension: (Prezentace) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-01-26]
CHR Extension: (Dokumenty) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2022-01-26]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-01-26]
CHR Extension: (Seznam doplněk - Email) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2022-01-26]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-01-26]
CHR Extension: (Tabulky) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-01-26]
CHR Extension: (Dokumenty Google offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-01-26]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-26]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2022-01-26]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-01-26]
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\System Profile [2022-01-26]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-20] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3141480 2022-01-20] (ESET, spol. s r.o. -> ESET)
S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\FileSyncHelper.exe [3354520 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
U2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-01-25] (Malwarebytes Inc -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.002.0103.0004\OneDriveUpdaterService.exe [3812248 2022-01-20] (Microsoft Corporation -> Microsoft Corporation)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14386160 2022-01-20] (ADLICE -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2022-01-25] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [184464 2022-01-20] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [122944 2022-01-20] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [201976 2022-01-20] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43904 2022-01-20] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [69704 2022-01-20] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [110560 2022-01-20] (ESET, spol. s r.o. -> ESET)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-01-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-01-25] (Malwarebytes Inc -> Malwarebytes)
S3 TrojanKillerDriver; C:\WINDOWS\System32\DRIVERS\gtkdrv.sys [17568 2015-10-07] (Gridinsoft, LLC -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-07-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425192 2021-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-14] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-01-26 17:36 - 2022-01-26 17:36 - 002311680 _____ (Farbar) C:\Users\PC\Downloads\FRST64 (1).exe
2022-01-26 08:30 - 2022-01-26 08:30 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-01-26 08:30 - 2022-01-26 08:30 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-01-26 08:30 - 2022-01-26 08:30 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-01-26 08:27 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2022-01-26 08:14 - 2022-01-26 08:31 - 000000000 ____D C:\zoek
2022-01-26 07:38 - 2022-01-26 08:19 - 000000000 ____D C:\zoek_backup
2022-01-26 07:37 - 2022-01-26 07:37 - 000000000 ____D C:\Users\PC\Downloads\zoek1 (1)
2022-01-26 07:36 - 2022-01-26 07:36 - 001800862 _____ C:\Users\PC\Downloads\zoek1 (1).rar
2022-01-25 21:43 - 2022-01-25 21:43 - 000000000 ____D C:\ProgramData\Sophos
2022-01-25 21:39 - 2022-01-26 09:46 - 000000000 ____D C:\Users\PC\AppData\LocalLow\IGDump
2022-01-25 21:34 - 2022-01-25 21:35 - 185115928 _____ (Sophos Limited) C:\Users\PC\Downloads\Sophos Virus Removal Tool.exe
2022-01-25 21:19 - 2022-01-26 17:46 - 001543131 _____ C:\WINDOWS\ZAM.krnl.trace
2022-01-25 21:19 - 2022-01-25 21:19 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2022-01-25 21:19 - 2022-01-25 21:19 - 000003532 _____ C:\WINDOWS\system32\Tasks\AMHelper
2022-01-25 21:19 - 2022-01-25 21:19 - 000001333 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2022-01-25 21:19 - 2022-01-25 21:19 - 000000000 ____D C:\Users\PC\AppData\Local\Zemana
2022-01-25 21:19 - 2022-01-25 21:19 - 000000000 ____D C:\Users\PC\AppData\Local\AMSDK
2022-01-25 21:19 - 2022-01-25 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2022-01-25 21:19 - 2022-01-25 21:19 - 000000000 ____D C:\Program Files (x86)\Zemana
2022-01-25 21:18 - 2022-01-25 21:18 - 013922376 _____ (Zemana Ltd. ) C:\Users\PC\Downloads\AntiMalware_Setup.exe
2022-01-25 20:37 - 2022-01-25 20:37 - 000000000 ____D C:\Users\PC\Documents\Vlastní šablony Office
2022-01-25 20:30 - 2022-01-25 20:30 - 000003378 _____ C:\Users\PC\Desktop\RK.txt
2022-01-25 20:26 - 2022-01-26 08:35 - 000000000 ____D C:\ProgramData\RogueKiller
2022-01-25 20:26 - 2022-01-25 20:26 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-01-25 20:26 - 2022-01-25 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-01-25 20:26 - 2022-01-25 20:26 - 000000000 ____D C:\Program Files\RogueKiller
2022-01-25 20:23 - 2022-01-25 20:24 - 042051760 _____ (Adlice Software ) C:\Users\PC\Downloads\RogueKiller_setup.exe
2022-01-25 20:09 - 2022-01-25 20:09 - 000001741 _____ C:\Users\PC\Downloads\Sken Malwarebytes_1.txt
2022-01-25 20:08 - 2022-01-25 20:08 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2022-01-25 20:08 - 2022-01-25 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2022-01-25 20:08 - 2022-01-25 20:08 - 000000000 ____D C:\Program Files (x86)\Sophos
2022-01-25 19:50 - 2022-01-25 19:50 - 000000963 _____ C:\Users\PC\Desktop\JRT.txt
2022-01-25 19:28 - 2022-01-25 19:28 - 001790024 _____ (Malwarebytes) C:\Users\PC\Downloads\JRT.exe
2022-01-25 18:54 - 2022-01-25 18:54 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-01-25 18:54 - 2022-01-25 18:54 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-01-25 18:54 - 2022-01-25 18:54 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-01-25 18:54 - 2022-01-25 18:53 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-01-25 18:54 - 2022-01-25 18:53 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-01-25 18:53 - 2022-01-25 18:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-01-25 18:53 - 2022-01-25 18:53 - 000000000 ____D C:\Program Files\Malwarebytes
2022-01-25 18:52 - 2022-01-25 18:52 - 002911928 _____ (Malwarebytes) C:\Users\PC\Downloads\MBSetup.exe
2022-01-25 18:45 - 2022-01-25 19:25 - 000000000 ____D C:\AdwCleaner
2022-01-25 18:43 - 2022-01-25 18:43 - 008540344 _____ (Malwarebytes) C:\Users\PC\Downloads\AdwCleaner.exe
2022-01-25 18:25 - 2022-01-25 18:25 - 000448512 _____ (OldTimer Tools) C:\Users\PC\Downloads\TFC.exe
2022-01-25 18:23 - 2022-01-25 18:23 - 000050688 _____ (Atribune.org) C:\Users\PC\Downloads\ATF-Cleaner.exe
2022-01-25 12:26 - 2022-01-25 12:26 - 000388608 _____ (Trend Micro Inc.) C:\Users\PC\Downloads\hijackthis.exe
2022-01-24 18:42 - 2022-01-24 18:42 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2022-01-23 21:24 - 2022-01-23 21:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2022-01-23 20:51 - 2022-01-23 20:51 - 000002541 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2022-01-23 20:51 - 2022-01-23 20:51 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-01-23 20:51 - 2022-01-23 20:51 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-01-23 20:51 - 2022-01-23 20:51 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-01-23 20:51 - 2022-01-23 20:51 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-01-23 20:49 - 2022-01-23 20:49 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-01-23 10:12 - 2022-01-23 10:12 - 001207208 _____ (Gridinsoft LLC) C:\Users\PC\Downloads\setup.exe
2022-01-22 18:01 - 2022-01-26 08:37 - 000003298 _____ C:\WINDOWS\system32\Tasks\GridinSoft Anti-Malware
2022-01-22 17:46 - 2022-01-22 17:46 - 000000934 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2022-01-22 17:45 - 2022-01-22 19:37 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2022-01-22 17:17 - 2022-01-23 11:08 - 000001070 _____ C:\Users\PC\Desktop\Rkill.txt
2022-01-22 17:17 - 2022-01-22 17:17 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\rkill64.exe
2022-01-22 17:15 - 2022-01-22 17:27 - 000000000 ____D C:\Users\PC\Downloads\výstup
2022-01-22 17:07 - 2022-01-22 17:07 - 000074526 _____ C:\Users\PC\Downloads\Shortcut.txt
2022-01-22 17:06 - 2022-01-22 17:06 - 005659583 _____ (Swearware) C:\Users\PC\Downloads\ComboFix.exe
2022-01-22 17:06 - 2022-01-22 17:06 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\PC\Downloads\rkill.exe
2022-01-22 17:02 - 2022-01-22 17:07 - 000048741 _____ C:\Users\PC\Downloads\Addition.txt
2022-01-22 16:56 - 2022-01-26 17:46 - 000025926 _____ C:\Users\PC\Downloads\FRST.txt
2022-01-22 16:55 - 2022-01-26 17:45 - 000000000 ____D C:\FRST
2022-01-22 16:50 - 2022-01-22 16:54 - 002311680 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2022-01-22 14:37 - 2022-01-25 18:03 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2022-01-22 14:37 - 2022-01-25 18:03 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2022-01-22 14:34 - 2022-01-22 14:37 - 000000000 ____D C:\Users\PC\Downloads\spybotsd162
2022-01-22 14:31 - 2022-01-22 14:31 - 016408977 _____ C:\Users\PC\Downloads\spybotsd162.rar
2022-01-21 16:44 - 2022-01-21 16:44 - 000011848 _____ C:\Users\PC\Downloads\[SkT]GridinSoft_Anti-Malware__Ultimate_Silent_Security_v3.0.2_(CZ).torrent
2022-01-21 13:08 - 2022-01-21 13:08 - 000000000 ____D C:\Users\PC\AppData\Local\mbam
2022-01-21 11:42 - 2022-01-22 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2022-01-21 11:42 - 2022-01-21 11:42 - 000000000 ____D C:\ProgramData\GridinSoft
2022-01-20 23:37 - 2022-01-20 23:37 - 000037552 _____ C:\url_setting_definitions.txt
2022-01-20 16:16 - 2022-01-20 16:16 - 000000000 ____D C:\WINDOWS\PCHEALTH
2022-01-20 16:16 - 2022-01-20 16:16 - 000000000 ____D C:\Program Files\Microsoft Sync Framework
2022-01-20 16:16 - 2022-01-20 16:16 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2022-01-20 16:14 - 2022-01-22 12:10 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2022-01-20 16:14 - 2022-01-20 16:14 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2022-01-20 16:14 - 2022-01-20 16:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2022-01-20 16:13 - 2022-01-24 11:42 - 000000000 ____D C:\Program Files\Microsoft Office
2022-01-20 16:12 - 2022-01-20 16:12 - 000000000 __RHD C:\MSOCache
2022-01-20 15:47 - 2022-01-20 15:47 - 000014871 _____ C:\Users\PC\Downloads\[SkT]Microsoft_Office_2010_CZ_32_bit,_64_bit_Profesional_Plus.torrent
2022-01-20 15:39 - 2022-01-20 15:39 - 000384038 _____ C:\Users\PC\Documents\cc_20220120_153903.reg
2022-01-20 15:39 - 2022-01-20 15:39 - 000037942 _____ C:\Users\PC\Documents\cc_20220120_153945.reg
2022-01-20 15:06 - 2022-01-20 15:06 - 000003214 _____ C:\WINDOWS\system32\Tasks\RPWVJJOUQAISEHSV_run
2022-01-20 15:03 - 2010-12-06 03:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2022-01-18 09:19 - 2022-01-18 09:19 - 000000000 ____D C:\Users\PC\AppData\Local\SolidDocuments
2022-01-17 23:07 - 2022-01-17 23:07 - 000007788 _____ C:\Users\PC\Documents\cc_20220117_230724.reg
2022-01-17 23:07 - 2022-01-17 23:07 - 000000728 _____ C:\Users\PC\Documents\cc_20220117_230748.reg
2022-01-17 15:02 - 2022-01-17 15:06 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-01-17 15:02 - 2022-01-17 15:06 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-01-17 15:00 - 2022-01-17 15:00 - 000000000 ____D C:\Program Files\Adobe
2022-01-17 14:58 - 2022-01-17 15:00 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-01-12 10:17 - 2022-01-12 10:17 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-12 10:17 - 2022-01-12 10:17 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-12 10:17 - 2022-01-12 10:17 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-12 09:27 - 2022-01-12 09:27 - 000000000 ___HD C:\$WinREAgent
2022-01-10 17:25 - 2022-01-10 17:25 - 000015544 _____ C:\Users\PC\Downloads\[SkT]VA_-_Bravo_the_Hits_2021_FLAC.torrent
2022-01-10 17:20 - 2022-01-21 16:47 - 000000000 ____D C:\Users\PC\Downloads\temp
2022-01-10 17:16 - 2022-01-10 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-01-10 17:16 - 2022-01-10 17:16 - 000000000 ____D C:\Program Files\qBittorrent
2022-01-10 17:14 - 2022-01-10 17:14 - 030177492 _____ (The qBittorrent project) C:\Users\PC\Downloads\qbittorrent_4.4.0_x64_setup.exe
2022-01-10 17:12 - 2022-01-10 17:12 - 000018305 _____ C:\Users\PC\Downloads\[SkT]VA-BRAVO_Hits_Vol.114-WEB-(2021)_320_kbit_s.torrent
2022-01-10 17:12 - 2022-01-10 17:12 - 000018119 _____ C:\Users\PC\Downloads\[SkT]VA_-_Bravo_Hits_Vol._115_(2021)_MP3.torrent
2022-01-10 17:11 - 2022-01-10 17:11 - 000018353 _____ C:\Users\PC\Downloads\[SkT]VA_-_Bravo_Hits_Vol.113.torrent
2022-01-10 12:18 - 2022-01-10 18:02 - 000000000 ____D C:\Users\PC\Desktop\Pracovní boty
2022-01-08 09:59 - 2022-01-08 09:59 - 000000552 _____ C:\Users\PC\Documents\cc_20220108_095919.reg
2022-01-08 09:58 - 2022-01-08 09:58 - 000001894 _____ C:\Users\PC\Documents\cc_20220108_095852.reg
2022-01-07 13:22 - 2022-01-22 19:35 - 000771242 _____ C:\WINDOWS\system32\perfh007.dat
2022-01-07 13:22 - 2022-01-22 19:35 - 000166302 _____ C:\WINDOWS\system32\perfc007.dat
2022-01-07 13:22 - 2022-01-07 13:22 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2022-01-07 13:22 - 2022-01-07 13:21 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat
2022-01-07 13:22 - 2022-01-07 13:21 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat
2022-01-07 13:21 - 2022-01-07 13:21 - 000000000 ____D C:\WINDOWS\system32\de
2022-01-06 14:03 - 2022-01-06 14:03 - 019447836 _____ C:\Users\PC\Downloads\Photos-001 (3).zip
2022-01-04 12:33 - 2022-01-04 13:16 - 000000000 ____D C:\Users\PC\Desktop\Košile
2022-01-01 15:14 - 2022-01-01 15:14 - 005052791 _____ C:\Users\PC\Desktop\Uzivatelsky-manual-pro-telefony-Xiaomi.pdf
2022-01-01 14:50 - 2022-01-01 14:50 - 000000000 ____D C:\Users\PC\AppData\Local\EopAuthApp
2022-01-01 14:03 - 2022-01-01 14:03 - 000002150 _____ C:\Users\Public\Desktop\eObčanka - Správce karty.lnk
2022-01-01 14:03 - 2022-01-01 14:03 - 000002145 _____ C:\Users\Public\Desktop\eObčanka - identifikace.lnk
2022-01-01 14:03 - 2022-01-01 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eObčanka
2022-01-01 14:03 - 2022-01-01 14:03 - 000000000 ____D C:\Program Files\eObcanka
2022-01-01 14:01 - 2022-01-01 14:01 - 019608704 _____ C:\Users\PC\Downloads\eObcanka_x64.exe
2021-12-31 00:11 - 2021-12-31 00:11 - 000160059 _____ C:\Users\PC\Desktop\Výpis Tobík.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-01-26 17:47 - 2016-11-25 17:44 - 000000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2022-01-26 17:39 - 2016-11-24 22:46 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-26 17:29 - 2021-02-17 10:11 - 000000000 ____D C:\Users\PC\AppData\Local\D3DSCache
2022-01-26 16:02 - 2020-12-17 12:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-26 11:15 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-26 09:22 - 2017-02-05 17:49 - 000000000 ____D C:\Program Files\CCleaner
2022-01-26 08:29 - 2020-12-17 12:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-26 08:29 - 2020-12-17 12:00 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-26 08:28 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-01-26 08:22 - 2017-04-17 11:55 - 000000000 ____D C:\Users\TEMP\AppData\Local\Google
2022-01-26 08:22 - 2017-01-12 17:50 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2022-01-26 06:18 - 2021-01-12 15:13 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6d465ce40d2de
2022-01-26 06:18 - 2020-12-17 12:28 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-25 19:34 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-25 19:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-25 18:54 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-01-25 18:36 - 2020-12-17 12:00 - 000453424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-25 18:35 - 2016-11-25 16:07 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-01-25 16:02 - 2016-11-24 22:46 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-25 15:56 - 2021-07-26 13:33 - 000000000 ____D C:\Users\PC\Desktop\Autopojištění Kooperativa
2022-01-25 14:09 - 2020-12-28 15:07 - 000002410 _____ C:\Users\PC\Desktop\Libor - Chrome.lnk
2022-01-25 14:09 - 2017-06-08 16:42 - 000002370 _____ C:\Users\PC\Desktop\Eva - Chrome.lnk
2022-01-24 11:42 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-01-24 09:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-24 09:18 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-23 12:48 - 2021-06-26 12:07 - 000000000 ____D C:\Users\PC\AppData\Roaming\.minecraft
2022-01-23 11:05 - 2021-04-04 15:38 - 000000000 ____D C:\Users\PC\AppData\Local\Discord
2022-01-23 10:15 - 2021-01-01 18:50 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2022-01-23 09:05 - 2020-01-15 23:00 - 000000000 ___RD C:\Users\PC\OneDrive
2022-01-23 08:55 - 2020-12-17 12:28 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-01-22 19:35 - 2020-12-17 12:18 - 002780754 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-22 19:35 - 2019-12-07 15:41 - 000750852 _____ C:\WINDOWS\system32\perfh005.dat
2022-01-22 19:35 - 2019-12-07 15:41 - 000162426 _____ C:\WINDOWS\system32\perfc005.dat
2022-01-22 17:25 - 2016-11-24 22:24 - 000000000 ____D C:\Users\PC\AppData\Local\VirtualStore
2022-01-22 16:52 - 2017-06-18 14:04 - 000000000 ____D C:\Users\PC\Downloads\Staženo filmy z torrentů
2022-01-22 14:44 - 2020-06-11 08:23 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-22 14:44 - 2020-06-11 08:23 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-22 14:34 - 2020-12-17 12:28 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-22 14:34 - 2020-12-17 12:28 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-22 14:21 - 2020-12-17 12:06 - 000000000 ____D C:\Users\PC
2022-01-22 14:15 - 2021-07-28 09:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-01-22 14:15 - 2020-12-17 12:06 - 000000000 ____D C:\Users\UpdatusUser
2022-01-22 14:15 - 2020-01-15 22:36 - 000000000 ____D C:\Program Files\Common Files\logishrd
2022-01-22 14:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-01-22 14:15 - 2019-12-06 18:42 - 000000000 ____D C:\Users\PC\AppData\Roaming\GHISLER
2022-01-22 14:15 - 2017-01-12 17:53 - 000000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2022-01-22 14:15 - 2016-11-24 22:57 - 000000000 ____D C:\Users\PC\AppData\Roaming\TP-LINK
2022-01-22 13:45 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\registration
2022-01-22 13:43 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-01-22 12:09 - 2011-04-12 09:45 - 000000000 ____D C:\WINDOWS\ShellNew
2022-01-20 15:52 - 2021-07-18 10:21 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-01-20 15:51 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI(2621)
2022-01-20 15:51 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI(2619)
2022-01-20 15:22 - 2020-12-17 11:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-01-20 15:07 - 2017-10-08 10:41 - 000000000 ____D C:\Users\PC\AppData\Roaming\dvdcss
2022-01-20 14:36 - 2020-01-15 22:52 - 000000000 ____D C:\Users\PC\AppData\Local\Packages
2022-01-20 14:07 - 2021-06-25 12:01 - 000201976 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000184464 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000122944 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000110560 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000069704 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2022-01-20 14:07 - 2021-06-25 12:01 - 000043904 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2022-01-20 12:37 - 2021-12-11 11:40 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2292173371-2852632103-4251059972-1000
2022-01-20 12:37 - 2021-07-18 10:21 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-01-20 12:37 - 2021-07-18 10:21 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-18 09:19 - 2016-11-25 16:24 - 000000000 ____D C:\Users\PC\AppData\Roaming\Adobe
2022-01-17 15:06 - 2020-12-17 12:28 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-17 14:58 - 2016-11-25 16:12 - 000000000 ____D C:\ProgramData\Adobe
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-12 10:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-12 10:28 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-12 09:21 - 2017-06-18 09:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-12 09:14 - 2017-06-18 09:57 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-08 10:07 - 2021-07-19 10:25 - 000000000 ____D C:\Users\PC\Desktop\Alagenex
2022-01-08 10:00 - 2016-11-25 16:12 - 000001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2022-01-08 09:52 - 2016-11-24 22:49 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-01-08 09:43 - 2021-01-01 19:27 - 000000000 ____D C:\WINDOWS\Minidump
2022-01-07 13:59 - 2020-01-15 22:59 - 000000000 ____D C:\Users\PC\AppData\Local\PlaceholderTileLogoFolder
2022-01-07 13:22 - 2020-12-17 11:05 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-01-07 13:22 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-01-07 13:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2022-01-07 13:21 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-01-07 13:21 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-01-07 13:21 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-01-07 13:21 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2022-01-07 13:00 - 2019-12-07 15:43 - 000000000 ____D C:\WINDOWS\OCR
2021-12-29 14:28 - 2021-08-28 14:30 - 000000436 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
==================== Files in the root of some directories ========
2021-04-04 15:54 - 2021-04-04 16:28 - 000000209 _____ () C:\Users\PC\AppData\Roaming\jjv5conf.json
2018-02-16 13:19 - 2018-02-16 13:19 - 000003584 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan
Po odinstalaci AVG Ti tam zbylo Visual Studio , zkus ho odinstalovat , pokud ho na nic nepotřebuješ.
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Taky bys měl odinstalovat SpybotSD , GridinSoft Anti-Malware , Seznam lištička nebo celý Seznam
Špatně odinstalovaný McAfee..
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Taky bys měl odinstalovat SpybotSD , GridinSoft Anti-Malware , Seznam lištička nebo celý Seznam
Špatně odinstalovaný McAfee..
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
C:\WINDOWS\system32\drivers\etc\hosts.ics
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Task: {0AA1A41D-7A5E-458B-AE48-7D84BF427F7F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {1CFA06EC-B186-4E68-BEF2-55F7A37CA759} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {23A5129D-10A4-48D2-857C-4BB1D877C779} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {320A5F0F-AC28-4B5E-BB87-8A216F9469D6} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (No File)
Task: {41B8F9DE-290C-4CAC-AC61-BD425BDAD8A7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {489EBB81-22D6-4180-AD57-3481407EC5F1} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {5D33D469-AE07-40CB-97B1-25D6EA5F603B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [1662552 2018-05-22] (McAfee, Inc. -> McAfee, Inc.)
Task: {63202385-0661-4B01-A168-1CAA055EA118} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-25] (Google Inc -> Google Inc.)
Task: {645BD208-EFAC-4AD4-8BD0-066A6258354D} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe -Daily (No File)
Task: {673228A0-F668-4A03-AE7C-ED3E77E69F0F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {6E79B20E-B9FC-482C-A4D4-69509E28ACD6} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {709616F9-2E34-4938-9DF5-211AA511C152} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {71E23DA1-C573-485E-B7E4-7E39C6467C1D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {75D378B8-129B-45B8-BD65-5CBA71409B73} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {79452130-EFFE-4CF3-8C77-E0EB1BAA4357} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {8B6CC2A6-862C-4D95-979C-5D97935A6020} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-25] (Google Inc -> Google Inc.)
Task: {9F2DEB12-2B28-4FB1-A9D5-3F1A5B2C05D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {A2870562-B9EF-4E86-BD09-DC7F7124266C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {B5808259-0C25-4A6B-BAF9-F302216CB4CB} - System32\Tasks\{AACED256-ACBD-4C08-A00B-C84869D3FC69} => C:\Windows\system32\pcalua.exe -a C:\Users\PC\AppData\Local\Temp\jre-8u151-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Task: {BC66B33D-ACC7-4DF3-985D-EECAFFB5986E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {CA6BDF30-D939-41BC-AAAC-9E22D1DF8DB6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {CBD917C8-C4BA-48AF-8673-64F3D1021740} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {CC46C1AE-5052-473E-8AFC-68DBA191CBDB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {CE26B0B8-820B-4787-9E24-E7ADA473A067} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {CFEEDF4C-926D-437D-BD5C-35E9288DDF83} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D6A479DE-088D-4602-B84C-67DC4CA4475F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {DD065ABA-4AE4-48C2-9370-51E3B8F39AD6} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [14324688 2015-10-08] (Gridinsoft, LLC -> GridinSoft LLC) [File not signed]
Task: {E63A5A82-B1D1-4063-80FD-E8CDAB5B0F3D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {F4C35CAD-9200-4794-AB5C-0D274BC7D20B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {F4E66301-F17D-4ACA-9746-0684A5D985F4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {FF514C9A-A0D5-4BDE-982A-CD85DEE7A7E6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FF Extension: (Seznam lištička) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\aywsrjoi.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2017-10-31] [Legacy]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
U3 idsvc; no ImagePath
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Drivers\etc\hosts.ics
Hosts:
EmptyTemp:
End(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan
Dále:
Udělej co píší.
Error: (01/26/2022 05:51:09 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program ESET command-line scanner.
Program: ESET command-line scanner
Soubor:
Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.
Udělej co píší.
Error: (01/26/2022 08:29:12 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: Nepodařilo se zavést knihovnu DLL oznámení o heslech C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter kvůli chybě 126. Ověřte, zda cesta ke knihovně DLL oznámení definovaná v registru (HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages) odkazuje na správnou absolutní cestu (<jednotka>:\<cesta>\<název_souboru>.<přípona>). Pokud je cesta ke knihovně DLL správná, ověřte, zda jsou ve stejném adresáři umístěny všechny podpůrné soubory a zda má systémový účet přístup pro čtení k cestě knihovny DLL i všem podpůrným souborům. O další podporu můžete požádat poskytovatele knihovny DLL oznámení. Podrobnější informace najdete na adrese http://go.microsoft.com/fwlink/?LinkId=245898.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan
Teď nevím přesně, co mám provést?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan
Jak co máš provést , vše jsem napsal v prvém příspěvku. Odinstalovat ty programy. a pak udělat ten script v frst.
obrázky se vkládají jako příloha.
obrázky se vkládají jako příloha.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan
Jo pardon, jsem to přehlédl :(
Provedl jsem uložení skriptu n plochu v poznámkovém bloku, ale FRST jej nemůže načíst.
Hlásí chybu viz, obr. příloha
Provedl jsem uložení skriptu n plochu v poznámkovém bloku, ale FRST jej nemůže načíst.
Hlásí chybu viz, obr. příloha
- Přílohy
-
- screen.docx
- (264.5 KiB) Staženo 23 x
Re: Trojan
Tak už jej načetl, ale zatím žádný log, klikl jsem jen jednou!
Nevím jestli to není nějak brzděno provádějící kontrolou Esetu, skener našel trojana, ale když jsem dal léčení, naskočil rámeček znovu a znovu a pak se celý PC restartoval.
Nevím jestli to není nějak brzděno provádějící kontrolou Esetu, skener našel trojana, ale když jsem dal léčení, naskočil rámeček znovu a znovu a pak se celý PC restartoval.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
tohle si udělal? název : fixlist , v textovém souboru? Máš frst také na ploše?
nedávej sem text. soubory , když se jedná o obrázek. Ten se dává jako příloha.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43061
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan
Musíš vypnout eset!
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan
vypl jsem eset a fixlist mám v textovém souboru, FRST mám zástupce na ploše
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 40 hostů