Zasekaný notebook Vyřešeno

[Slegr]

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-ef779.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f04b9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0587.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0634.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0721.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f07af.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f08fa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0a05.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0a94.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0bde.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0c8c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0cfb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0df7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f0e86.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f109b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f1197.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f12c2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f163f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-eec-1808-f19ac.tmp deleted
"C:\DumpStack.log.tmp" not deleted

==== Orphaned Tasks deleted from Registry ======================

Lenovo\ImController deleted
Lenovo\ImController\Lenovo iM Controller Monitor deleted
Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance deleted
Lenovo\ImController\Plugins deleted
Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask_Once deleted
Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask deleted
Lenovo\ImController\TimeBasedEvents deleted
Lenovo\ImController\TimeBasedEvents\0c00fc41-a69f-476f-a820-365a925aff74 deleted
Lenovo\ImController\TimeBasedEvents\40ecd2c3-a708-4e57-84fc-5975395fc68a deleted
Lenovo\ImController\TimeBasedEvents\57467955-b207-4481-843f-0867fa180d8c deleted
Lenovo\ImController\TimeBasedEvents\a903239c-cba9-46c8-b525-753d894dd6b6 deleted
Lenovo\ImController\TimeBasedEvents\b6c9358c-8eda-4f6d-9985-1733301b268e deleted
PostponeDeviceSetupToast_S-1-5-21-554275594-3167024261-3936697177-1001_0 deleted

==== Chromium Look ======================

Google Chrome Version: 122.0.6261.94

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Edge relevant text changes - mastr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=LCTE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=LCTE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{6AFE9518-639D-440E-9600-C316BF2094BC}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6AFE9518-639D-440E-9600-C316BF2094BC} - http://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6AFE9518-639D-440E-9600-C316BF2094BC}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6AFE9518-639D-440E-9600-C316BF2094BC} - http://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Guest Profile\Preferences was reset successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Guest Profile\Secure Preferences was reset successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\System Profile\Preferences was reset successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\System Profile\Secure Preferences was reset successfully
C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Guest Profile\Web Data was reset successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\System Profile\Web Data was reset successfully
C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Web Data will be reset at reboot
C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal will be reset at reboot

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\mastr\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\mastr\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Guest Profile\Cache emptied successfully
C:\Users\mastr\AppData\Local\Google\Chrome\User Data\System Profile\Cache emptied successfully
C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1 folders=1174 198532 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\defaultuser100000\AppData\Local\Temp emptied successfully
C:\Users\defaultuser100001.LAPTOP-QP19ROCV\AppData\Local\Temp emptied successfully
C:\Users\mastr\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\mastr\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted
"C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Web Data" not found
"C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal" not found
"C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data" deleted

==== EOF on 01.03.2024 at 16:37:22,25 ======================

[Reklama]

[Slegr]

Název produktu    :  Zemana AntiMalware
Stav kontroly    :  Dokončena
Datum kontroly    :  01.03.2024 18:45:59
Typ kontroly    :  Inteligentní kontrola
Čas trvání    :  00:02:38
Zkontrolované objekty    :  1945
Zjištěné objekty    :  0
Vyloučené objekty    :  0
Automatické odesílání    :  Ne
Operační systém    :  Windows 10 x64
Procesor    :  2X AMD A4-9125 RADEON R3, 4 COMPUTE CORES 2C+2G
Režim systému BIOS    :  UEFI
Informace o doméně    :  WORKGROUP,False,NetSetupWorkgroupName
CUID    :  12E08BA4801BCF11B230D9

[jaro3]

Nemáš přeplněný disk? Měl bys mít nejméně 10-15% volného místa.

co problémy?

[Slegr]

Stav notebooku je lepší, ale stále celkem tristní. Disk je plný ani né ze třetiny. Notebook je relativně zánovní, bohužel s mechanickým diskem a s takovým HW, že nelze updatovat na Win 11. Notebook slouží pouze na internet a skype seniorů. Mám trošku obavy, že v těch řetězovkách, které si posílají emailem může být kdejaká havěť.
Pokud máme ještě nějaké možnosti prověřit nějakou nákazu, tak bych to zkusil. Pokud nám dojdou možnosti, tak prostě koupím SSD disk a notebook celý přeinstaluji.

Sophos i Zemana nic nenašel.

Přikládám nový HJT log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:59:58, on 01.03.2024
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.3636)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
C:\Users\mastr\Desktop\Čištění\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\BHO\ie_to_edge_bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX2] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe /FORCE
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [Skype for Desktop] C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_7B2379F66202C90235086A5C4E1F5A25] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0358356.inf_amd64_894c3b4bc882c059\B358199\atiesrxx.exe
O23 - Service: CCleaner Performance Optimizer Service (CCleanerPerformanceOptimizerService) - Piriform Software Ltd - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_579cc - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @oem14.inf,%ServiceDisplayName%;Dolby DAX API Service (DolbyDAXAPI) - Dolby Laboratories - C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ELAN Service (ETDService) - Unknown owner - C:\WINDOWS\System32\ETDService.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Fortemedia APO Control Service (FMAPOService) - Unknown owner - C:\WINDOWS\System32\FMService64.exe (file missing)
O23 - Service: @%systemroot%\system32\GameInputSvc.exe,-101 (GameInputSvc) - Unknown owner - C:\WINDOWS\System32\GameInputSvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.94\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: MBVpnTunnelService - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\WINDOWS\System32\RtkAudUService64.exe (file missing)
O23 - Service: @oem29.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service (RtkBtManServ) - Realtek Semiconductor Corp. - C:\WINDOWS\RtkBtManServ.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10608 bytes

[jaro3]

Stáhni si Memtest
http://www.stahuj.cz/utility_a_ostatni/ ... i/memtest/

Políčko , ve kterém je napsáno:
All unused RAM ponech.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.
poklepej na Memtest , pak znovu a znovu , do políček všech Memtestů napiš 2048 , pak dej u všech Memtestů "Start".

Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Slegr]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by mastr (administrator) on LAPTOP-QP19ROCV (LENOVO 81N3) (01-03-2024 19:39:25)
Running from C:\Users\mastr\Desktop\Čištění\FRST64.exe
Loaded Profiles: mastr
Platform: Microsoft Windows 10 Home Version 22H2 19045.4123 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(DriverStore\FileRepository\u0358356.inf_amd64_894c3b4bc882c059\B358199\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0358356.inf_amd64_894c3b4bc882c059\B358199\atieclxx.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (20E7E2C9-A2A9-4A02-BB29-6FCFB9E042BB -> Lenovo) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.5.109.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe\HxTsr.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0358356.inf_amd64_894c3b4bc882c059\B358199\atiesrxx.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Zemana D.O.O. Sarajevo -> Zemana Ltd.) C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1140456 2020-08-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-554275594-3167024261-3936697177-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123170232 2024-02-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-554275594-3167024261-3936697177-1001\...\Run: [MicrosoftEdgeAutoLaunch_7B2379F66202C90235086A5C4E1F5A25] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060728 2024-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-554275594-3167024261-3936697177-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45018016 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\Canon MG3000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDG.DLL [30720 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3000 series: C:\WINDOWS\system32\CNMLMDG.DLL [485376 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3000 series XPS: C:\WINDOWS\system32\CNMXLMDG.DLL [487424 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.94\Installer\chrmstp.exe [2024-02-29] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {9313140A-85EE-4767-B52D-51F164DC9F97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {F5CE52D0-DAEB-49E9-A16C-100DEBFE525E} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {36AB4466-6959-43CA-9F51-2B67D9C54400} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {3EEBECDD-3DEE-4B47-B5E7-04BBFFBD8781} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {59BDE60C-154C-4502-A311-01BDCB3DB4C0} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "7fedfb9a-341b-465c-9c64-692bce42eec8" --version "6.21.10918" --silent
Task: {33F0B827-819B-4F15-89D0-7E69FEDD6756} - System32\Tasks\CCleanerSkipUAC - mastr => C:\Program Files\CCleaner\CCleaner.exe [38778272 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {074D8ED5-098D-4D65-94A3-C0B9AE80B4E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-14] (Google LLC -> Google LLC)
Task: {44037B63-A830-4E4C-A73C-8FB22AAC0EE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-14] (Google LLC -> Google LLC)
Task: {1A2C13E8-A113-4297-848D-082A282CF90E} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe [5608264 2024-03-01] (Microsoft Windows -> Microsoft Corporation)
Task: {5EA43F42-3060-4AE4-84A7-96C65CB043F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {36BB7C13-EA5D-4580-B336-CA65A3C1DE95} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA2B6D42-B8AD-4C4E-B302-70F067F764E6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-02-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {04FF5C7E-AAD2-4222-8E04-0F4C0BD5402D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-02-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {C24221E7-C62B-498C-B486-E8FB033E2757} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170024 2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {7EB77ADC-7CB3-4ED1-B32D-D541F8E354C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E555B15C-271D-4EE6-BAA8-8597C86258D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5917AA1-5A0B-4EA5-9BCB-E1928319F12B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {057CFD89-C1E5-4E79-9CAC-C86AC4D12B13} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {06FEF118-1E47-4CD0-8CA1-3F23A5249FEF} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-554275594-3167024261-3936697177-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{aee0d453-a4b5-4d05-90d1-b6dd2bf65a00}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{aee0d453-a4b5-4d05-90d1-b6dd2bf65a00}\0516C6163656: [DhcpNameServer] 10.100.100.1 192.168.0.1
Tcpip\..\Interfaces\{aee0d453-a4b5-4d05-90d1-b6dd2bf65a00}\375746F6072627: [DhcpNameServer] 192.168.3.12 192.168.3.16

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-01]
Edge HomePage: Default -> hxxps://www.seznam.cz/
Edge Extension: (Dokumenty Google offline) - C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-28]
Edge Extension: (Edge relevant text changes) - C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-01]
Edge Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2024-02-28]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default [2024-03-01]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-03-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-01]
CHR HKU\S-1-5-21-554275594-3167024261-3936697177-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082784 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097104 2024-02-27] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe [2301912 2021-01-04] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [406856 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-29] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-29] (Malwarebytes Inc. -> Malwarebytes)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15246256 2024-02-19] (ADLICE -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2024-02-29] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsldd98cf33; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DC3D049-52E7-47F3-845A-14FD19B4035F}\MpKslDrv.sys [X]
S3 ssudmdm; \SystemRoot\system32\DRIVERS\ssudmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-01 19:38 - 2024-03-01 19:40 - 000000000 ____D C:\FRST
2024-03-01 18:54 - 2024-03-01 18:54 - 000054208 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2024-03-01 16:36 - 2024-03-01 16:36 - 000000000 ____D C:\Users\mastr\AppData\Local\VirtualStore
2024-03-01 08:50 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2024-03-01 07:21 - 2024-03-01 08:26 - 000000000 ____D C:\zoek_backup
2024-03-01 07:19 - 2024-03-01 07:20 - 001800862 _____ C:\Users\mastr\Downloads\zoek1.rar
2024-03-01 03:41 - 2024-03-01 03:41 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-01 03:40 - 2024-03-01 03:40 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-01 02:53 - 2024-03-01 02:53 - 000000000 ___HD C:\$WinREAgent
2024-02-29 20:36 - 2024-02-29 20:36 - 000003558 _____ C:\WINDOWS\system32\Tasks\AMHelper
2024-02-29 20:36 - 2024-02-29 20:36 - 000002680 _____ C:\WINDOWS\system32\Tasks\AMSkipUAC
2024-02-29 20:36 - 2024-02-29 20:36 - 000000000 ____D C:\Users\mastr\AppData\Local\Zemana
2024-02-29 20:35 - 2024-03-01 19:44 - 000307415 _____ C:\WINDOWS\ZAM.krnl.trace
2024-02-29 20:35 - 2024-02-29 20:35 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2024-02-29 20:35 - 2024-02-29 20:35 - 000001336 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2024-02-29 20:35 - 2024-02-29 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2024-02-29 20:35 - 2024-02-29 20:35 - 000000000 ____D C:\Program Files (x86)\Zemana
2024-02-29 20:24 - 2024-03-01 19:01 - 000000000 ____D C:\Users\mastr\AppData\Local\AMSDK
2024-02-29 20:18 - 2024-02-29 20:18 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-02-29 19:53 - 2024-02-29 19:54 - 013922376 _____ (Zemana Ltd. ) C:\Users\mastr\Downloads\Zemana.AntiMalware.Setup.exe
2024-02-29 19:46 - 2024-02-29 19:46 - 000001835 _____ C:\Users\mastr\Desktop\CrystalDiskInfo.lnk
2024-02-29 19:46 - 2024-02-29 19:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2024-02-29 19:46 - 2024-02-29 19:46 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2024-02-29 19:44 - 2024-02-29 19:45 - 005915672 _____ (Crystal Dew World ) C:\Users\mastr\Downloads\CrystalDiskInfo9_2_3.exe
2024-02-29 19:02 - 2024-03-01 04:35 - 000000000 ____D C:\ProgramData\RogueKiller
2024-02-29 19:02 - 2024-02-29 19:02 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2024-02-29 19:02 - 2024-02-29 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2024-02-29 19:02 - 2024-02-29 19:02 - 000000000 ____D C:\Program Files\RogueKiller
2024-02-29 18:58 - 2024-02-29 18:58 - 000000000 ____D C:\Users\mastr\AppData\Roaming\HD Tune Pro
2024-02-29 17:17 - 2024-02-29 17:22 - 048358936 _____ (Adlice Software ) C:\Users\mastr\Downloads\RogueKiller_setup.exe
2024-02-29 12:24 - 2024-02-29 12:24 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2024-02-29 12:24 - 2024-02-29 12:24 - 000000000 ____D C:\ProgramData\Sophos
2024-02-29 12:24 - 2024-02-29 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2024-02-29 12:23 - 2024-02-29 12:23 - 000000000 ____D C:\Program Files (x86)\Sophos
2024-02-29 12:15 - 2024-02-29 12:15 - 000000871 _____ C:\Users\mastr\Desktop\JRT.txt
2024-02-29 12:10 - 2024-03-01 07:22 - 000000000 ____D C:\Users\mastr\AppData\Local\CrashDumps
2024-02-29 11:02 - 2024-03-01 18:58 - 000000000 ____D C:\Users\mastr\AppData\Local\Malwarebytes
2024-02-29 11:01 - 2024-02-29 11:01 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-29 11:01 - 2024-02-29 11:01 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-29 10:58 - 2024-02-29 10:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-29 10:58 - 2024-02-29 10:58 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-29 10:57 - 2024-02-29 10:57 - 002585496 _____ (Malwarebytes) C:\Users\mastr\Downloads\MBSetup.exe
2024-02-29 10:47 - 2024-02-29 18:54 - 000000000 ____D C:\AdwCleaner
2024-02-29 10:47 - 2024-02-29 10:47 - 008797968 _____ (Malwarebytes) C:\Users\mastr\Desktop\adwcleaner(1).exe
2024-02-29 10:47 - 2024-02-29 10:47 - 000000000 ____D C:\Users\mastr\AppData\Local\Adobe
2024-02-29 10:05 - 2024-02-29 10:05 - 000000000 ____D C:\ProgramData\Piriform
2024-02-29 09:57 - 2024-02-29 10:12 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-02-29 09:57 - 2024-02-29 09:58 - 000000000 ____D C:\Program Files\CCleaner
2024-02-29 09:57 - 2024-02-29 09:57 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-02-29 09:57 - 2024-02-29 09:57 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-02-29 09:57 - 2024-02-29 09:57 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - mastr
2024-02-29 09:52 - 2024-02-29 09:53 - 079156784 _____ (Piriform Software Ltd) C:\Users\mastr\Downloads\ccsetup621.exe
2024-02-29 09:49 - 2024-03-01 19:39 - 000000000 ____D C:\Users\mastr\Desktop\Čištění
2024-02-02 04:36 - 2024-02-02 04:36 - 000000000 ____D C:\Users\mastr\AppData\Local\Backup
2024-02-02 02:45 - 2024-02-02 02:46 - 000000000 ____D C:\WINDOWS\InboxApps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-01 19:44 - 2021-12-31 21:12 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-03-01 19:44 - 2020-08-14 07:50 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-01 18:57 - 2020-08-13 18:27 - 000000000 ____D C:\Users\mastr\AppData\Roaming\Microsoft\Skype for Desktop
2024-03-01 18:55 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-01 18:54 - 2021-04-24 13:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-01 18:54 - 2021-04-24 12:57 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-01 18:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-03-01 18:53 - 2020-04-03 06:47 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-03-01 18:53 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-03-01 18:23 - 2021-04-24 12:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-01 16:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-01 16:39 - 2020-08-14 07:46 - 000000000 ____D C:\Users\mastr\AppData\Local\Packages
2024-03-01 16:39 - 2020-08-14 07:00 - 000000000 ____D C:\ProgramData\Packages
2024-03-01 16:32 - 2020-08-14 07:47 - 000000000 ____D C:\Users\mastr\AppData\Local\D3DSCache
2024-03-01 04:51 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-01 04:30 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-01 04:28 - 2021-04-24 12:57 - 000436144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-01 04:25 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-01 04:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-01 04:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-01 04:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-01 04:00 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-01 03:40 - 2021-04-24 12:59 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-29 20:13 - 2020-04-03 06:23 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-29 18:54 - 2021-04-24 13:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2024-02-29 18:54 - 2020-08-14 07:47 - 000000000 ____D C:\WINDOWS\Lenovo
2024-02-29 18:54 - 2020-04-03 06:21 - 000000000 ____D C:\ProgramData\Lenovo
2024-02-29 17:20 - 2020-08-25 23:45 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-29 17:20 - 2020-08-25 23:45 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-29 11:01 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-29 10:03 - 2021-04-23 08:01 - 000000000 ___DC C:\WINDOWS\Panther
2024-02-29 10:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-02-29 09:34 - 2020-08-13 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2024-02-29 02:39 - 2021-04-24 13:13 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-29 02:39 - 2019-12-07 15:41 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2024-02-29 02:39 - 2019-12-07 15:41 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-29 02:27 - 2020-08-14 07:52 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-29 02:27 - 2020-08-14 07:52 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-28 21:22 - 2019-10-17 05:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-02-28 19:46 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-28 19:28 - 2023-10-17 16:00 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-28 19:22 - 2020-08-20 22:07 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-28 19:22 - 2020-08-20 22:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-28 19:11 - 2021-04-24 13:22 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-28 19:11 - 2021-04-24 13:22 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-28 19:09 - 2020-08-14 07:40 - 000000000 ___SD C:\Users\mastr\AppData\Roaming\Microsoft\Credentials
2024-02-28 19:08 - 2021-05-04 12:45 - 000000000 ____D C:\ProgramData\CanonIJPLM
2024-02-02 03:26 - 2021-05-04 12:37 - 000000000 ____D C:\Users\mastr\AppData\LocalLow\Adobe
2024-02-02 02:49 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-02-02 02:47 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\cs
2024-02-02 02:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-02-02 02:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-02-02 02:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-02-02 02:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-02-02 02:46 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-02-02 02:46 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-02-02 02:46 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2024-02-01 18:03 - 2019-12-07 15:44 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-02-01 18:03 - 2019-12-07 15:44 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-02-01 18:03 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-02-01 18:03 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-02-01 16:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-02-01 15:37 - 2020-08-14 07:09 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[Slegr]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by mastr (01-03-2024 19:48:39)
Running from C:\Users\mastr\Desktop\Čištění
Microsoft Windows 10 Home Version 22H2 19045.4123 (X64) (2021-04-24 12:23:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-554275594-3167024261-3936697177-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-554275594-3167024261-3936697177-503 - Limited - Disabled)
Guest (S-1-5-21-554275594-3167024261-3936697177-501 - Limited - Disabled)
mastr (S-1-5-21-554275594-3167024261-3936697177-1001 - Administrator - Enabled) => C:\Users\mastr
WDAGUtilityAccount (S-1-5-21-554275594-3167024261-3936697177-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.008.20470 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon MG3000 series Elektronická příručka (HKLM-x32\...\Canon MG3000 series Elektronická příručka) (Version: 1.3.0 - Canon Inc.)
Canon MG3000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3000_series) (Version: 1.03 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.21 - Piriform)
CrystalDiskInfo 9.2.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.3 - Crystal Dew World)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.94 - Google LLC)
Malwarebytes version 5.0.17.99 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.17.99 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.17328.20142 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.17328.20142 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17328.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14026.20052 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20052 - Microsoft Corporation) Hidden
Registrace uživatele zařízení Canon MG3000 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG3000 series) (Version: - ‭Canon Inc.)
RogueKiller version 15.15.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.15.2.0 - Adlice Software)
Skype verze 8.113 (HKLM-x32\...\Skype_is1) (Version: 8.113 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Zemana AntiMalware verze 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)

Packages:
=========

Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-02-28] ()
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m [2021-04-24] (Advanced Micro Devices Inc.)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-08-31] (Canon Inc.)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1100.416.0_x64__8wekyb3d8bbwe [2024-03-01] (Microsoft Corporation)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20900.902.0_x64__rz1tebttyb220 [2021-04-23] (Dolby Laboratories)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-20] (Microsoft Corporation)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.5.109.0_x64__5grkq8ppsgwt4 [2024-02-28] (LENOVO INC) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.15.227.0_x64__dt26b99r8h8gj [2021-04-26] (Realtek Semiconductor Corp)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-28] (Microsoft Studios) [MS Ad]
Vyhledávání Microsoft Bingu -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.79.0_x64__8wekyb3d8bbwe [2024-03-01] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-554275594-3167024261-3936697177-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-554275594-3167024261-3936697177-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-08-20 21:31 - 2020-08-20 21:31 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll
2020-08-20 21:31 - 2020-08-20 21:31 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\mastr\Downloads\CrystalDiskInfo9_2_3.exe:MBAM.Zone.Identifier [251]
AlternateDataStreams: C:\Users\mastr\Downloads\RogueKiller_setup.exe:MBAM.Zone.Identifier [186]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-554275594-3167024261-3936697177-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-28] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2024-03-01 07:31 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-554275594-3167024261-3936697177-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX2"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-554275594-3167024261-3936697177-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_7B2379F66202C90235086A5C4E1F5A25"
HKU\S-1-5-21-554275594-3167024261-3936697177-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9895F5B0-AF56-468F-9155-45C0D0CE468B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2E84A252-CC6F-49A7-B586-3FA9FA8495F5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{06A5659A-800D-4ECE-AD83-9343E1BC8026}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{05F3ABD5-53A1-46E0-AAEE-8FBBB6C9AEC0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1CD3096E-8AB7-4188-A4E9-2073ADF22D26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4F756336-D75E-44E3-8610-0B4825D0318C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9A3B4E01-2A9A-4EA6-A0C3-34569A64D584}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BEEB7487-999C-4EF1-B44C-A62A4C818B56}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{ACA074F9-26EC-40EB-B3DB-D961E7DFCCD0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.59\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

28-02-2024 20:02:12 Instalační služba modulů systému Windows
29-02-2024 12:07:30 JRT Pre-Junkware Removal
29-02-2024 12:22:24 Installed Sophos Virus Removal Tool.
29-02-2024 18:53:36 AdwCleaner_BeforeCleaning_29/02/2024_18:53:35
01-03-2024 02:51:33 Instalační služba modulů systému Windows
01-03-2024 03:07:31 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/01/2024 07:29:55 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač..

Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (03/01/2024 07:29:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen..

Error: (03/01/2024 07:22:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: zoek (1).exe, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.4123, časové razítko: 0x742ea21e
Kód výjimky: 0xc0000409
Posun chyby: 0x0013fa72
ID chybujícího procesu: 0x16d8
Čas spuštění chybující aplikace: 0x01da6ba0bf52e535
Cesta k chybující aplikaci: C:\Users\mastr\Desktop\Čištění\zoek (1).exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 18348c0a-6070-404a-8c28-aa99b4722a87
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/01/2024 03:07:50 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen..

Error: (03/01/2024 02:51:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen..

Error: (02/29/2024 08:16:24 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Sledování výkonu objektu indexovacího modulu nebylo inicializováno, protože nejsou načteny čítače nebo nebyl otevřen sdílený objekt paměti. Tato skutečnost má vliv pouze na dostupnost čítačů výkonu. Restartujte počítač.

Kontext: aplikace , katalog SystemIndex

Error: (02/29/2024 06:53:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen..

Error: (02/29/2024 12:22:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen..


System errors:
=============
Error: (03/01/2024 08:25:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/01/2024 08:25:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/01/2024 08:25:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/01/2024 08:25:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/01/2024 08:25:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/01/2024 08:25:18 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/01/2024 08:25:17 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/01/2024 08:25:17 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


Windows Defender:
================
Date: 2024-02-29 09:55:26
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D1DBED83-519D-4A1B-A2FC-5F4347E5FD7A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Úplné prohledávání
Uživatel: LAPTOP-QP19ROCV\mastr

Date: 2024-02-28 19:05:37
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {78D74F04-28E4-4631-8B93-B6223BA53736}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: LAPTOP-QP19ROCV\mastr

Date: 2024-02-14 10:17:17
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {9045B1E8-6B45-45C6-8532-EA4CB79939BA}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-02-04 14:58:17
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F1776551-6860-4CAE-8F24-F0B6564B7505}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2024-02-04 14:46:24
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {86FFC723-6BDB-4BFB-B269-2972DC66CC11}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2024-02-28 21:15:07
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.405.757.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24010.10
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2024-02-28 21:15:07
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.405.757.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24010.10
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2024-02-28 19:43:56
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.403.3204.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23110.2
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2024-02-28 19:43:56
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.403.3204.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23110.2
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

Date: 2024-02-28 19:43:56
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.403.3204.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.23110.2
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.

CodeIntegrity:
===============
Date: 2024-03-01 18:48:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO AYCN21WW 12/27/2019
Motherboard: LENOVO LNVNB161216
Processor: AMD A4-9125 RADEON R3, 4 COMPUTE CORES 2C+2G
Percentage of memory in use: 64%
Total physical RAM: 3471.98 MB
Available physical RAM: 1219.34 MB
Total Virtual: 6031.98 MB
Available Virtual: 3315.25 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:464.51 GB) (Free:364.27 GB) (Model: TOSHIBA MQ01ABF050) NTFS

\\?\Volume{14daf089-f6cd-4ba9-98db-26d0c44a6074}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.45 GB) NTFS
\\?\Volume{61ecf7a3-d07a-4d01-ac48-6503bddfe076}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 968C3C83)

Partition: GPT.

==================== End of Addition.txt =======================

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
Task: {074D8ED5-098D-4D65-94A3-C0B9AE80B4E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-14] (Google LLC -> Google LLC)
Task: {44037B63-A830-4E4C-A73C-8FB22AAC0EE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-14] (Google LLC -> Google LLC)
Task: {06FEF118-1E47-4CD0-8CA1-3F23A5249FEF} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-554275594-3167024261-3936697177-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}
Chtělo to vypnout i Windows Defender. McAfee.

Co Memtest?

[Slegr]

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by mastr (02-03-2024 11:04:56) Run:1
Running from C:\Users\mastr\Desktop\Čištění
Loaded Profiles: mastr
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Task: {074D8ED5-098D-4D65-94A3-C0B9AE80B4E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-14] (Google LLC -> Google LLC)
Task: {44037B63-A830-4E4C-A73C-8FB22AAC0EE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-14] (Google LLC -> Google LLC)
Task: {06FEF118-1E47-4CD0-8CA1-3F23A5249FEF} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-554275594-3167024261-3936697177-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{074D8ED5-098D-4D65-94A3-C0B9AE80B4E3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{074D8ED5-098D-4D65-94A3-C0B9AE80B4E3}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44037B63-A830-4E4C-A73C-8FB22AAC0EE9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44037B63-A830-4E4C-A73C-8FB22AAC0EE9}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06FEF118-1E47-4CD0-8CA1-3F23A5249FEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06FEF118-1E47-4CD0-8CA1-3F23A5249FEF}" => removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-554275594-3167024261-3936697177-500 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-554275594-3167024261-3936697177-500" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14864102 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 1829389 B
Edge => 0 B
Chrome => 56123995 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 17880 B
NetworkService => 19048 B
mastr => 842304 B
defaultuser100000 => 851008 B
defaultuser100001.LAPTOP-QP19ROCV => 859712 B

RecycleBin => 10458 B
EmptyTemp: => 73.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:07:33 ====

Memtest jsem pouštěl dvakrát přes 2hodiny a nakonec jel i přes noc. Bez chyby.
Všechno jsem povypínal, ale McAfee v počítači nemůžu vůbec najít.

[jaro3]

McAfee zkus odinstalovat třeba pomocí Revo Uninstalleru. Funkce "Hledat".

Jinak udělej znovu sken FRST. Odmažeme v něm.

[Slegr]

V Revu ani jinde McAfee nejde vidět.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by mastr (administrator) on LAPTOP-QP19ROCV (LENOVO 81N3) (02-03-2024 16:55:58)
Running from C:\Users\mastr\Desktop\Čištění\FRST64.exe
Loaded Profiles: mastr
Platform: Microsoft Windows 10 Home Version 22H2 19045.4123 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(DriverStore\FileRepository\u0358356.inf_amd64_894c3b4bc882c059\B358199\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0358356.inf_amd64_894c3b4bc882c059\B358199\atieclxx.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (20E7E2C9-A2A9-4A02-BB29-6FCFB9E042BB -> Lenovo) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.5.109.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0358356.inf_amd64_894c3b4bc882c059\B358199\atiesrxx.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1140456 2020-08-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-554275594-3167024261-3936697177-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123170232 2024-02-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-554275594-3167024261-3936697177-1001\...\Run: [MicrosoftEdgeAutoLaunch_7B2379F66202C90235086A5C4E1F5A25] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060728 2024-02-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-554275594-3167024261-3936697177-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45018016 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\Canon MG3000 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDG.DLL [30720 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3000 series: C:\WINDOWS\system32\CNMLMDG.DLL [485376 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3000 series XPS: C:\WINDOWS\system32\CNMXLMDG.DLL [487424 2016-05-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.95\Installer\chrmstp.exe [2024-03-02] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {9313140A-85EE-4767-B52D-51F164DC9F97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {F5CE52D0-DAEB-49E9-A16C-100DEBFE525E} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {36AB4466-6959-43CA-9F51-2B67D9C54400} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {3EEBECDD-3DEE-4B47-B5E7-04BBFFBD8781} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {59BDE60C-154C-4502-A311-01BDCB3DB4C0} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "7fedfb9a-341b-465c-9c64-692bce42eec8" --version "6.21.10918" --silent
Task: {33F0B827-819B-4F15-89D0-7E69FEDD6756} - System32\Tasks\CCleanerSkipUAC - mastr => C:\Program Files\CCleaner\CCleaner.exe [38778272 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {1A2C13E8-A113-4297-848D-082A282CF90E} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe [5608264 2024-03-01] (Microsoft Windows -> Microsoft Corporation)
Task: {5EA43F42-3060-4AE4-84A7-96C65CB043F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {36BB7C13-EA5D-4580-B336-CA65A3C1DE95} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28491744 2024-02-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA2B6D42-B8AD-4C4E-B302-70F067F764E6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-02-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {04FF5C7E-AAD2-4222-8E04-0F4C0BD5402D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309184 2024-02-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {C24221E7-C62B-498C-B486-E8FB033E2757} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170024 2024-02-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {D77F7519-9F53-4F95-97EA-796AA9CFCBCE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {79A648AE-0887-43BA-BEF1-B95BF4F29D12} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {65C81AE4-E43E-4CA2-94CA-922428A3D586} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B18E5784-3292-4B86-8CCF-14AA94B77578} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{aee0d453-a4b5-4d05-90d1-b6dd2bf65a00}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{aee0d453-a4b5-4d05-90d1-b6dd2bf65a00}\0516C6163656: [DhcpNameServer] 10.100.100.1 192.168.0.1
Tcpip\..\Interfaces\{aee0d453-a4b5-4d05-90d1-b6dd2bf65a00}\375746F6072627: [DhcpNameServer] 192.168.3.12 192.168.3.16

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-02]
Edge HomePage: Default -> hxxps://www.seznam.cz/
Edge Extension: (Dokumenty Google offline) - C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-28]
Edge Extension: (Edge relevant text changes) - C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-01]
Edge Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\mastr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2024-02-28]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default [2024-03-02]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-03-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\mastr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-03-01]
CHR HKU\S-1-5-21-554275594-3167024261-3936697177-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1082784 2024-02-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14097104 2024-02-27] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_0222c12a396c055f\DAX3API.exe [2301912 2021-01-04] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [406856 2020-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-29] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-29] (Malwarebytes Inc. -> Malwarebytes)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15246256 2024-02-19] (ADLICE -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2024-02-29] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsldd98cf33; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DC3D049-52E7-47F3-845A-14FD19B4035F}\MpKslDrv.sys [X]
S3 ssudmdm; \SystemRoot\system32\DRIVERS\ssudmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

[Slegr]

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-02 16:46 - 2024-03-02 16:46 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2024-03-02 16:46 - 2024-03-02 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-03-02 16:45 - 2024-03-02 16:45 - 006970144 _____ (VS Revo Group ) C:\Users\mastr\Downloads\revosetup.exe
2024-03-02 16:45 - 2024-03-02 16:45 - 000000000 ____D C:\Program Files\VS Revo Group
2024-03-02 11:17 - 2024-03-02 11:17 - 000054208 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2024-03-01 20:03 - 2024-03-01 20:03 - 000017671 _____ C:\Users\mastr\Downloads\MemTest.zip
2024-03-01 19:38 - 2024-03-02 16:57 - 000000000 ____D C:\FRST
2024-03-01 16:36 - 2024-03-01 16:36 - 000000000 ____D C:\Users\mastr\AppData\Local\VirtualStore
2024-03-01 08:50 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2024-03-01 07:21 - 2024-03-01 08:26 - 000000000 ____D C:\zoek_backup
2024-03-01 07:19 - 2024-03-01 07:20 - 001800862 _____ C:\Users\mastr\Downloads\zoek1.rar
2024-03-01 03:41 - 2024-03-01 03:41 - 000019530 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-03-01 03:40 - 2024-03-01 03:40 - 000019530 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-03-01 02:53 - 2024-03-01 02:53 - 000000000 ___HD C:\$WinREAgent
2024-02-29 20:36 - 2024-02-29 20:36 - 000003558 _____ C:\WINDOWS\system32\Tasks\AMHelper
2024-02-29 20:36 - 2024-02-29 20:36 - 000002680 _____ C:\WINDOWS\system32\Tasks\AMSkipUAC
2024-02-29 20:36 - 2024-02-29 20:36 - 000000000 ____D C:\Users\mastr\AppData\Local\Zemana
2024-02-29 20:35 - 2024-03-02 17:01 - 000156471 _____ C:\WINDOWS\ZAM.krnl.trace
2024-02-29 20:35 - 2024-02-29 20:35 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2024-02-29 20:35 - 2024-02-29 20:35 - 000001336 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2024-02-29 20:35 - 2024-02-29 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2024-02-29 20:35 - 2024-02-29 20:35 - 000000000 ____D C:\Program Files (x86)\Zemana
2024-02-29 20:24 - 2024-03-02 11:24 - 000000000 ____D C:\Users\mastr\AppData\Local\AMSDK
2024-02-29 20:18 - 2024-02-29 20:18 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-02-29 19:53 - 2024-02-29 19:54 - 013922376 _____ (Zemana Ltd. ) C:\Users\mastr\Downloads\Zemana.AntiMalware.Setup.exe
2024-02-29 19:46 - 2024-02-29 19:46 - 000001835 _____ C:\Users\mastr\Desktop\CrystalDiskInfo.lnk
2024-02-29 19:46 - 2024-02-29 19:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2024-02-29 19:46 - 2024-02-29 19:46 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2024-02-29 19:44 - 2024-02-29 19:45 - 005915672 _____ (Crystal Dew World ) C:\Users\mastr\Downloads\CrystalDiskInfo9_2_3.exe
2024-02-29 19:02 - 2024-03-01 04:35 - 000000000 ____D C:\ProgramData\RogueKiller
2024-02-29 19:02 - 2024-02-29 19:02 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2024-02-29 19:02 - 2024-02-29 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2024-02-29 19:02 - 2024-02-29 19:02 - 000000000 ____D C:\Program Files\RogueKiller
2024-02-29 18:58 - 2024-02-29 18:58 - 000000000 ____D C:\Users\mastr\AppData\Roaming\HD Tune Pro
2024-02-29 17:17 - 2024-02-29 17:22 - 048358936 _____ (Adlice Software ) C:\Users\mastr\Downloads\RogueKiller_setup.exe
2024-02-29 12:24 - 2024-02-29 12:24 - 000002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2024-02-29 12:24 - 2024-02-29 12:24 - 000000000 ____D C:\ProgramData\Sophos
2024-02-29 12:24 - 2024-02-29 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2024-02-29 12:23 - 2024-02-29 12:23 - 000000000 ____D C:\Program Files (x86)\Sophos
2024-02-29 12:15 - 2024-02-29 12:15 - 000000871 _____ C:\Users\mastr\Desktop\JRT.txt
2024-02-29 12:10 - 2024-03-01 07:22 - 000000000 ____D C:\Users\mastr\AppData\Local\CrashDumps
2024-02-29 11:02 - 2024-03-02 11:21 - 000000000 ____D C:\Users\mastr\AppData\Local\Malwarebytes
2024-02-29 11:01 - 2024-02-29 11:01 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-29 11:01 - 2024-02-29 11:01 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-29 10:58 - 2024-02-29 10:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-29 10:58 - 2024-02-29 10:58 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-29 10:57 - 2024-02-29 10:57 - 002585496 _____ (Malwarebytes) C:\Users\mastr\Downloads\MBSetup.exe
2024-02-29 10:47 - 2024-02-29 18:54 - 000000000 ____D C:\AdwCleaner
2024-02-29 10:47 - 2024-02-29 10:47 - 008797968 _____ (Malwarebytes) C:\Users\mastr\Desktop\adwcleaner(1).exe
2024-02-29 10:47 - 2024-02-29 10:47 - 000000000 ____D C:\Users\mastr\AppData\Local\Adobe
2024-02-29 10:05 - 2024-02-29 10:05 - 000000000 ____D C:\ProgramData\Piriform
2024-02-29 09:57 - 2024-02-29 10:12 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-02-29 09:57 - 2024-02-29 09:58 - 000000000 ____D C:\Program Files\CCleaner
2024-02-29 09:57 - 2024-02-29 09:57 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-02-29 09:57 - 2024-02-29 09:57 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-02-29 09:57 - 2024-02-29 09:57 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - mastr
2024-02-29 09:52 - 2024-02-29 09:53 - 079156784 _____ (Piriform Software Ltd) C:\Users\mastr\Downloads\ccsetup621.exe
2024-02-29 09:49 - 2024-03-02 11:07 - 000000000 ____D C:\Users\mastr\Desktop\Čištění
2024-02-02 04:36 - 2024-02-02 04:36 - 000000000 ____D C:\Users\mastr\AppData\Local\Backup
2024-02-02 02:45 - 2024-02-02 02:46 - 000000000 ____D C:\WINDOWS\InboxApps

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-02 16:43 - 2021-04-24 12:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-02 16:33 - 2021-12-31 21:12 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-03-02 16:33 - 2020-08-14 07:50 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-02 16:32 - 2020-08-14 07:52 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-02 16:32 - 2020-08-14 07:52 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-03-02 15:22 - 2020-08-14 07:47 - 000000000 ____D C:\Users\mastr\AppData\Local\D3DSCache
2024-03-02 15:20 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-02 11:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-02 11:48 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-02 11:21 - 2020-08-13 18:27 - 000000000 ____D C:\Users\mastr\AppData\Roaming\Microsoft\Skype for Desktop
2024-03-02 11:17 - 2021-04-24 13:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-02 11:17 - 2021-04-24 12:57 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-02 11:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-03-02 11:16 - 2020-04-03 06:47 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-03-02 11:16 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-03-02 11:07 - 2021-05-04 12:36 - 000000000 ____D C:\Users\mastr\AppData\LocalLow\Temp
2024-03-01 19:51 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-01 16:39 - 2020-08-14 07:46 - 000000000 ____D C:\Users\mastr\AppData\Local\Packages
2024-03-01 16:39 - 2020-08-14 07:00 - 000000000 ____D C:\ProgramData\Packages
2024-03-01 04:28 - 2021-04-24 12:57 - 000436144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-03-01 04:25 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-03-01 04:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-03-01 04:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-03-01 04:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-03-01 04:00 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-01 03:40 - 2021-04-24 12:59 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-29 20:13 - 2020-04-03 06:23 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-29 18:54 - 2021-04-24 13:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2024-02-29 18:54 - 2020-08-14 07:47 - 000000000 ____D C:\WINDOWS\Lenovo
2024-02-29 18:54 - 2020-04-03 06:21 - 000000000 ____D C:\ProgramData\Lenovo
2024-02-29 17:20 - 2020-08-25 23:45 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-29 17:20 - 2020-08-25 23:45 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-29 11:01 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-29 10:03 - 2021-04-23 08:01 - 000000000 ___DC C:\WINDOWS\Panther
2024-02-29 10:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-02-29 09:34 - 2020-08-13 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2024-02-29 02:39 - 2021-04-24 13:13 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-29 02:39 - 2019-12-07 15:41 - 000683426 _____ C:\WINDOWS\system32\perfh005.dat
2024-02-29 02:39 - 2019-12-07 15:41 - 000137206 _____ C:\WINDOWS\system32\perfc005.dat
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-29 02:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-28 21:22 - 2019-10-17 05:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-02-28 19:46 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-28 19:28 - 2023-10-17 16:00 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-28 19:22 - 2020-08-20 22:07 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-28 19:22 - 2020-08-20 22:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-28 19:11 - 2021-04-24 13:22 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-28 19:11 - 2021-04-24 13:22 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-28 19:09 - 2020-08-14 07:40 - 000000000 ___SD C:\Users\mastr\AppData\Roaming\Microsoft\Credentials
2024-02-28 19:08 - 2021-05-04 12:45 - 000000000 ____D C:\ProgramData\CanonIJPLM
2024-02-02 03:26 - 2021-05-04 12:37 - 000000000 ____D C:\Users\mastr\AppData\LocalLow\Adobe
2024-02-02 02:49 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2024-02-02 02:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-02-02 02:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-02-02 02:47 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\cs
2024-02-02 02:47 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-02-02 02:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-02-02 02:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2024-02-02 02:47 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2024-02-02 02:46 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-02-02 02:46 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-02 02:46 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-02-02 02:46 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2024-02-01 18:03 - 2019-12-07 15:44 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-02-01 18:03 - 2019-12-07 15:44 - 000020827 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2024-02-01 18:03 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-02-01 18:03 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-02-01 16:05 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-02-01 15:37 - 2020-08-14 07:09 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================