Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

dz61
nováček
Příspěvky: 18
Registrován: říjen 21
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod dz61 » 16 říj 2021 19:47

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by dzavel on 16.10.2021 at 19:06:36,81.
Microsoft Windows 10 Pro 10.0.19042 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dzave\Downloads\zoek1\zoek1\zoek (1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16.10.2021 19:08:39 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Origin Games deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\COMMON~1\DESIGNER deleted successfully
C:\PROGRA~2\COMMON~1\Wondershare deleted successfully
C:\PROGRA~3\DeveloperTools deleted successfully
C:\PROGRA~3\Reprise deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\dzave\AppData\Roaming\Intel Rapid deleted successfully
C:\Users\dzave\AppData\Roaming\MPC-HC deleted successfully
C:\Users\dzave\AppData\Roaming\netfabb deleted successfully
C:\Users\dzave\AppData\Roaming\Proton Technologies AG deleted successfully
C:\Users\dzave\AppData\Local\DBG deleted successfully
C:\Users\dzave\AppData\Local\e2eSoft deleted successfully
C:\Users\dzave\AppData\Local\FTMod deleted successfully
C:\Users\dzave\AppData\Local\gtk-3.0 deleted successfully
C:\Users\dzave\AppData\Local\netinfoapp deleted successfully
C:\Users\dzave\AppData\Local\PeerDistRepub deleted successfully
C:\Users\dzave\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Origin Games not found
C:\PROGRA~2\VideoLAN not found
C:\PROGRA~2\SOLIDWORKS PDM deleted
C:\PROGRA~2\OPTIMIK deleted
C:\Users\dzave\AppData\Roaming\Code deleted
C:\Users\dzave\AppData\Roaming\TuneIn deleted
C:\Users\dzave\AppData\Roaming\Visual Studio Setup deleted
C:\Users\dzave\AppData\Roaming\WhatsApp deleted
C:\Users\dzave\.android deleted
C:\PROGRA~2\Universal Media Server deleted
C:\sdb.xml deleted
C:\BIT8D76.tmp deleted
C:\Users\dzave\AppData\Roaming\Wondershare deleted
C:\Users\dzave\AppData\Roaming\DZAVEL-PC.MTBF.txt deleted
C:\PROGRA~3\Wondershare Video Editor deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\dzave\AppData\Local\oobelibMkey.log deleted
C:\Users\dzave\AppData\Local\Wondershare deleted
C:\Users\dzave\AppData\Local\cache deleted
C:\Users\dzave\AppData\Local\CrashRpt deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM22B72.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM27089.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2cc8-30c-316439.tmp deleted.
.
.
.
.
.
.
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-ffc-66c-7f6f4d.tmp deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\dzave\Desktop\4K Video Downloader.lnk deleted
"C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\oobelibMkey.log" not deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.2.223\Newtonsoft.Json.dll" deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.2.223\WsAppCollect.dll" deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.2.223\WsAppCommon.dll" not deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.2.223\WsAppService.exe" not deleted
"C:\PROGRA~2\Wondershare" not deleted
"C:\PROGRA~2\Wondershare\WAF" not deleted
"C:\PROGRA~2\Wondershare\WAF\2.4.2.223" not deleted

==== Orphaned Tasks deleted from Registry ======================

Format FactoryLaunchAfterInstallation deleted
Format Factory_1 deleted

==== Firefox XPI-files found: ======================

- MyPhoneExplorer - C:\Program Files (x86)\MyPhoneExplorer\mpe-addin.xpi

==== Chromium Look ======================

Google Chrome Version: 94.0.4606.81


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - No path found[]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

IE Tab - dzave\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd
IE Tab - dzave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npjkkakdacjaihjaoeliacmecofghagh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences was reset successfully
C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\dzave\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\dzave\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\dzave\AppData\Local\Google\Chrome\User Data\System Profile\Preferences was reset successfully
C:\Users\dzave\AppData\Local\Google\Chrome\User Data\System Profile\Secure Preferences was reset successfully
C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Data was reset successfully
C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Data-journal was reset successfully
C:\Users\dzave\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\dzave\AppData\Local\Google\Chrome\User Data\System Profile\Web Data was reset successfully
C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dzave\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\dzave\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache emptied successfully
C:\Users\dzave\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\dzave\AppData\Local\Google\Chrome\User Data\System Profile\Cache emptied successfully
C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=8264 folders=5613 3978994675 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\DevToolsUser\AppData\Local\Temp emptied successfully
C:\Users\dzave\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\dzave\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\oobelibMkey.log" not found
"C:\PROGRA~2\Wondershare\WAF\2.4.2.223\WsAppCommon.dll" not found
"C:\PROGRA~2\Wondershare\WAF\2.4.2.223\WsAppService.exe" not found
"C:\PROGRA~2\Wondershare" not found

==== EOF on 16.10.2021 at 19:37:14,66 ======================

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41953
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod jaro3 » 16 říj 2021 20:33

Sophos nevíš co nešlo smazat?
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Pak nový log z HJT+ popiš problémy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

dz61
nováček
Příspěvky: 18
Registrován: říjen 21
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod dz61 » 16 říj 2021 20:42

Nepodařilo se mu smazat něco v registrech či co.
Soubory, které byly podle něj infikované smazal, ale ty soubory mám na disku už hooodně dlouho a žádný z těchto souborů jsem v poslední době nepoužíval.
Zkrácená verze logu.

2021-10-16 13:33:05.122 Sophos Virus Removal Tool version 2.9.0
2021-10-16 13:33:05.122 Copyright (c) 2009-2021 Sophos Limited. All rights reserved.

2021-10-16 13:33:05.122 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2021-10-16 13:33:05.122 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2021-10-16 13:33:05.122 Checking for updates...
2021-10-16 13:33:05.138 Update progress: proxy server not available
2021-10-16 13:33:12.574 Option all = no
2021-10-16 13:33:12.574 Option recurse = yes
2021-10-16 13:33:12.574 Option archive = no
2021-10-16 13:33:12.574 Option service = yes
2021-10-16 13:33:12.574 Option confirm = yes
2021-10-16 13:33:12.574 Option sxl = yes
2021-10-16 13:33:12.574 Option max-data-age = 35
2021-10-16 13:33:12.574 Option vdl-logging = yes
2021-10-16 13:33:12.574 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2021-10-16 13:33:12.574 Machine ID: 37a71770d0cb4337adb1efe90adefe86
2021-10-16 13:33:12.590 Component SVRTcli.exe version 2.9.0
2021-10-16 13:33:12.590 Component control.dll version 2.9.0
2021-10-16 13:33:12.590 Component SVRTservice.exe version 2.9.0
2021-10-16 13:33:12.590 Component engine\osdp.dll version 1.44.1.2510
2021-10-16 13:33:12.590 Component engine\veex.dll version 3.81.0.2510
2021-10-16 13:33:12.590 Component engine\savi.dll version 9.0.23.2510
2021-10-16 13:33:12.590 Component rkdisk.dll version 1.5.33.1
2021-10-16 13:33:12.590 Version info: Product version 2.9.0
2021-10-16 13:33:12.590 Version info: Detection engine 3.81.0
2021-10-16 13:33:12.590 Version info: Detection data 5.82
2021-10-16 13:33:12.590 Version info: Build date 16.02.2021
2021-10-16 13:33:12.590 Version info: Data files added 208
2021-10-16 13:33:12.590 Version info: Last successful update (not yet updated)
2021-10-16 13:33:30.507 Downloading updates...
2021-10-16 13:33:30.507 Update progress: [I96736] sdds.svrt_v1.23: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2021-10-16 13:33:30.507 Update progress: [I95020] sdds.svrt_v1.23: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2021-10-16 13:33:30.507 Update progress: [I22529] sdds.svrt_v1.23: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2021-10-16 13:33:30.507 Update progress: [V81533] SU::createCachedPackageSource creating cached package source for http://d2.sophosupd.com/update: url=SOPHOS
2021-10-16 13:33:30.507 Update progress: [V81533] SU::createCachedPackageSource creating http_source_specific_data to download customer file
2021-10-16 13:33:30.507 Update progress: [V81533] SU::createCachedPackageSource creating package source to download customer file
2021-10-16 13:33:30.507 Update progress: [V81533] SU::createCachedPackageSource creating cached package source
2021-10-16 13:33:30.507 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: catalogue/sdds.data0910.xml
2021-10-16 13:33:30.507 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: catalogue/sdds.data0910.xml: 187 ms
2021-10-16 13:33:30.507 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 7db0c81d541a5525a9e74dc0f70e76f4x000.xml: 3604 bytes
2021-10-16 13:33:30.507 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 7db0c81d541a5525a9e74dc0f70e76f4x000.xml: 32 ms
2021-10-16 13:33:30.507 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 8f8abc830074333fbc085cac628dbdfex000.xml: 8673 bytes
2021-10-16 13:33:30.507 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 8f8abc830074333fbc085cac628dbdfex000.xml: 47 ms
2021-10-16 13:33:30.507 Update progress: [I49502] sdds.data0910.xml: found supplement IDE587 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2021-10-16 13:33:30.507 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE587 LATEST path=
2021-10-16 13:33:30.507 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE587 LATEST path=
2021-10-16 13:33:30.507 Update progress: [I49502] sdds.data0910.xml: found supplement IDE588 LATEST path= baseVersion= [included from product IDE587 LATEST path=]
2021-10-16 13:33:30.507 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE588 LATEST path=
2021-10-16 13:33:30.507 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE588 LATEST path=
2021-10-16 13:33:30.507 Update progress: [I49502] sdds.data0910.xml: found supplement IDE589 LATEST path= baseVersion= [included from product IDE588 LATEST path=]
2021-10-16 13:33:30.507 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE589 LATEST path=
2021-10-16 13:33:30.507 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE589 LATEST path=
2021-10-16 13:33:30.507 Update progress: [I49502] sdds.data0910.xml: found supplement IDE590 LATEST path= baseVersion= [included from product IDE589 LATEST path=]
2021-10-16 13:33:30.507 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE590 LATEST path=
2021-10-16 13:33:30.507 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE590 LATEST path=
2021-10-16 13:33:30.507 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2021-10-16 13:33:30.507 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: ec58c57b2fdbdf1149bcc7e7ca99d78cx000.xml: 62198 bytes
2021-10-16 13:33:30.507 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: ec58c57b2fdbdf1149bcc7e7ca99d78cx000.xml: 125 ms
2021-10-16 13:33:30.507 Update progress: [I19463] Product download size 189606969 bytes
2021-10-16 13:33:37.912 Update progress: [I19463] Syncing product IDE587 LATEST path=
2021-10-16 13:33:37.912 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 253d45e02b50014a20c94d6acdb41b1ax000.xml: 28739 bytes
2021-10-16 13:33:37.912 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 253d45e02b50014a20c94d6acdb41b1ax000.xml: 47 ms
2021-10-16 13:33:37.912 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: 4ece884d992355e0811b2bff892b708ax000.xml: 398 bytes
2021-10-16 13:33:37.912 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: 4ece884d992355e0811b2bff892b708ax000.xml: 32 ms
2021-10-16 13:33:37.912 Update progress: [I19463] Product download size 1892379 bytes
2021-10-16 13:33:43.285 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: eb2fe0de2b4bc99773201b03ad526b9bx000.xml: 18213 bytes
2021-10-16 13:33:43.285 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: eb2fe0de2b4bc99773201b03ad526b9bx000.xml: 31 ms
2021-10-16 13:33:43.348 Update progress: [I19463] Syncing product IDE588 LATEST path=
2021-10-16 13:33:43.348 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: c5804bc0ed8190f481181d634e4caab4x000.xml: 27012 bytes
2021-10-16 13:33:43.348 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: c5804bc0ed8190f481181d634e4caab4x000.xml: 47 ms
2021-10-16 13:33:43.348 Update progress: [I19463] Product download size 2369216 bytes
2021-10-16 13:33:50.424 Update progress: [I19463] Syncing product IDE589 LATEST path=
2021-10-16 13:33:50.424 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f114db1eca6f9b26db217717c156f43fx000.xml: 12077 bytes
2021-10-16 13:33:50.424 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f114db1eca6f9b26db217717c156f43fx000.xml: 47 ms
2021-10-16 13:33:50.424 Update progress: [I19463] Product download size 1282119 bytes
2021-10-16 13:33:53.627 Update progress: [I19463] Syncing product IDE590 LATEST path=
2021-10-16 13:33:53.627 Update progress: [V52614] SU::LoggingAdvisor::start_file [metadata] Syncing: f430c089bf466bb070b959d79391e4c2x000.xml: 124 bytes
2021-10-16 13:33:53.627 Update progress: [V52615] SU::LoggingAdvisor::end_file [metadata] Success: f430c089bf466bb070b959d79391e4c2x000.xml: 78 ms
2021-10-16 13:33:53.642 Installing updates...
2021-10-16 13:33:54.252 Error level 1
2021-10-16 13:33:56.938 Update successful
2021-10-16 13:34:06.374 Option all = no
2021-10-16 13:34:06.374 Option recurse = yes
2021-10-16 13:34:06.374 Option archive = no
2021-10-16 13:34:06.374 Option service = yes
2021-10-16 13:34:06.374 Option confirm = yes
2021-10-16 13:34:06.374 Option sxl = yes
2021-10-16 13:34:06.374 Option max-data-age = 35
2021-10-16 13:34:06.374 Option vdl-logging = yes
2021-10-16 13:34:06.374 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2021-10-16 13:34:06.374 Machine ID: 37a71770d0cb4337adb1efe90adefe86
2021-10-16 13:34:06.374 Component SVRTcli.exe version 2.9.0
2021-10-16 13:34:06.374 Component control.dll version 2.9.0
2021-10-16 13:34:06.374 Component SVRTservice.exe version 2.9.0
2021-10-16 13:34:06.389 Component engine\osdp.dll version 1.44.1.2532
2021-10-16 13:34:06.421 Component engine\veex.dll version 3.83.2.2532
2021-10-16 13:34:06.421 Component engine\savi.dll version 9.0.26.2532
2021-10-16 13:34:06.421 Component rkdisk.dll version 1.5.33.1
2021-10-16 13:34:06.421 Version info: Product version 2.9.0
2021-10-16 13:34:06.421 Version info: Detection engine 3.83.2
2021-10-16 13:34:06.421 Version info: Detection data 5.86
2021-10-16 13:34:06.421 Version info: Build date 03.08.2021
2021-10-16 13:34:06.421 Version info: Data files added 271
2021-10-16 13:34:06.421 Version info: Last successful update 16.10.2021 15:33:56

2021-10-16 14:39:48.828 Could not open C:\hiberfil.sys
2021-10-16 16:14:38.077 Could not open C:\System Volume Information\SystemRestore\WinAppsStagingdzave\Users\dzave\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2021-10-16 16:14:38.077 Could not open C:\System Volume Information\SystemRestore\WinAppsStagingdzave\Users\dzave\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2021-10-16 16:14:38.077 Could not open C:\System Volume Information\SystemRestore\WinAppsStagingdzave\Users\dzave\AppData\Local\Microsoft\WindowsApps\Spotify.exe
2021-10-16 16:14:38.077 Could not open C:\System Volume Information\SystemRestore\WinAppsStagingdzave\Users\dzave\AppData\Local\Microsoft\WindowsApps\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\Spotify.exe
2021-10-16 16:14:38.093 Could not open C:\System Volume Information\{3769ea23-2c59-11ec-9774-1c1b0d6295c1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-10-16 16:14:38.093 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-10-16 16:14:38.093 Could not open C:\System Volume Information\{567d5b2f-2ab8-11ec-9770-1c1b0d6295c1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-10-16 16:14:38.093 Could not open C:\System Volume Information\{8da57748-2dc0-11ec-9775-1c1b0d6295c1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-10-16 16:14:38.093 Could not open C:\System Volume Information\{9284d6b2-2b92-11ec-9773-1c1b0d6295c1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2021-10-16 16:23:44.855 Could not open C:\Users\dzave\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe
2021-10-16 16:23:44.855 Could not open C:\Users\dzave\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe
2021-10-16 16:23:44.855 Could not open C:\Users\dzave\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\winget.exe
2021-10-16 16:23:44.855 Could not open C:\Users\dzave\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2021-10-16 16:23:44.855 Could not open C:\Users\dzave\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
2021-10-16 16:23:44.855 Could not open C:\Users\dzave\AppData\Local\Microsoft\WindowsApps\python.exe
2021-10-16 16:23:44.855 Could not open C:\Users\dzave\AppData\Local\Microsoft\WindowsApps\python3.exe
2021-10-16 16:23:44.855 Could not open C:\Users\dzave\AppData\Local\Microsoft\WindowsApps\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\Spotify.exe
2021-10-16 16:23:44.855 Could not open C:\Users\dzave\AppData\Local\Microsoft\WindowsApps\winget.exe
2021-10-16 16:33:22.516 Could not open C:\Windows\System32\config\BBI
2021-10-16 16:58:14.522 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\QuickOfficeV1.20.zip\QuickOfficeV1.20/keygen.exe
2021-10-16 16:58:14.522 Disinfection not offered
2021-10-16 16:58:15.108 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\ScreenCaptureV1.13.zip\ScreenCaptureV1.13(0)/keygen.exe
2021-10-16 16:58:15.108 Disinfection not offered
2021-10-16 16:58:15.611 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\ScreenSaverV2.06.zip\ScreenSaverV2.06(0)/keygen.exe
2021-10-16 16:58:15.611 Disinfection not offered
2021-10-16 16:58:18.342 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\Slovoed_gold.zip
2021-10-16 16:58:18.342 >>> Virus 'Mal/Gendal-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2021-10-16 16:58:18.342 >>> Virus 'Mal/Gendal-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2021-10-16 16:58:18.342 >>> Virus 'Mal/Gendal-B' found in file HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2021-10-16 16:58:18.342 >>> Virus 'Mal/Gendal-B' found in file HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2021-10-16 16:58:18.342 >>> Virus 'Mal/Gendal-B' found in file HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2021-10-16 16:58:18.342 >>> Virus 'Mal/Gendal-B' found in file HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2021-10-16 16:58:18.905 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\stacker.zip\keygen.exe
2021-10-16 16:58:18.905 Disinfection not offered
2021-10-16 16:58:19.157 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\stacker.zip\StackerV1.0/keygen.exe
2021-10-16 16:58:19.157 Disinfection not offered
2021-10-16 16:58:20.371 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\21V1.00.zip\21 1.00/keygen.exe
2021-10-16 16:58:20.371 Disinfection not offered
2021-10-16 16:58:21.103 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\3DMotoRacerv108.zip\keygen.exe
2021-10-16 16:58:21.103 Disinfection not offered
2021-10-16 16:58:38.956 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\skyforce.zip\keygen.exe
2021-10-16 16:58:38.956 Disinfection not offered
2021-10-16 16:58:39.505 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\TAGV2.0.zip\TAGV2.0/keygen.exe
2021-10-16 16:58:39.505 Disinfection not offered
2021-10-16 16:58:39.987 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\TTIFootballV1.07.zip\TTIFootballV1.07(0)/football_keygen.exe
2021-10-16 16:58:39.987 Disinfection not offered
2021-10-16 16:58:42.789 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\VRally_keygen.zip
2021-10-16 16:58:42.789 >>> Virus 'Mal/Gendal-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2021-10-16 16:58:42.789 >>> Virus 'Mal/Gendal-B' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2021-10-16 16:58:42.789 >>> Virus 'Mal/Gendal-B' found in file HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2021-10-16 16:58:42.789 >>> Virus 'Mal/Gendal-B' found in file HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103
2021-10-16 16:58:42.789 >>> Virus 'Mal/Gendal-B' found in file HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2021-10-16 16:58:42.789 >>> Virus 'Mal/Gendal-B' found in file HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2021-10-16 16:58:57.799 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Tracker_soft for PC\tracker3.zip\Tracker_keygen_BLZPDA.exe
2021-10-16 16:58:57.799 Disinfection not offered
2021-10-16 16:58:58.270 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Tracker_soft for PC\Tracker_V4.04.zip\Tracker_keygen_BLZPDA.exe
2021-10-16 16:58:58.270 Disinfection not offered
2021-10-16 16:59:02.921 Could not open LOGICAL:0005:00000000
2021-10-16 16:59:02.930 Could not open F:\
2021-10-16 16:59:02.934 Could not open LOGICAL:0008:00000000
2021-10-16 16:59:02.940 Could not open I:\
2021-10-16 16:59:02.943 Could not open LOGICAL:0009:00000000
2021-10-16 16:59:02.950 Could not open J:\
2021-10-16 16:59:02.953 Could not open LOGICAL:000A:00000000
2021-10-16 16:59:02.960 Could not open K:\
2021-10-16 16:59:02.963 Could not open LOGICAL:000B:00000000
2021-10-16 16:59:02.971 Could not open L:\
2021-10-16 16:59:03.103 Could not open PHYSICAL:0082:0000:0000:0001
2021-10-16 16:59:03.105 Could not open PHYSICAL:0083:0000:0000:0001
2021-10-16 16:59:03.106 Could not open PHYSICAL:0084:0000:0000:0001
2021-10-16 16:59:03.107 Could not open PHYSICAL:0085:0000:0000:0001
2021-10-16 16:59:03.108 The following items will be cleaned up:
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 16:59:03.108 Mal/Gendal-B
2021-10-16 17:02:39.740 Threat 'Mal/Gendal-B' has been cleaned up.
2021-10-16 17:02:39.740 File "D:\telefeny + navi\staré mobily\SE P910i\aplikace\Slovoed_gold.zip" belongs to malware 'Mal/Gendal-B'.
2021-10-16 17:02:39.740 File "D:\telefeny + navi\staré mobily\SE P910i\aplikace\Slovoed_gold.zip" has been cleaned up.
2021-10-16 17:02:39.740 File "D:\telefeny + navi\staré mobily\SE P910i\Hry\VRally_keygen.zip" belongs to malware 'Mal/Gendal-B'.
2021-10-16 17:02:39.740 File "D:\telefeny + navi\staré mobily\SE P910i\Hry\VRally_keygen.zip" has been cleaned up.
2021-10-16 17:02:39.740 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" belongs to malware 'Mal/Gendal-B'.
2021-10-16 17:02:39.740 Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" has been cleaned up.
2021-10-16 17:02:39.740 Registry value "HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103" belongs to malware 'Mal/Gendal-B'.
2021-10-16 17:02:39.740 Registry value "HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103" has been cleaned up.
2021-10-16 17:02:39.741 Registry value "HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208" belongs to malware 'Mal/Gendal-B'.
2021-10-16 17:02:39.741 Registry value "HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208" has been cleaned up.
2021-10-16 17:02:39.741 Removal successful
2021-10-16 17:02:40.039 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\QuickOfficeV1.20.zip\QuickOfficeV1.20/keygen.exe
2021-10-16 17:02:40.039 Disinfection not offered
2021-10-16 17:02:40.245 Disinfection failed [0xa0040208]
2021-10-16 17:02:40.509 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\ScreenCaptureV1.13.zip\ScreenCaptureV1.13(0)/keygen.exe
2021-10-16 17:02:40.509 Disinfection not offered
2021-10-16 17:02:40.619 Disinfection failed [0xa0040208]
2021-10-16 17:02:40.808 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\ScreenSaverV2.06.zip\ScreenSaverV2.06(0)/keygen.exe
2021-10-16 17:02:40.808 Disinfection not offered
2021-10-16 17:02:40.927 Disinfection failed [0xa0040208]
2021-10-16 17:02:41.184 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\stacker.zip\keygen.exe
2021-10-16 17:02:41.184 Disinfection not offered
2021-10-16 17:02:41.438 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\aplikace\stacker.zip\StackerV1.0/keygen.exe
2021-10-16 17:02:41.438 Disinfection not offered
2021-10-16 17:02:41.441 Disinfection failed [0xa0040208]
2021-10-16 17:02:41.621 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\21V1.00.zip\21 1.00/keygen.exe
2021-10-16 17:02:41.621 Disinfection not offered
2021-10-16 17:02:41.857 Disinfection failed [0xa0040208]
2021-10-16 17:02:42.127 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\3DMotoRacerv108.zip\keygen.exe
2021-10-16 17:02:42.127 Disinfection not offered
2021-10-16 17:02:42.255 Disinfection failed [0xa0040208]
2021-10-16 17:02:42.406 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\skyforce.zip\keygen.exe
2021-10-16 17:02:42.406 Disinfection not offered
2021-10-16 17:02:42.513 Disinfection failed [0xa0040208]
2021-10-16 17:02:42.899 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\TAGV2.0.zip\TAGV2.0/keygen.exe
2021-10-16 17:02:42.899 Disinfection not offered
2021-10-16 17:02:43.010 Disinfection failed [0xa0040208]
2021-10-16 17:02:43.156 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Hry\TTIFootballV1.07.zip\TTIFootballV1.07(0)/football_keygen.exe
2021-10-16 17:02:43.156 Disinfection not offered
2021-10-16 17:02:43.159 Disinfection failed [0xa0040208]
2021-10-16 17:02:43.415 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Tracker_soft for PC\tracker3.zip\Tracker_keygen_BLZPDA.exe
2021-10-16 17:02:43.415 Disinfection not offered
2021-10-16 17:02:43.418 Disinfection failed [0xa0040208]
2021-10-16 17:02:43.670 >>> Virus 'Mal/Gendal-B' found in file D:\telefeny + navi\staré mobily\SE P910i\Tracker_soft for PC\Tracker_V4.04.zip\Tracker_keygen_BLZPDA.exe
2021-10-16 17:02:43.670 Disinfection not offered
2021-10-16 17:02:43.759 Disinfection failed [0xa0040208]
2021-10-16 17:02:43.760 Error: cleanup failed.
2021-10-16 17:02:44.071 Error level 0

dz61
nováček
Příspěvky: 18
Registrován: říjen 21
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod dz61 » 16 říj 2021 20:44

Teď pořád běží sophos. Potom přiložím log + log z HJT.
Problémy, no zatím jsem se zpět nepřihlašoval k google učtu, takže uvidím po otestování, jestli dojde zase k bezpečnostnímu odhlášení googlem.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41953
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod jaro3 » 16 říj 2021 21:12

no ty keygeny , to bys musel u toho sedět a potvrzovat.. Nech to , když to jede po druhé ,tak to zastav.
Dej Zemana +
nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

dz61
nováček
Příspěvky: 18
Registrován: říjen 21
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod dz61 » 16 říj 2021 21:22

Zemana nic nenašel.
HJT přikládám.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:19:22, on 16.10.2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!


Boot mode: Normal

Running processes:
C:\Users\dzave\AppData\Roaming\uTorrent\uninstall.exe
C:\Users\dzave\AppData\Roaming\uTorrent\utorrent.exe
C:\Users\dzave\Downloads\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O4 - Startup: Poslat do aplikace OneNote.lnk = C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
O4 - Global Startup: SpyderUtility.lnk = C:\Program Files (x86)\Datacolor\Spyder5Elite\Utility\SpyderUtility.exe
O4 - Global Startup: Universal Media Server.lnk = C:\Program Files (x86)\Universal Media Server\UMS.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://files.creative.com/Web/softwareu ... PIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://files.creative.com/Web/softwareu ... /CTPID.cab
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SluĹľba Aktualizace Brave (brave) (brave) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
O23 - Service: SluĹľba Aktualizace Brave (bravem) (bravem) - BraveSoftware Inc. - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_3793a - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CrypKey License - Unknown owner - C:\WINDOWS\system32\crypserv.exe (file missing)
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\DeveloperToolsSvc.exe,-100 (DeveloperToolsService) - Unknown owner - C:\WINDOWS\System32\DeveloperToolsSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GIGABYTE Adjust (gadjservice) - Unknown owner - C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.81\elevation_service.exe
O23 - Service: SluĹľba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: SluĹľba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HwmRecordService - GIGA-BYTE TECHNOLOGY CO., LTD. - C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service: Rockstar Game Library Service (Rockstar Service) - Rockstar Games - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sophos Virus Removal Tool (SophosVirusRemovalTool) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
O23 - Service: spacedeskService - Unknown owner - C:\WINDOWS\System32\spacedeskService.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: OpenSSH SSH Server (sshd) - Unknown owner - C:\WINDOWS\System32\OpenSSH\sshd.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe (file missing)

--
End of file - 12227 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41953
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod jaro3 » 16 říj 2021 23:29

Zkus ten Google účet . Jestli budou problémy:

Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

dz61
nováček
Příspěvky: 18
Registrován: říjen 21
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod dz61 » 22 říj 2021 10:42

Uplně jsem zapomněl na Frst logy

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2021
Ran by dzavel (administrator) on DZAVEL-PC (Gigabyte Technology Co., Ltd. Z170-D3H) (17-10-2021 01:24:35)
Running from C:\Users\dzave\Desktop
Loaded Profiles: dzavel
Platform: Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) Language: Čeština (Česko)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe <26>
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\BraveCrashHandler64.exe
(cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(Creative Technology Ltd) [File not signed] C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(CrypKey (Canada) Ltd.) [File not signed] C:\Windows\System32\Crypserv.exe
(Datronicsoft, Inc. -> ) C:\Windows\System32\spacedeskService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kakao corp. -> Kakao) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> ) C:\Windows\System32\OpenSSH\sshd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\logman.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(uTorrent.CZ -> BitTorrent, Inc.) [File not signed] C:\Users\dzave\AppData\Roaming\uTorrent\utorrent.exe
(uTorrent.CZ -> emc) [File not signed] C:\Users\dzave\AppData\Roaming\uTorrent\uninstall.exe
(Zemana D.O.O. Sarajevo -> Zemana Ltd.) C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Windows x64\Print Processors\sst9cPC: C:\Windows\System32\spool\prtprocs\x64\sst9cpc.dll [43520 2015-04-14] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\sst9c Langmon: C:\WINDOWS\system32\sst9clm.dll [22528 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\us008 Langmon: C:\WINDOWS\system32\us008lm.dll [31256 2016-02-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.81\Installer\chrmstp.exe [2021-10-13] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\94.1.30.89\Installer\chrmstp.exe [2021-10-12] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2021-10-02]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder5Elite\Utility\SpyderUtility.exe ((c)2019 Datacolor) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2021-08-21]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (No File)
Startup: C:\Users\dzave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2021-10-06]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04FED497-2881-40B0-932D-83135F31822A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2558224 2018-07-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {1270B219-98A4-4376-819A-AD34B0734AB1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {1353384F-7052-473B-AFC5-8AA865F07002} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {2303D2AB-21A8-4E0F-A6CB-FF4B4DACF526} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [39664 2018-07-19] (Microsoft Corporation -> Microsoft)
Task: {29E6706E-DED7-44F3-85E6-37EAC7EE0A6D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2558224 2018-07-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {38847CF7-A4EE-452A-A264-81D5E867C696} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134488 2021-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B38F331-B1AA-44EA-B13C-2AB6E8D599B9} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {597C2E0F-D640-48CA-A3FF-FC86054DC8AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-28] (Google Inc -> Google Inc.)
Task: {59EB726E-4A13-456F-9FF1-1D5594FD6220} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5729184 2021-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {5FCD9E59-2C63-4423-AE9B-C9DBC25CE4CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1919760 2018-07-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {65635B50-7C02-413F-917C-73935C9E3F9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6B58B182-B7BE-4E24-A961-C5467D2F1FBE} - System32\Tasks\NVIDIA GeForceNow_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Users\dzave\AppData\Local\NVIDIA Corporation\GeForceNOW\CEF\GeForceNOW.exe [3381232 2020-06-04] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {73BE33CD-CC83-4C34-AB50-58C340116FE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {81B649C7-0F7E-478D-8715-D3BE2B284DDC} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {8FBB2B58-0C54-46A2-8720-5504383B9412} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1551232 2021-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CF3C36C-A2D8-4634-B682-0D917694D5A7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [1992936 2018-07-19] (Microsoft Corporation -> Microsoft)
Task: {9D56D7C1-E48A-4F42-AF1A-3B83444372E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A2FB4AC4-7019-4806-A2F3-2C350996A258} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-14] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {A30274A3-FC9B-4D7A-B680-442043B76DDC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MpCmdRun.exe [884544 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A7C8A1EA-7F2A-44A4-84E0-3EC3DC095A31} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B8EAED84-E0BB-42C6-82AE-2A86F05F9A63} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1919760 2018-07-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE39617A-9977-42A0-9EF9-5AA24E99ACA8} - System32\Tasks\Microsoft\Windows\PLA\spacedesk_log => {FF679DA1-8FF2-4474-9C9E-52BBD409B557} C:\WINDOWS\system32\pla.dll [1493504 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {C1DC9EB0-E36E-4CB0-AC1C-08F5DAF921FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5729184 2021-10-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {DDDCE377-F8EE-4F3B-8B96-5F56E9D8F6A4} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files (x86)\bravesoftware\brave-browser\application\brave.exe [2342856 2021-10-10] (Brave Software, Inc. -> Brave Software, Inc.)
Task: {DF830AD1-B79B-406F-B461-22853804C5BD} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {F59B3D7F-593F-42F1-8AD8-A60201F7107C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-28] (Google Inc -> Google Inc.)
Task: {F910920E-8D3B-47DE-BC15-AA15EB4A79BE} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Microsoft_Product_Version => wscript.exe /E:jscript C:\WINDOWS\msvcp140_2 Microsoft_Product_Version_VYtgRG5CejY8VnaLW
Task: {FD0428E2-8F7C-452F-8D22-4E8A1D19273A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134488 2021-10-07] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{b50c1393-eae0-4237-8aba-6f389dda81ca}: [DhcpNameServer] 192.168.2.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-17]
Edge StartupUrls: Default -> "hxxps//www.google.com/"
Edge Session Restore: Default -> is enabled.
Edge Extension: (Screen Recorder) - C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dpidllmdbfmclpenbdfjkbbipkbbadbg [2021-10-16]
Edge Extension: (Odeslat do Google Maps ™) - C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lolbigkojpjedpbhbjbjpjlchhpjadoj [2021-10-16]
Edge Extension: (IE Tab) - C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npjkkakdacjaihjaoeliacmecofghagh [2021-10-16]
Edge Extension: (Blokátor reklam AdGuard) - C:\Users\dzave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pdffkfellgipmhklpdmokmckkkfcopbh [2021-10-16]

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll [2021-03-04] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll [2021-03-04] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-11-14] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-11-14] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2017-08-22] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )

Chrome:
=======
CHR HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - <no Path/update_url>
CHR HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-10-17]
BRA Extension: (Překladač Google) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-10-16]
BRA Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-10-16]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-10-01]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-10-16]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2021-05-02]
BRA Extension: (Brave NTP sponsored images) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2021-10-16]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-14]
BRA Extension: (Crypto Wallets) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2021-10-16]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2021-10-16]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\dzave\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-10-12]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-14] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-11-14] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [726952 2015-09-09] (cFos Software GmbH -> cFos Software GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9250696 2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2018-02-24] (Creative Labs) [File not signed]
R2 CrypKey License; C:\WINDOWS\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62760 2016-06-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7801016 2021-10-12] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-06-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-06-30] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2020-03-13] (Even Balance, Inc. -> )
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14199640 2021-10-07] (ADLICE (ASCOET JULIEN) -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1629312 2020-10-19] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5414976 2021-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 spacedeskService; C:\WINDOWS\System32\spacedeskService.exe [996776 2019-09-11] (Datronicsoft, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\NisSrv.exe [2855512 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2109.6-0\MsMpEng.exe [128392 2021-10-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AppServicee; C:\WINDOWS\system32\WYQP1QL75V.tmp [X] <==== ATTENTION
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3xHybr64; C:\WINDOWS\system32\DRIVERS\3xHybr64.sys [1413592 2006-12-11] (Philips Semiconductors GmbH -> Philips Semiconductors GmbH)
R1 adgnetworktdidrv; C:\WINDOWS\System32\drivers\adgnetworktdidrv.sys [66112 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 ampa; C:\WINDOWS\system32\ampa.sys [19568 2015-11-10] (ChengDu AoMei Tech Co., Ltd -> ) [File not signed]
R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2021-10-16] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 azvusb; C:\WINDOWS\System32\drivers\azvusb.sys [54784 2009-08-24] (Microsoft Windows Hardware Compatibility Publisher -> AzureWave Technologies, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 cFosSpeed; C:\WINDOWS\system32\DRIVERS\cfosspeed6.sys [2004904 2015-09-09] (cFos Software GmbH -> cFos Software GmbH)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\WINDOWS\system32\DRIVERS\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\system32\DRIVERS\droidcamvideo.sys [33784 2020-10-04] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 farmntio; C:\WINDOWS\system32\drivers\farmntio.sys [25144 2014-03-31] (FarStone Technology -> ) [File not signed]
S3 gdrv; C:\WINDOWS\gdrv.sys [26192 2021-09-15] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1089512 2020-04-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [52832 2021-08-20] (Travis Lee Robinson -> hxxp//libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-10-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-10-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-12] (Malwarebytes Inc -> Malwarebytes)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2020-05-15] (北京铠信神州科技有限责任公司 -> )
R3 MpKsl939a9393; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{337AD1FF-10E4-4CD1-B45D-12A11F29BCB6}\MpKslDrv.sys [130272 2021-10-16] (Microsoft Windows -> Microsoft Corporation)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2019-08-29] (MediaMall Technologies, Inc. -> MediaMall Technologies, Inc.)
R1 NetworkX; C:\WINDOWS\System32\ckldrv.sys [30272 2010-03-19] (CrypKey (Canada) Inc. -> )
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19936 2010-04-09] (MT SOLUTION LTD -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [24144 2017-01-27] (Mad Catz Inc -> Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [59728 2017-01-27] (Mad Catz Inc -> Saitek)
S2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
R3 spacedeskKtmInputKeybd; C:\WINDOWS\System32\drivers\spacedeskKtmInputKeybd.sys [35240 2018-10-12] (Datronicsoft, Inc. -> )
R3 spacedeskKtmInputMouse; C:\WINDOWS\System32\drivers\spacedeskKtmInputMouse.sys [35240 2018-10-12] (Datronicsoft, Inc. -> )
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 Spyder5; C:\WINDOWS\System32\drivers\dccmtr.sys [15360 2015-04-13] (Microsoft Windows Hardware Compatibility Publisher -> Datacolor)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [701232 2015-08-10] (Paragon Software GmbH -> )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-10-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R3 _hid_0738_1705; C:\WINDOWS\system32\DRIVERS\_hid_0738_1705.sys [210384 2017-01-27] (Mad Catz Inc -> Saitek)
R3 _usb_0738_1705; C:\WINDOWS\System32\drivers\_usb_0738_1705.sys [46800 2017-01-27] (Mad Catz Inc -> Saitek)
S3 cpuz152; \??\C:\WINDOWS\temp\cpuz152\cpuz152_x64.sys [X]
U2 MediaMall Server; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-17 01:24 - 2021-10-17 01:24 - 000028227 _____ C:\Users\dzave\Desktop\FRST.txt
2021-10-17 01:23 - 2021-10-17 01:24 - 000000000 ____D C:\FRST
2021-10-17 01:22 - 2021-10-17 01:22 - 002310656 _____ (Farbar) C:\Users\dzave\Desktop\FRST64.exe
2021-10-17 00:12 - 2021-10-17 00:12 - 1176373959 _____ C:\Users\dzave\Downloads\screen-capture (2).webm
2021-10-16 23:36 - 2021-10-16 23:36 - 003751128 _____ C:\Users\dzave\Downloads\22086551a.webm
2021-10-16 22:37 - 2021-10-16 22:37 - 000000000 ____D C:\Users\dzave\AppData\Local\PeerDistRepub
2021-10-16 19:38 - 2021-10-16 19:38 - 000471879 _____ C:\Users\dzave\Desktop\zoek-results.txt
2021-10-16 19:37 - 2021-10-17 01:25 - 004619379 _____ C:\WINDOWS\ZAM.krnl.trace
2021-10-16 19:37 - 2021-10-16 19:37 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-10-16 19:37 - 2021-10-16 19:37 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-10-16 19:37 - 2021-10-16 19:37 - 000000000 ____D C:\Users\Public\spacedesk_logs
2021-10-16 19:36 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2021-10-16 19:06 - 2021-10-16 19:33 - 000000000 ____D C:\zoek_backup
2021-10-16 15:48 - 2021-10-16 15:48 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2021-10-16 15:48 - 2021-10-16 15:48 - 000003548 _____ C:\WINDOWS\system32\Tasks\AMHelper
2021-10-16 15:48 - 2021-10-16 15:48 - 000001337 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2021-10-16 15:48 - 2021-10-16 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2021-10-16 15:48 - 2021-10-16 15:48 - 000000000 ____D C:\Program Files (x86)\Zemana
2021-10-16 15:47 - 2021-10-16 15:48 - 013922376 _____ (Zemana Ltd. ) C:\Users\dzave\Downloads\zemana.exe
2021-10-16 15:36 - 2021-10-16 15:36 - 000000000 ____D C:\Users\dzave\Downloads\zoek1
2021-10-16 15:33 - 2021-10-16 15:33 - 000000000 ____D C:\ProgramData\Sophos
2021-10-16 15:32 - 2021-10-16 15:32 - 000002841 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2021-10-16 15:32 - 2021-10-16 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-10-16 15:32 - 2021-10-16 15:32 - 000000000 ____D C:\Program Files (x86)\Sophos
2021-10-16 15:31 - 2021-10-16 15:32 - 185115928 _____ (Sophos Limited) C:\Users\dzave\Downloads\Sophos Virus Removal Tool.exe
2021-10-16 14:42 - 2021-10-16 14:42 - 000000769 _____ C:\Users\Public\Desktop\Diag.lnk
2021-10-16 14:42 - 2021-10-16 14:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diag
2021-10-16 14:42 - 2021-10-16 14:42 - 000000000 ____D C:\Program Files\Diag
2021-10-16 14:41 - 2021-10-16 14:44 - 000000000 ____D C:\ProgramData\ADiag
2021-10-16 13:42 - 2021-06-14 21:27 - 000549842 _____ C:\WINDOWS\msvcp140_2
2021-10-16 11:20 - 2021-10-16 13:54 - 000000647 _____ C:\Users\dzave\Desktop\topeni.txt
2021-10-16 11:06 - 2021-10-16 11:06 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2021-10-14 22:39 - 2021-10-14 22:39 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-14 22:39 - 2021-10-14 22:39 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-14 22:39 - 2021-10-14 22:39 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-14 22:39 - 2021-10-14 22:39 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-14 22:39 - 2021-10-14 22:39 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-14 22:39 - 2021-10-14 22:39 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-14 22:39 - 2021-10-14 22:39 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-14 22:39 - 2021-10-14 22:39 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-14 22:39 - 2021-10-14 22:39 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-14 22:39 - 2021-10-14 22:39 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-14 22:39 - 2021-10-14 22:39 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-14 22:39 - 2021-10-14 22:39 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-14 22:39 - 2021-10-14 22:39 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-14 22:39 - 2021-10-14 22:39 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-14 22:39 - 2021-10-14 22:39 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-14 22:39 - 2021-10-14 22:39 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-14 22:35 - 2021-10-14 22:35 - 000000000 ___HD C:\$WinREAgent
2021-10-13 16:46 - 2021-10-13 16:46 - 000001384 _____ C:\Users\dzave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tinyMediaManager.lnk
2021-10-13 16:46 - 2021-10-13 16:46 - 000001376 _____ C:\Users\dzave\Desktop\tinyMediaManager.lnk
2021-10-13 16:43 - 2021-10-13 16:43 - 067263409 _____ (Manuel Laggner ) C:\Users\dzave\Downloads\tinyMediaManagerSetup.exe
2021-10-13 15:52 - 2021-10-13 16:01 - 000003512 _____ C:\Users\dzave\Downloads\rogue.txt
2021-10-13 15:50 - 2021-10-13 15:52 - 000000000 ____D C:\ProgramData\RogueKiller
2021-10-13 15:50 - 2021-10-13 15:50 - 000000865 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2021-10-13 15:50 - 2021-10-13 15:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-10-13 15:50 - 2021-10-13 15:50 - 000000000 ____D C:\Program Files\RogueKiller
2021-10-13 15:49 - 2021-10-13 15:50 - 042005976 _____ (Adlice Software ) C:\Users\dzave\Downloads\RogueKiller_setup.exe
2021-10-13 15:48 - 2021-10-16 19:52 - 000000554 _____ C:\Users\dzave\Desktop\JRT.txt
2021-10-13 15:48 - 2021-10-13 15:48 - 000000878 _____ C:\Users\dzave\Downloads\JRT.txt
2021-10-13 15:46 - 2021-10-13 15:46 - 001790024 _____ (Malwarebytes) C:\Users\dzave\Downloads\JRT (1).exe
2021-10-13 15:45 - 2021-10-13 15:45 - 000000076 _____ C:\Users\dzave\Downloads\JRT.exe
2021-10-12 21:23 - 2021-10-12 21:25 - 000000000 ____D C:\AdwCleaner
2021-10-12 21:23 - 2021-10-12 21:23 - 008553680 _____ (Malwarebytes) C:\Users\dzave\Downloads\AdwCleaner.exe
2021-10-12 20:55 - 2021-10-12 21:12 - 000001989 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-10-12 20:55 - 2021-10-12 20:55 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-10-12 20:55 - 2021-10-12 20:55 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-10-12 20:55 - 2021-10-12 20:55 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-10-12 20:55 - 2021-10-12 20:55 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-10-12 20:55 - 2021-10-12 20:55 - 000002001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-10-12 20:55 - 2021-10-12 20:55 - 000000000 ____D C:\Users\dzave\AppData\Local\mbam
2021-10-12 20:55 - 2021-10-12 20:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-10-12 20:53 - 2021-10-12 20:53 - 000000000 ____D C:\Program Files\Malwarebytes
2021-10-12 20:52 - 2021-10-12 20:52 - 002101944 _____ (Malwarebytes) C:\Users\dzave\Downloads\MBSetup-119967.119967-consumer.exe
2021-10-12 20:48 - 2021-10-16 21:16 - 000000000 ____D C:\Users\dzave\AppData\Local\AMSDK
2021-10-12 20:48 - 2021-10-12 20:48 - 000000000 ____D C:\Users\dzave\AppData\Local\Zemana
2021-10-12 20:40 - 2021-10-12 20:40 - 000388608 _____ (Trend Micro Inc.) C:\Users\dzave\Downloads\HijackThis.exe
2021-10-12 20:15 - 2021-10-12 21:00 - 000000000 ____D C:\Users\dzave\AppData\LocalLow\nU9pY0gT8d
2021-10-12 20:15 - 2021-10-12 20:15 - 000000000 ____D C:\Users\dzave\AppData\LocalLow\Wallets
2021-10-12 20:02 - 2021-10-12 21:01 - 000000000 _____ C:\Program Files (x86)\temp_files
2021-10-12 20:02 - 2021-10-12 20:02 - 000000000 ____D C:\Users\dzave\AppData\Local\Yandex
2021-10-12 20:01 - 2021-10-12 20:01 - 000275456 _____ (kasfdoowq) C:\Users\dzave\AppData\Roaming\6048711.scr
2021-10-12 19:47 - 2021-10-12 19:47 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-10-11 19:57 - 2021-10-12 21:00 - 000000000 ____D C:\Users\dzave\AppData\Roaming\SysInfoTool
2021-10-11 19:25 - 2021-10-16 19:36 - 112984064 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-10-11 19:25 - 2021-10-16 19:36 - 020971520 _____ C:\WINDOWS\system32\config\SYSTEM
2021-10-11 19:25 - 2021-10-16 19:36 - 001835008 _____ C:\WINDOWS\system32\config\DEFAULT
2021-10-11 19:25 - 2021-10-16 19:36 - 000045056 _____ C:\WINDOWS\system32\config\SAM
2021-10-11 19:25 - 2021-10-16 19:36 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2021-10-11 16:14 - 2021-10-11 21:04 - 000000000 ____D C:\Users\dzave\AppData\Roaming\Media_Companion
2021-10-11 16:01 - 2021-10-11 16:01 - 000000000 ____D C:\Users\dzave\AppData\Local\kvibes
2021-10-11 15:41 - 2021-10-11 15:41 - 000000218 _____ C:\Users\dzave\AppData\Local\recently-used.xbel
2021-10-02 21:17 - 2021-10-02 21:17 - 000000000 ____D C:\Users\dzave\Downloads\autobrightness_1.6.2-windows_debug
2021-10-02 21:13 - 2021-10-02 21:13 - 000000000 ____D C:\Users\dzave\Downloads\auto-brightness-master
2021-10-02 13:41 - 2021-10-02 13:41 - 000002581 _____ C:\Users\Public\Desktop\Calman Home.lnk
2021-10-02 13:41 - 2021-10-02 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Portrait Displays
2021-10-02 12:18 - 2021-10-02 12:18 - 000002236 _____ C:\Users\dzave\Desktop\Spyder5Elite 5.5.lnk
2021-10-02 12:18 - 2021-10-02 12:18 - 000000000 ____D C:\Users\dzave\AppData\Local\Datacolor
2021-10-02 12:18 - 2021-10-02 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datacolor
2021-10-02 12:18 - 2004-03-29 15:23 - 000090112 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
2021-10-02 12:17 - 2021-10-12 21:01 - 000000000 ____D C:\Program Files (x86)\Datacolor
2021-10-02 12:15 - 2021-10-02 12:16 - 151404080 _____ C:\Users\dzave\Downloads\Spyder5Elite_5.5_Setup.exe
2021-09-29 20:42 - 2021-09-29 20:42 - 096543368 _____ (Portrait Displays, Inc) C:\Users\dzave\Downloads\Calman2021R3_Home_5122.exe
2021-09-28 11:06 - 2021-10-10 17:37 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2021-09-28 11:06 - 2021-09-28 11:06 - 000000000 ____D C:\Users\dzave\AppData\Local\ToastNotificationManagerCompat
2021-09-26 19:55 - 2021-09-28 10:35 - 000000000 ____D C:\Users\dzave\Downloads\kalibrace SONY 65xh9077
2021-09-22 19:14 - 2021-09-22 19:14 - 000000000 ____D C:\Users\dzave\Downloads\SONY_CHANNEL_EDITOR_INSTALLER_V1.2.0
2021-09-17 08:52 - 2021-09-17 08:52 - 241146873 _____ C:\Users\dzave\Downloads\screen-capture (1).webm
2021-09-17 08:28 - 2021-09-17 08:28 - 523776358 _____ C:\Users\dzave\Downloads\screen-capture.webm
2021-09-17 08:00 - 2021-09-17 08:00 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-17 08:00 - 2021-09-17 08:00 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-17 08:00 - 2021-09-17 08:00 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-17 08:00 - 2021-09-17 08:00 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-17 08:00 - 2021-09-17 08:00 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-17 08:00 - 2021-09-17 08:00 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-17 08:00 - 2021-09-17 08:00 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-17 08:00 - 2021-09-17 08:00 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-17 08:00 - 2021-09-17 08:00 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-17 08:00 - 2021-09-17 08:00 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2021-09-17 08:00 - 2021-09-17 08:00 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-17 08:00 - 2021-09-17 08:00 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-17 08:00 - 2021-09-17 08:00 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-10-17 01:25 - 2018-01-16 12:30 - 000000000 ____D C:\Users\dzave\AppData\Roaming\uTorrent
2021-10-17 01:06 - 2018-02-28 23:06 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-17 00:57 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-16 22:53 - 2020-07-28 22:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-16 19:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-16 19:51 - 2018-01-15 23:13 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-16 19:43 - 2020-07-28 22:16 - 002243496 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-16 19:43 - 2019-12-07 16:43 - 000917432 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-16 19:43 - 2019-12-07 16:43 - 000229898 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-16 19:43 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-16 19:38 - 2016-07-16 13:47 - 000000112 _____ C:\WINDOWS\win.ini
2021-10-16 19:37 - 2020-07-28 23:09 - 000000000 ____D C:\ProgramData\ssh
2021-10-16 19:37 - 2020-07-28 22:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-16 19:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-16 19:36 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-10-16 19:34 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-10-16 19:34 - 2016-07-16 13:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-10-16 19:33 - 2020-07-28 22:16 - 000000000 ____D C:\Users\dzave
2021-10-16 19:08 - 2018-01-16 21:47 - 000000000 ____D C:\Users\dzave\AppData\Local\CrashDumps
2021-10-16 16:43 - 2020-07-28 22:20 - 000061520 _____ C:\WINDOWS\system32\BMXState-{00000004-00000000-00000002-00001102-00000005-002C1102}.rfx
2021-10-16 16:43 - 2020-07-28 22:20 - 000000788 _____ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000005-002C1102}.rfx
2021-10-16 16:43 - 2018-01-16 14:26 - 000061520 _____ C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000005-002C1102}.rfx
2021-10-16 11:06 - 2020-07-28 22:16 - 000000000 ____D C:\Users\DefaultAppPool
2021-10-16 08:36 - 2020-04-04 23:47 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-10-16 08:34 - 2020-08-31 08:17 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-16 08:34 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-15 18:23 - 2021-08-21 21:39 - 000000000 ____D C:\ProgramData\UMS
2021-10-15 16:02 - 2020-07-28 22:15 - 000585048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-15 16:02 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-10-15 16:02 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-15 16:02 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-15 16:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-15 16:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-15 16:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-15 16:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-15 16:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-15 16:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-15 16:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-14 22:40 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-14 22:35 - 2018-01-16 09:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-14 22:33 - 2018-01-16 09:00 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-13 15:45 - 2018-02-28 23:06 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-12 21:01 - 2018-01-21 11:45 - 000000000 ____D C:\Program Files\cFosSpeed
2021-10-12 20:55 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-12 20:06 - 2019-06-18 18:54 - 000000000 ____D C:\Program Files\Yamicsoft
2021-10-12 19:29 - 2019-11-14 20:20 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-10-11 23:26 - 2018-05-08 18:48 - 000000000 ____D C:\Users\dzave\AppData\Local\D3DSCache
2021-10-11 19:25 - 2021-03-10 13:46 - 110100480 _____ C:\WINDOWS\system32\config\software.rcbak
2021-10-11 19:25 - 2021-03-10 13:46 - 020709376 _____ C:\WINDOWS\system32\config\system.rcbak
2021-10-11 19:25 - 2021-03-10 13:46 - 001835008 _____ C:\WINDOWS\system32\config\default.rcbak
2021-10-11 19:25 - 2021-03-10 13:46 - 000081920 _____ C:\WINDOWS\system32\config\sam.rcbak
2021-10-11 19:25 - 2021-03-10 13:46 - 000065536 _____ C:\WINDOWS\system32\config\security.rcbak
2021-10-11 19:22 - 2018-01-17 19:34 - 000000000 ____D C:\Users\dzave\AppData\Roaming\MyPhoneExplorer
2021-10-10 11:48 - 2020-08-31 08:17 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-10 11:48 - 2020-08-31 08:17 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-10-07 20:50 - 2018-07-06 18:11 - 000000000 ____D C:\Program Files\Microsoft Office
2021-10-06 19:21 - 2018-03-01 09:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-02 13:41 - 2021-08-20 18:14 - 000000000 ____D C:\Users\dzave\Documents\Portrait Displays
2021-10-02 13:41 - 2021-08-20 18:14 - 000000000 ____D C:\ProgramData\Portrait Displays
2021-10-02 13:41 - 2021-08-20 18:14 - 000000000 ____D C:\Program Files (x86)\Portrait Displays
2021-10-01 17:01 - 2020-07-28 22:25 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-01 17:01 - 2020-07-28 22:25 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-26 14:53 - 2021-02-20 20:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-20 15:32 - 2018-07-19 08:49 - 000000000 ____D C:\Users\dzave\AppData\Local\IE Tab
2021-09-18 21:29 - 2020-06-27 13:45 - 000000000 ____D C:\Users\dzave\AppData\Local\WhatsApp
2021-09-18 16:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-18 16:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-18 16:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-18 16:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-18 16:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-18 16:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-18 16:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-18 16:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-18 16:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-18 16:33 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing

==================== Files in the root of some directories ========

2021-10-12 20:02 - 2021-10-12 21:01 - 000000000 _____ () C:\Program Files (x86)\temp_files
2021-10-12 20:01 - 2021-10-12 20:01 - 000275456 _____ (kasfdoowq) C:\Users\dzave\AppData\Roaming\6048711.scr
2021-10-11 15:41 - 2021-10-11 15:41 - 000000218 _____ () C:\Users\dzave\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

dz61
nováček
Příspěvky: 18
Registrován: říjen 21
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod dz61 » 22 říj 2021 10:43

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2021
Ran by dzavel (17-10-2021 01:25:33)
Running from C:\Users\dzave\Desktop
Microsoft Windows 10 Pro Version 20H2 19042.1288 (X64) (2020-07-28 20:25:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2856598848-2235660964-1980335571-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2856598848-2235660964-1980335571-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-2856598848-2235660964-1980335571-1007 - Limited - Enabled) => C:\Users\DevToolsUser
dzavel (S-1-5-21-2856598848-2235660964-1980335571-1001 - Administrator - Enabled) => C:\Users\dzave
Guest (S-1-5-21-2856598848-2235660964-1980335571-501 - Limited - Disabled)
postgres (S-1-5-21-2856598848-2235660964-1980335571-1002 - Limited - Enabled)
sshd (S-1-5-21-2856598848-2235660964-1980335571-1005 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2856598848-2235660964-1980335571-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.4 (HKLM-x32\...\{5484D047-0EA1-4E40-845D-F2E631F01BDE}) (Version: 4.4.10.2342 - Open Media LLC)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.3.300.271 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
APP Center (HKLM-x32\...\{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.17.0801 - Gigabyte)
Balíček ovladače systému Windows - Adafruit Industries LLC (usbser) Ports (02/25/2016 6.2.2600.0) (HKLM\...\1245A5961AC9D2C18ADF9EEC931D77E059B7F74E) (Version: 02/25/2016 6.2.2600.0 - Adafruit Industries LLC)
Balíček ovladače systému Windows - Arduino LLC (www.arduino.cc) Arduino USB Driver (11/24/2015 1.2.3.0) (HKLM\...\8B585560B248755A6C5A24D5C0F50FA998310883) (Version: 11/24/2015 1.2.3.0 - Arduino LLC (www.arduino.cc))
Balíček ovladače systému Windows - Arduino LLC (www.arduino.cc) Genuino USB Driver (01/07/2016 1.0.3.0) (HKLM\...\EC414D98E2986DCA1628FAED2163CD1C9A4ED7EC) (Version: 01/07/2016 1.0.3.0 - Arduino LLC (www.arduino.cc))
Balíček ovladače systému Windows - Arduino Srl (www.arduino.org) Arduino USB Driver (03/19/2015 1.1.1.0) (HKLM\...\69E507459B453D69A453EFC9E461FAE1E073408A) (Version: 03/19/2015 1.1.1.0 - Arduino Srl (www.arduino.org))
Balíček ovladače systému Windows - libusb-win32 (libusb0) libusb-win32 devices (04/21/2015 1.0.0.0) (HKLM\...\28E91B69CA377EB48D6E1B92C37F897036E8A818) (Version: 04/21/2015 1.0.0.0 - libusb-win32)
Balíček ovladače systému Windows - Linino (usbser) Ports (01/13/2014 1.0.0.0) (HKLM\...\A2C084AD4515675961A87E71B10E80E4FDCF7FAA) (Version: 01/13/2014 1.0.0.0 - Linino)
Balíček ovladače systému Windows - Prusa Research s.r.o. Original Prusa CW1 (02/13/2013 1.0.0.0) (HKLM\...\B10CCB939D59F72AA817B257D84328FC4A1DC752) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - Prusa Research s.r.o. Original Prusa i3 MK2 (02/13/2013 1.0.0.0) (HKLM\...\E6CFEF5357DD0E2F987E98779FD6603959DA391B) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - Prusa Research s.r.o. Original Prusa i3 MK3 Multi Material 2.0 upgrade (02/13/2013 1.0.0.0) (HKLM\...\FA562E43945E7D9CAC76A811E49088FF2255A11A) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - Prusa Research s.r.o. Prusa i3 Plus MK3 3D printer (02/13/2013 1.0.0.0) (HKLM\...\890B56493F7CACBCA0E70EA8EBFD9A18BC780C34) (Version: 02/13/2013 1.0.0.0 - Prusa Research s.r.o.)
Balíček ovladače systému Windows - UltiMachine 3D Printer (RAMBo) (02/13/2013 1.0.0.0) (HKLM\...\D77EC126405DC217C7BF7DA6669B51E297D5CF23) (Version: 02/13/2013 1.0.0.0 - UltiMachine)
Blender (HKLM\...\{D6E38255-FB12-4724-A6FF-075B43272C66}) (Version: 2.92.0 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 94.1.30.89 - Autoři prohlížeče Brave)
Calman Home (HKLM-x32\...\{163C2140-D122-4754-903B-BE8DD466B3C7}) (Version: 5.12.2.111 - Portrait Displays, Inc) Hidden
Calman Home (HKLM-x32\...\{75b2853e-7553-4fef-9b15-0b5a3fee40c8}) (Version: 5.12.2.111 - Portrait Displays, Inc)
Carmageddon Reincarnation 1.2.1.7713 (HKLM-x32\...\Carmageddon Reincarnation 1.2.1.7713) (Version: 1.2.1.7713 - Stainless Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
CnCNet5 Yuri's Revenge (HKLM-x32\...\{D22A250A-085F-415E-959E-8DB49F4E4CCA}_is1) (Version: 1.0 - cncnet.org)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ The Ultimate Collection Additional Content (HKLM-x32\...\{1A882F29-BC18-4AC2-A71E-0FC30FA32568}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{517FAF1E-3045-49DE-8079-107C2851389E}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Diag version 2.1.1.0 (HKLM\...\10DBD048-433A-4BC3-951F-055296F077B3_is1) (Version: 2.1.1.0 - Adlice Software)
EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.16.0822 - GIGABYTE) Hidden
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.16.0822 - GIGABYTE)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FF File Time (HKLM-x32\...\{0597E547-B7C8-42F0-9C69-2A77F7E2CE35}) (Version: 1.1.0 - Fast Forward Projects)
Filmora Fitness Effects set (ask4pc) version 8.2 (HKLM-x32\...\{5DCA5FA3-DB06-4115-8CA6-3D706B0D569F}_is1) (Version: 8.2 - ask4pc)
Filmora NEO Theme Set (ask4pc) version 8.1 (HKLM-x32\...\{83D34E4B-4C60-44B4-A84A-D338C00D3D75}_is1) (Version: 8.1 - ask4pc)
Filmora Title Expansion set(ask4pc) version 8.3 (HKLM-x32\...\{116266A2-ECF4-4A96-AEE4-AB97969DC709}_is1) (Version: 8.3 - ask4pc)
FormatFactory 5.7.1.0 (HKLM-x32\...\FormatFactory) (Version: 5.7.1.0 - Free Time)
FreeFileSync 9.7 (HKLM-x32\...\FreeFileSync_is1) (Version: 9.7 - FreeFileSync.org)
Gigabyte Speed v10.10 (HKLM\...\Gigabyte Speed) (Version: 10.10 - cFos Software GmbH, Bonn)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 94.0.4606.81 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
IntelliJ IDEA Community Edition 2019.1.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 2019.1.1) (Version: 191.6707.61 - JetBrains s.r.o.)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
K-Lite Mega Codec Pack 15.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.2.0 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Macrorit Partition Expert Free 2019 (HKLM-x32\...\macrorit_mde) (Version: 2019 - Macrorit Inc.)
Malwarebytes version 4.4.8.137 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.8.137 - Malwarebytes)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14430.20270 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 94.0.992.50 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 10.4.137.0 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{175BC9FC-C256-4EFC-9D87-4A9AF3B47A12}) (Version: 17.3.1.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\OneDriveSetup.exe) (Version: 20.064.0329.0008 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29914 (HKLM-x32\...\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
MSI Afterburner 4.4.2 (HKLM-x32\...\Afterburner) (Version: 4.4.2 - MSI Co., LTD)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.12 - F.J. Wechselberger)
netfabb Basic (HKLM-x32\...\netfabb_51) (Version: - netfabb GmbH)
NVIDIA GeForce NOW 2.0.20.86 (HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GeforceNOW) (Version: 2.0.20.86 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14430.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14430.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenSCAD (remove only) (HKLM\...\OpenSCAD) (Version: 2021.01 - The OpenSCAD Developers)
Origin (HKLM-x32\...\Origin) (Version: 10.5.101.48500 - Electronic Arts, Inc.)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 201021 - Kakao Corp.)
PrusaSlicer 2.3.0 (HKLM\...\{14771ABA-2702-4D83-BBAE-7E916FF031B7}) (Version: 2.3.0 - Prusa Research) Hidden
PrusaSlicer 2.3.0 (HKLM\...\PrusaSlicer 2.3.0 2.3.0) (Version: 2.3.0 - Prusa Research)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.29.283 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.0 - Rockstar Games)
RogueKiller version 15.1.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.1.1.0 - Adlice Software)
Samsung C460 Series (HKLM-x32\...\Samsung C460 Series) (Version: 1.17 (23.02.2016) - Samsung Electronics Co., Ltd.)
Samsung Easy Color Manager (HKLM-x32\...\Samsung Easy Color Manager) (Version: 4.00.06.00 (07.07.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (17.03.2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.04(29.01.2016) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.19.0325.1 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.19.0325.1 - GIGABYTE)
Smart Technology Programming Software 7.0.45.2 (HKLM\...\{F08D23FD-46CA-4D51-A263-AE533CFAC286}) (Version: 7.0.45.2 - Mad Catz)
Solo's ModPack for World of Tanks (HKLM-x32\...\{51A489B2-722D-48A4-A3D2-B846C981CE12}_is1) (Version: 1.14.8 - soloviyko)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
spacedesk Windows DRIVER (HKLM\...\{14436997-C0DA-4263-B3F5-F00989D4610A}) (Version: 0.9.1002.0 - datronicsoft Inc.)
Spyder5Elite (HKLM-x32\...\Spyder5Elite) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.2 - TeamSpeak Systems GmbH)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.5 - Electronic Arts)
tinyMediaManager v4 (HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\{2184DD8F-1056-4C7C-8A68-011ECEA03AF9}_is1) (Version: v4 - Manuel Laggner)
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 10.10.0 - Universal Media Server)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
Usb to Serial Driver 1.12.28 (HKLM-x32\...\{7F46E168-E0F4-45EA-81F5-80488334B609}) (Version: 1.12.28 - )
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM-x32\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Wargaming.net Game Center (HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\Wargaming.net Game Center) (Version: 21.6.0.6455 - Wargaming.net)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.6.27 - )
WhatsApp (HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\WhatsApp) (Version: 2.2134.10 - WhatsApp)
Windows 10 Manager (HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\Windows 10 Manager 3.0.8) (Version: 3.0.8 - Yamicsoft)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare Filmora9(Build 9.0.7) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
World of Tanks EU (HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)
Zemana AntiMalware verze 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)
Zoner Photo Studio X (HKLM\...\ZonerPhotoStudioX_CZ_is1) (Version: 19.1712.2.49 - ZONER software)

Packages:
=========
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-07-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-21] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2020-07-28] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0 [2021-10-14] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2856598848-2235660964-1980335571-1001_Classes\CLSID\{04271989-C4D2-0270-5571-AA743A928162} -> [OneDrive - d32d23d] => D:\onedrive\OneDrive - d32d23d [2019-08-25 08:35]
CustomCLSID: HKU\S-1-5-21-2856598848-2235660964-1980335571-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender 2.92\BlendThumb.dll (Stichting Blender Foundation -> )
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [SyncDriver.ShellExtension.ShellContextMenu] -> {7e839c68-031e-4011-9723-46ec4c6c50f1} => -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.pDAD] => C:\WINDOWS\system32\prodad-codec.dll [607256 2013-08-17] (proDAD GmbH -> proDAD GmbH)
HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
HKLM\...\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-25] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\dzave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e2f3576b7abb043d\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\dzave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\dzave\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\34021a3bcedd9bc8\Screen Recorder.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=dpidllmdbfmclpenbdfjkbbipkbbadbg --app-url

==================== Loaded Modules (Whitelisted) =============

2020-10-22 01:56 - 2020-10-22 01:56 - 025585152 _____ () [File not signed] C:\Program Files\DAUM\PotPlayer\ffcodec64.dll
2017-11-16 08:43 - 2017-11-16 08:43 - 014098432 _____ () [File not signed] C:\Program Files\DAUM\PotPlayer\Module\FFmpeg\FFmpeg64.dll
2016-10-27 11:38 - 2020-12-24 15:47 - 000295936 _____ () [File not signed] C:\Program Files\DAUM\PotPlayer\Module\FFmpeg\FFmpegMininum64.dll
2017-10-27 07:41 - 2017-10-27 07:41 - 005343744 _____ () [File not signed] C:\Program Files\DAUM\PotPlayer\Module\OpenCodec\OpenCodecUnity64.dll
2020-10-20 06:34 - 2020-10-20 06:34 - 000526336 _____ () [File not signed] C:\Program Files\DAUM\PotPlayer\Module\QuickSync64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-2856598848-2235660964-1980335571-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2856598848-2235660964-1980335571-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2856598848-2235660964-1980335571-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2856598848-2235660964-1980335571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-21] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp//files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp//files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)

dz61
nováček
Příspěvky: 18
Registrován: říjen 21
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod dz61 » 22 říj 2021 10:44

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\sharepoint.com -> hxxps://hkbaom-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-10-16 19:09 - 2021-10-16 19:09 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SystemRoot%\system32\WBEM;%SystemRoot%\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files (x86)\Java\jdk-12.0.1\bin;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\System32\OpenSSH\;C:\Users\dzave\AppData\Local\Microsoft\WindowsApps;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files (x86)\Java\jdk-12.0.1\bin;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\System32\OpenSSH\;C:\Users\dzave\AppData\Local\Microsoft\WindowsApps;C:\Users\dzave\AppData\Local\Microsoft\WindowsApps;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files (x86)\Java\jdk-12.0.1\bin;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\System32\OpenSSH\;C:\Users\dzave\AppData\Local\Microsoft\WindowsApps;C:\Users\dzave\AppData\Local\Microsoft\WindowsApps;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files (x86)\Java\jdk-12.0.1\bin;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\System32\OpenSSH\;C:\Users\dzave\AppData\Local\Microsoft\WindowsApps;C:\Users\dzave\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dzave\Desktop\the-big-bang-theory-3.jpg
HKU\S-1-5-21-2856598848-2235660964-1980335571-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"
HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\StartupApproved\Run: => "EpicGamesLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CE3B7025-5C2A-4737-98D7-80DE21194788}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{521F0B50-6EF9-4126-B558-9991492AB96D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FE4BA6DC-9EE8-46EF-B722-FA245B6A0476}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1FEF71E-D3A8-457D-BF46-28ED60B2A40E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C490EA22-A7E9-4E77-8452-F8432C53D412}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{32A2855A-D635-4B46-8D26-C6C393D7D835}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{4BAEA78E-EBD9-46E8-8475-DB02C01A0908}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E1C99299-7386-43C9-9F5C-D20B07F685C1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F46B01D0-9FB9-4D0A-9DC7-1776EAE74504}] => (Allow) D:\Hry\Origin Library\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{53266E99-D9D0-4186-BB41-E9113320E9C0}] => (Allow) D:\Hry\Origin Library\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{B09D0854-A4FE-4B84-BB39-116F64375B0B}] => (Allow) D:\Hry\Origin Library\Command and Conquer Tiberian Sun\TSLauncher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{D47FD624-9B94-4DAF-A013-77BE9CFAD491}] => (Allow) D:\Hry\Origin Library\Command and Conquer Tiberian Sun\TSLauncher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{ADCD9133-27E3-438A-B129-0209D8ACF194}] => (Allow) D:\Hry\Origin Library\CNC and The Covert Operations\CNC95Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{2E97911B-2F8A-4984-9F1D-B373A31C5B96}] => (Allow) D:\Hry\Origin Library\CNC and The Covert Operations\CNC95Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{54BC37DF-9B04-426F-BD6B-2D57360ABCCA}] => (Allow) D:\Hry\Origin Library\Command and Conquer Generals Zero Hour\Generals.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{DB2752B9-697E-4E90-8B03-3E8753BB8854}] => (Allow) D:\Hry\Origin Library\Command and Conquer Generals Zero Hour\Generals.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{DA1E134B-7981-4181-8D88-C7E2AC146610}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{BAEB600D-3E33-4EB8-A34B-BAF9F1A0D5DE}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{D86E1514-6878-4D1A-95ED-7ED0C8E54490}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{8669EEB3-F796-4C61-876A-F9E00A5BC971}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{76919DBE-E36D-4887-93C9-92F5B1834361}] => (Allow) D:\Hry\Origin Library\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe (Electronic Arts -> Kalloc Studios)
FirewallRules: [{B69C36D1-BC71-4D8D-A806-B51CC83CD7B2}] => (Allow) D:\Hry\Origin Library\Command and Conquer The Ultimate Collection Additional Content\Launcher.exe (Electronic Arts -> Kalloc Studios)
FirewallRules: [{90F159AA-41D3-45A8-BF96-7C6B2CA38F67}] => (Allow) D:\Hry\Origin Library\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{5690A941-1BE5-47DD-99F8-41B030104D28}] => (Allow) D:\Hry\Origin Library\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{904648F5-066D-429D-9B96-A8404A825860}] => (Allow) D:\Hry\SteamLibrary\steamapps\common\Call of Duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{9930A14A-7BF9-4929-8AC2-923EF4796A5B}] => (Allow) D:\Hry\SteamLibrary\steamapps\common\Call of Duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{D0238027-BC45-40BB-9B72-AD963EE7DB84}] => (Allow) D:\Hry\SteamLibrary\steamapps\common\Call of Duty 4\iw3sp.exe () [File not signed]
FirewallRules: [{73D6043D-1BD3-4EC1-8A7A-7B27878F2478}] => (Allow) D:\Hry\SteamLibrary\steamapps\common\Call of Duty 4\iw3sp.exe () [File not signed]
FirewallRules: [{B539E1B3-6D1A-4BAE-8D6E-ACEE046A272D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{71A230E8-FE74-4ECB-A01E-3FD1C1D02702}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4F752681-FA6B-4BA7-8F78-B86C5C01E89A}] => (Allow) C:\Program Files (x86)\Wargaming.net\GameCenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{7BFCC528-250E-4EF7-93CE-62C2D4BC6FC3}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [TCP Query User{A8486603-C35E-4E67-95E9-E84252292DB3}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Block) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{E4168D44-9F67-4D44-AE7D-9E9B7F1893AA}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{96008B27-FC2F-4A22-9879-526DF72EED57}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [UDP Query User{B15599FE-D372-4D41-8B52-B059230C37CC}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{BB506943-B621-4370-A0E1-9AAC4B5630FC}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{13BC2CEA-F56C-4D9F-A993-3EA83671B915}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming PCL -> Wargaming.net)
FirewallRules: [TCP Query User{442F6549-FD07-4598-83DE-BFCDE824254D}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe (Wargaming PCL -> Wargaming.net)
FirewallRules: [UDP Query User{75FD8D0A-7A65-4A38-A229-6829F835D688}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [TCP Query User{89F3F169-2853-4E4C-AFC5-A20396E2E505}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [UDP Query User{9052E5EC-C2B7-4DDD-ACA4-9DC8D8349AD3}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [TCP Query User{3D6E808A-C2B8-46A0-B976-B79C617E0A24}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [UDP Query User{42083724-23A3-443E-AE11-8117241830F5}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe
FirewallRules: [TCP Query User{0CF5EE47-2576-4B00-8B55-2635AB0BD609}C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_191\bin\javaw.exe
FirewallRules: [UDP Query User{11933C3D-817F-44CA-9F05-5E754A02698F}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{15E02693-BF0A-4C18-A61D-8411BC22533E}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{58690F40-671D-45B4-AD7B-9BFEDEF7524A}C:\users\dzave\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dzave\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{833B1C76-D37C-4ECE-B15D-C257DF27EE66}C:\users\dzave\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dzave\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{66C70AD9-7337-4203-A94A-2A93E59668D4}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [UDP Query User{D2CC68AD-A3AE-4801-B05C-E3914C5F3945}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{5F4402D4-3D79-4395-A9FC-8782B0D237CB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CBA747BD-8535-4171-8706-F0685A161309}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2BC24D52-E546-461A-A6E5-1C0C10E6DBD8}C:\users\dzave\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dzave\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{5466D9AD-DBFE-412D-A52D-70B435936979}C:\users\dzave\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\dzave\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{BD86043F-EFC6-4E67-A52F-F0E8C85B02A8}] => (Allow) LPort=1900
FirewallRules: [{F0881953-AC62-4A36-A480-A37122991198}] => (Allow) LPort=2869
FirewallRules: [{AFB4D658-1ACD-454C-B891-555DBAA6B297}] => (Allow) C:\Users\dzave\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{A89CFB04-73F2-4373-8A4F-E031933DCF8B}] => (Allow) C:\Users\dzave\AppData\Roaming\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C7469C3A-8601-496E-A39A-87FB27F6B7AE}] => (Allow) C:\WINDOWS\system32\spacedeskService.exe (Datronicsoft, Inc. -> )
FirewallRules: [{C5EE90F6-53D2-4D7E-A502-2D79AD6406DA}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{D53ACE77-1B20-48B1-8060-788B2E263718}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技(上海)有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{0EFC7D31-01EB-447C-95BB-C8664BCE4B71}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B13B2FB-66D3-4E7C-A7D5-FD4BB9F16B06}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6826081F-4EAC-4680-BB03-9E899E8A29DF}] => (Allow) C:\Program Files (x86)\Universal Media Server\jre8\bin\java.exe => No File
FirewallRules: [{934382BC-6687-44A4-87B2-85A7805066E6}] => (Allow) C:\Program Files (x86)\Universal Media Server\jre8\bin\javaw.exe => No File
FirewallRules: [{A2152309-4967-4A34-970D-6142CAEA55F8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F035A485-9FFB-4134-B628-E488E6725392}] => (Allow) LPort=3529
FirewallRules: [{37E99FD7-DCF7-4ADA-AD4B-8B5D8D81DFAF}] => (Allow) LPort=3530
FirewallRules: [{DDBF86EC-60CE-42F0-A287-9742D962A806}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{937C4F00-517E-4444-9F97-178A1F796EE8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BC34B127-602D-47D7-83F5-0B4A84C384E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{98C567EE-B96D-4107-991E-7A0FC8F6670A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AB0D46C1-7BD8-4FB4-9C0B-9F3B1EFF4899}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F60199EA-0ECE-464E-88A8-A4F8517BA889}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CDE046BB-805A-4EFC-8D78-50140C855CF9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8A0EEE8B-3A47-48FB-9B99-24596046151E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0785C9C6-144A-48FF-A940-8D44902E0628}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CF7AB384-F873-4ACC-A885-6FBA83BA8C33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.170.610.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D00EE25C-612A-4720-B3D2-2365659844C4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\94.0.992.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

14-10-2021 22:33:35 Instalační služba modulů systému Windows
16-10-2021 14:47:14 JRT Pre-Junkware Removal
16-10-2021 19:50:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

Name: Komunikační port (COM1)
Description: Komunikační port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní typy portů)
Service: Serial
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Myš Microsoft PS/2
Description: Myš Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/16/2021 07:36:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: MBAMService.exe, verze: 3.2.0.999, časové razítko: 0x6155144a
Název chybujícího modulu: MBAMService.exe, verze: 3.2.0.999, časové razítko: 0x6155144a
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000008a928
ID chybujícího procesu: 0x1030
Čas spuštění chybující aplikace: 0x01d7c1cd58bda9d7
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
ID zprávy: c6048dea-4b98-423c-a911-ce8bdb509b01
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/16/2021 07:08:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1202, časové razítko: 0xc9db1934
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000034f99
ID chybujícího procesu: 0x2d2c
Čas spuštění chybující aplikace: 0x01d7c2b07808d799
Cesta k chybující aplikaci: C:\Users\dzave\AppData\Local\Temp\DaS_21.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 45b04c8e-dc09-4bbe-a466-096875450b0b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/16/2021 07:08:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DaS_21.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.IOException
na System.IO.__Error.WinIOError(Int32, System.String)
na System.Console.SetWindowSize(Int32, Int32)
na DriverAndServicesOut.Program.Main(System.String[])

Error: (10/16/2021 07:06:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: zoek (1).exe, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1288, časové razítko: 0x3e55bd0b
Kód výjimky: 0xc0000409
Posun chyby: 0x0012b5b2
ID chybujícího procesu: 0x1580
Čas spuštění chybující aplikace: 0x01d7c2b02bb25380
Cesta k chybující aplikaci: C:\Users\dzave\Downloads\zoek1\zoek1\zoek (1).exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 065d32d8-9069-47b2-a665-80d1a7276ad5
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/16/2021 07:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.19041.1202, časové razítko: 0x5a9c433e
Kód výjimky: 0xc000041d
Posun chyby: 0x00005e37
ID chybujícího procesu: 0x1ffc
Čas spuštění chybující aplikace: 0x01d7c2a82da32de6
Cesta k chybující aplikaci: C:\Users\dzave\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 9c740184-b352-439c-9245-d10b2f51b449
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/16/2021 03:40:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.19041.1202, časové razítko: 0x5a9c433e
Kód výjimky: 0xc000041d
Posun chyby: 0x00005e37
ID chybujícího procesu: 0x3410
Čas spuštění chybující aplikace: 0x01d7c2934afe9646
Cesta k chybující aplikaci: C:\Users\dzave\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: c520ad11-ddad-4220-87a6-88d641b804c9
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/16/2021 02:50:17 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službě Windows Search se nepodařilo zpracovat seznam zahrnutých a vyloučených umístění, a to s chybou <30, 0x80040d07, iehistory://{S-1-5-21-2856598848-2235660964-1980335571-1001}/>.

Error: (10/16/2021 02:50:16 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (12184,G,0) Pokus o otevření souboru C:\Users\dzave\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení selhal. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru selže a dojde k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (10/16/2021 10:52:08 PM) (Source: DCOM) (EventID: 10001) (User: DZAVEL-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (10/16/2021 10:37:15 PM) (Source: DCOM) (EventID: 10001) (User: DZAVEL-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (10/16/2021 08:51:35 PM) (Source: DCOM) (EventID: 10001) (User: DZAVEL-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (10/16/2021 08:51:31 PM) (Source: DCOM) (EventID: 10001) (User: DZAVEL-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (10/16/2021 08:22:08 PM) (Source: DCOM) (EventID: 10001) (User: DZAVEL-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (10/16/2021 08:07:45 PM) (Source: DCOM) (EventID: 10001) (User: DZAVEL-PC)
Description: Nelze spustit server DCOM: Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca jako Není k dispozici/Není k dispozici. Došlo k chybě:
2147942402
při provádění příkazu:
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10007.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca

Error: (10/16/2021 07:51:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (10/16/2021 07:37:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WsAppService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
================
Date: 2021-10-16 10:21:41
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A3FAD120-5699-48F9-8F04-F8F4636D6C15}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-14 21:33:32
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A75C3FCD-2EA0-4E21-978B-68B0AB26B92C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-10-12 20:09:37
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/AgentTesla!MSR
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\Garbage Cleaner\Garbage Cleaner.exe; file:_C:\Users\dzave\AppData\Local\Microsoft\Windows\INetCache\IE\C3TLTR0Z\null[2]; file:_C:\Users\dzave\Desktop\Garbage Cleaner.lnk
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DZAVEL-PC\dzavel
Název procesu: C:\Users\dzave\AppData\Local\Temp\5hgzuob3.ix3\gcleaner.exe
Verze bezpečnostních informací: AV: 1.351.277.0, AS: 1.351.277.0, NIS: 1.351.277.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4

Date: 2021-10-12 20:09:24
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PWS:MSIL/RedLine.GG!MTB
Závažnost: Vážné
Kategorie: Program zcizující hesla
Cesta: amsi:_C:\Users\dzave\AppData\Roaming\wowsfree\mopnns.exe
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: AMSI
Uživatel: DZAVEL-PC\dzavel
Název procesu: C:\Users\dzave\AppData\Roaming\wowsfree\mopnns.exe
Verze bezpečnostních informací: AV: 1.351.277.0, AS: 1.351.277.0, NIS: 1.351.277.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4

Date: 2021-10-12 20:09:19
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:MSIL/AgentTesla!MSR
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\Garbage Cleaner\Garbage Cleaner.exe; file:_C:\Users\dzave\AppData\Local\Microsoft\Windows\INetCache\IE\C3TLTR0Z\null[2]
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DZAVEL-PC\dzavel
Název procesu: C:\Users\dzave\AppData\Local\Temp\5hgzuob3.ix3\gcleaner.exe
Verze bezpečnostních informací: AV: 1.351.277.0, AS: 1.351.277.0, NIS: 1.351.277.0
Verze modulu: AM: 1.1.18600.4, NIS: 1.1.18600.4

CodeIntegrity:
===============
Date: 2021-10-16 19:39:21
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-10-16 19:36:24
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-10-15 18:26:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MDEServer.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\LAVSplitter.ax that did not meet the Microsoft signing level requirements.

Date: 2021-10-15 18:26:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\MDEServer.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub64\vsfilter.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F21 03/06/2017
Motherboard: Gigabyte Technology Co., Ltd. Z170-D3H-CF
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 33%
Total physical RAM: 32716.46 MB
Available physical RAM: 21890.27 MB
Total Virtual: 32716.46 MB
Available Virtual: 21120.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.46 GB) (Free:55.26 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:280.06 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{0002c029-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{0002c029-0000-0000-0000-d07c3b000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F3CC3946)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 0002C029)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=529 MB) - (Type=27)

==================== End of Addition.txt =======================

dz61
nováček
Příspěvky: 18
Registrován: říjen 21
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod dz61 » 22 říj 2021 10:45

Google učtem jsem přihlášen a zatím klid. FB učet jsem zavrhl a uplný klid :D

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41953
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu / bezpečnostní odhlášení z google učtu

Příspěvekod jaro3 » 22 říj 2021 16:30

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {597C2E0F-D640-48CA-A3FF-FC86054DC8AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-28] (Google Inc -> Google Inc.)
Task: {F59B3D7F-593F-42F1-8AD8-A60201F7107C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-28] (Google Inc -> Google Inc.)
CHR HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - <no Path/update_url>
CHR HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
S2 AppServicee; C:\WINDOWS\system32\WYQP1QL75V.tmp [X] <==== ATTENTION
U2 MediaMall Server; no ImagePath
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
HKU\S-1-5-21-2856598848-2235660964-1980335571-1001\...\ChromeHTML: -> <==== ATTENTION
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => -> No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-2856598848-2235660964-1980335571-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2856598848-2235660964-1980335571-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp//www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2856598848-2235660964-1980335571-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
Virustotal: C:\Users\dzave\AppData\Roaming\6048711.scr

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 2 hosti