Prosím o kontrolu logu

[devet]

Vážení,
tak jsem zde zase. Prosím o kontrolu logu.
Mám hacknutý i mail (jiri.trachtaboomerangcoffee.cz), nevboť mi stále někdo vyhrožuje, že zveřejní...atd včetně záběr kamer, kterou nemám.
Koupil jsem i AVAST...a nic.
Děkuji předem za ochotu i čas.
S úctou
juráš

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[devet]

Rudy,
Vy jste držák. Vždy odpovíte hned...
S díky a úctou.
juráš
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-16-2024
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.3930)
# Cleaned: 21
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\jtrac\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\jtrac\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA8EC77A-9A17-4EA3-965A-E2C9A4B1BFE5}

[Rudy]

Držák? Ne, jsem už v důchodu a tak sem chodím relaxovat. Dejte nové logy FRST+Addition.

[devet]

Rudy,
to jsme dva. Já už 72
Ach jo
S díky
juráš
P.S. Co je to za sráče. Pošta mně nefunguje a když už něco přijde, tak výhrůžky. Mlátit přes ruce, co nechtějí dělat jen krást..

[Rudy]

Nemohl byste, prosím zkopírovat logy přímo do fóra? Hází mi to chybu zabezpečeného připojení a neotevřu to. Děkuji. Mne bude letos 70.

[devet]

Rudy,
házím
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.01.2024
Ran by jtrac (16-01-2024 13:52:31)
Running from C:\Users\jtrac\OneDrive\Plocha
Microsoft Windows 10 Pro Version 22H2 19045.3930 (X64) (2022-02-09 11:26:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3412725004-164030467-415606481-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3412725004-164030467-415606481-503 - Limited - Disabled)
Guest (S-1-5-21-3412725004-164030467-415606481-501 - Limited - Disabled)
jtrac (S-1-5-21-3412725004-164030467-415606481-1001 - Administrator - Enabled) => C:\Users\jtrac
WDAGUtilityAccount (S-1-5-21-3412725004-164030467-415606481-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
ABBYY FineReader 15 (HKLM\...\{F15000FE-0001-6400-0000-074957833700}) (Version: 15.0.1496 - ABBYY Production LLC)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.008.20458 - Adobe)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_0) (Version: 23.0.0.36 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AM-DeadLink 4.3 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.3 - www.aignes.com)
AnyMP4 Video Converter Ultimate 7.2.52 (HKLM-x32\...\{B77ACAAE-53EE-43c3-86F1-4AEA52F6CDD5}_is1) (Version: 7.2.52 - AnyMP4 Studio)
AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: 7.3.3 - AOMEI International Network Limited.)
Avast BreachGuard (HKLM\...\AvastBreachGuard) (Version: 24.1.2197.8110 - Avast Software)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 23.3.15310.15040 - Avast Software)
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 23.12.6094 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 120.0.23505.199 - Autoři prohlížeče Avast Secure Browser)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.29.9426.10938 - Avast Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1653.5 - AVAST Software) Hidden
Avidemux VC++ 64bits (HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\{4d8c42c8-5d0c-4992-9e59-13c5068aaa37}) (Version: 2.8.0 - Mean)
Beyond Compare 4 (HKLM\...\{44E72A8E-80FF-4B71-B049-3D28A07B63BF}) (Version: 4.4.7.28397 - Scooter Software, Inc.)
calibre 64bit (HKLM\...\{0269E9B3-B0A8-4849-9D2A-1090C32982DF}) (Version: 7.3.0 - Kovid Goyal)
Driver Booster 11 (HKLM-x32\...\Driver Booster_is1) (Version: 11.1.0 - IObit)
Epson Event Manager (HKLM-x32\...\{B2C43D52-57F3-4D8B-A953-7DAC970B5CF7}) (Version: 3.11.77 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L3210 Series Printer Uninstall (HKLM\...\EPSON L3210 Series) (Version: - Seiko Epson Corporation)
EPSON L550 Series Printer Uninstall (HKLM\...\EPSON L550 Series) (Version: - SEIKO EPSON Corporation)
Epson Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 2.0.4.0 - Seiko Epson Corporation)
Epson Photo+ (HKLM-x32\...\{951BB68A-520D-44B7-B5FF-01140AECF27C}) (Version: 3.8.1.0 - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{DE32F90E-1A29-4D74-BCF1-E7DDB25D713A}) (Version: 3.4.0.0 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{3615C893-F844-4A5B-B949-8409EAB62271}) (Version: 3.00.05 - Seiko Epson Corporation)
EPSON Scan PDF Extensions (HKLM-x32\...\{E4C6B326-8218-4FC2-8B48-85A19DAB3AE4}) (Version: 1.03.02.01 - Seiko Epson Corporation)
Epson ScanSmart (HKLM-x32\...\{1A1B60BB-F156-4F6D-AD79-8A096B67E9AB}) (Version: 3.7.10 - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{711E8536-AB71-4455-A6C4-357FDBBEBF91}) (Version: 4.6.7 - Seiko Epson Corporation)
Epubor Ultimate (HKLM-x32\...\Epubor Ultimate) (Version: 3.0.14.402 - Epubor Inc.)
Eusing Cleaner (HKLM-x32\...\Eusing Cleaner) (Version: - Eusing Freeware)
Fakturky 755F (HKLM-x32\...\Fakturky 755F_is1) (Version: 755F - Milan Bánovský)
FileZilla 3.66.4 (HKLM-x32\...\FileZilla Client) (Version: 3.66.4 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.217 - Google LLC)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 27.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5171 - Intel Corporation)
IObit Uninstaller 13 (HKLM-x32\...\IObitUninstall) (Version: 13.2.0.5 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.3.0.11 - IObit)
IrfanView 4.66 (64-bit) (HKLM\...\IrfanView64) (Version: 4.66 - Irfan Skiljan)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kontrola stavu osobnĂ­ho poÄŤĂ­taÄŤe s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Master PDF Editor 5.3.12 (HKLM\...\Master PDF Editor 5.3.12_is1) (Version: 5.3.12 - Code Industry Ltd.)
MediaMonkey 5 (HKLM-x32\...\MediaMonkey 5_is1) (Version: 5 - Ventis Media Inc.)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.17126.20132 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.225.1026.0001 - Microsoft Corporation)
Microsoft Project - cs-cz (HKLM\...\ProjectProRetail - cs-cz) (Version: 16.0.17126.20132 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33130 (HKLM-x32\...\{2cfeba4a-21f8-4ea7-9927-c5a5c6f13cc9}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33130 (HKLM\...\{C31777DB-51C1-4B19-9F80-38EF5C1D7C89}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33130 (HKLM\...\{1CA7421F-A225-4A9C-B320-A36981A2B789}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33130 (HKLM-x32\...\{5CA9AE7B-2EFC-4F02-81CD-32ABE173C755}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33130 (HKLM-x32\...\{DF1B52DF-C88E-4DDF-956B-6E7A03327F46}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
MP3 Splitter Joiner Pro v4.2 build 2612 (HKLM-x32\...\{F88C04C9-9CDC-4830-A533-CC5E3D69F2A1}_is1) (Version: - Hoo Technologies)
Mp3tag v3.23 (HKLM\...\Mp3tag) (Version: 3.23 - Florian Heidenreich)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 2.1 - F.J. Wechselberger)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17126.20132 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
PowerISO (HKLM-x32\...\PowerISO) (Version: 8.1 - Power Software Ltd)
PSPad editor (HKLM\...\PSPad editor 64bit_is1) (Version: 5.0.7.775 - Jan Fiala)
Q-Dir (HKLM\...\Q-Dir) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9225.1 - Realtek Semiconductor Corp.)
Riot - Radical Image Optimization Tool (HKLM-x32\...\Riot) (Version: - )
Similarity 64-bit 2.5.1 (HKLM\...\{3D3C412A-8521-4C5C-83F3-94CC8223C309}) (Version: 2.5.2415 - GAR Software)
SlimComputer verze 1.5 (HKLM-x32\...\SlimComputer_is1) (Version: 1.5 - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 11.00 - Ghisler Software GmbH)
Universal Document Converter (HKLM-x32\...\Universal Document Converter_is1) (Version: 6.7 - fCoder SIA)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Windows 10 Manager (HKLM\...\{772111FF-3D3F-4A04-9183-E5FA22D0DC62}) (Version: 3.8.8 - Yamicsoft) Hidden
Windows 10 Manager (HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\Windows 10 Manager 3.8.8) (Version: 3.9.0 - Yamicsoft)
WinRAR 6.24 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.24.0 - win.rar GmbH)
Wondershare NativePush(Build 1.0.0.7) (HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\Wondershare NativePush_is1) (Version: - )
Wondershare UniConverter 14(Build 14.1.19.209) (HKLM\...\UniConverter 14_is1) (Version: 14.1.19.209 - Wondershare Software)

Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-23] ()
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.4.0.0_x64__v10z8vjag6ke6 [2023-12-11] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.31.22.0_x64__v10z8vjag6ke6 [2023-11-23] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3412725004-164030467-415606481-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\jtrac\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
CustomCLSID: HKU\S-1-5-21-3412725004-164030467-415606481-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-12-22] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-12-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-12-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2023-10-04] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers1: [FineReader15ContextMenu] -> {53339754-4DD1-438B-8D24-0D0730F1A591} => C:\Program Files (x86)\ABBYY FineReader 15\x64\FRIntegration.x64.dll [2019-08-23] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [File not signed]
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-11-04] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-12-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2023-10-04] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2022-09-29] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-11-04] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncShell64.dll [2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-12-22] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2023-10-04] (Scooter Software Inc -> Scooter Software)
ContextMenuHandlers6: [FineReader15ContextMenu] -> {53339754-4DD1-438B-8D24-0D0730F1A591} => C:\Program Files (x86)\ABBYY FineReader 15\x64\FRIntegration.x64.dll [2019-08-23] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2022-10-20] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2021-11-04] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll [2020-10-10] (IObit Information Technology -> IObit Information Technology)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-02-09 15:14 - 2018-05-15 07:34 - 000026112 _____ (Copyright (c) Code Industry Ltd) [File not signed] C:\WINDOWS\System32\mpelocalmon.dll
2023-08-08 19:59 - 2023-08-08 19:59 - 000242688 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2023-08-08 19:59 - 2023-08-08 19:59 - 000057856 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\EPNWPSHDevFinder.DLL
2023-08-08 19:59 - 2023-08-08 19:59 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [286]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3412725004-164030467-415606481-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2022-02-16 06:47:22&iid=3b588d00-1c8b-4329-b3d7-2b94c6b1badf&bName=
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2023-07-21] (IObit CO., LTD -> IObit)
BHO: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-02-03 13:29 - 2023-11-24 13:31 - 000002525 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 www.aomeitech.com
127.0.0.1 wondershare.net
127.0.0.1 www.wondershare.net
127.0.0.1 a104-126-254-40.deploy.static.akamaitechnologies.com
127.0.0.1 wondershare.com
127.0.0.1 www.wondershare.com
127.0.0.1 filmora.wondershare.com
127.0.0.1 mobilego.wondershare.com
127.0.0.1 support.wondershare.net
127.0.0.1 support.wondershare.com
127.0.0.1 cbs.wondershare.com
127.0.0.1 cbs.wondershare.net
127.0.0.1 platform.wondershare.com
127.0.0.1 statics.was.wondershare.com
127.0.0.1 resource.wondershare.com
127.0.0.1 myphone-download.wondershare.cc
127.0.0.1 antipiracy.wondershare.com
127.0.0.1 cc-antipiracy.wondershare.cc
127.0.0.1 sparrow.wondershare.com
127.0.0.1 dc.wondershare.cc
127.0.0.1 cbs.wondershare.cn
127.0.0.1 api.wondershare.com
127.0.0.1 product-api.wondershare.com
127.0.0.1 myphone-api.wondershare.cc
127.0.0.1 order-api.wondershare.com
127.0.0.1 media.io
127.0.0.1 www.media.io
127.0.0.1 keepvid.cc
127.0.0.1 www.keepvid.cc
127.0.0.1 52.90.fd9f.ip4.static.sl-reverse.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SystemRoot%\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;C:\WINDOWS\system32\WBEM;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Users\jtrac\AppData\Local\Microsoft\WindowsApps;;C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1;;C:\Program Files\Calibre2\;C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3;
HKU\S-1-5-21-3412725004-164030467-415606481-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jtrac\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 100.126.0.1 - 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "UniConverterUpdateHelper"
HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\StartupApproved\Run: => "CCleanerssProfessional"
HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D784BB5A-B775-45D1-BBFD-E65ABA76D88A}C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe] => (Allow) C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [UDP Query User{09E616B6-96FA-4D1F-A4B4-4CDCA630E533}C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe] => (Allow) C:\program files (x86)\mediamonkey 5\mediamonkeyengine.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{785A1437-235C-4AD0-9E8A-E25CAF09EF71}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3854B4FF-1DC8-408D-9495-7F5F78F8B75A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9A713B3A-608B-47C6-92A5-CBB8F3842594}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{4F3C81BB-E72C-4BFA-9A3C-8C93A9879F5A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [TCP Query User{57361BBB-9C40-416D-811A-72EFAAF4C2A7}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe () [File not signed]
FirewallRules: [UDP Query User{E4987988-E2E6-4158-87A0-393D56AA4881}C:\program files (x86)\epubor\ultimate\epuborultimate.exe] => (Allow) C:\program files (x86)\epubor\ultimate\epuborultimate.exe () [File not signed]
FirewallRules: [{38B2E158-0034-4AC1-AD74-F329A11E9B07}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{7FB2F2C5-7D5F-4758-A2A2-6B07D078699E}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\6.9.1\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{9BDD3E75-A86D-48C4-99F8-41B938500E62}] => (Allow) C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{D7EC710C-44F4-4AB8-8F26-F6D2116A9825}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{43C2A841-7036-42E9-A7D7-B93B91698081}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{5FBD8D8D-BBB2-440A-9901-37F2D92F3311}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{322AF118-9518-4C68-B2DB-D64149DEE4EA}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{A1B7AF40-B601-4931-A07E-9021E719512E}] => (Allow) C:\Program Files\Avast Software\BreachGuard\bgui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{2E9724A2-4239-43DD-9EEE-F93BC20DEBAD}] => (Allow) C:\Program Files\Avast Software\BreachGuard\bgui.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0464B76F-9BC9-43CD-9AAB-0A92CA8B7B43}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{B174846E-38C3-4A10-9789-F2DDD15DF27B}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{70A1110B-F63F-4D36-BBFC-997F3A7042C7}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{7051FC52-3A22-4D67-8A75-B4B01D4BBB97}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{347FA59C-4DA1-4702-8A5D-EFB4A2683D88}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9387A551-4724-4535-83A1-11C5FB0B1627}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6B62CA15-87E4-4AF0-A0CE-DE9D45DE1BD4}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{5539FDDB-037B-4AD2-9F75-1A817A0B6622}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{1BF0457C-6B6D-4F48-AD51-08119FD3D358}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{986A9936-DB58-468F-B64F-8317FA3C6381}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{C6D9A15B-3B84-4EF5-8F65-CA18462428BA}] => (Allow) C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{C83D2EC3-E730-4FCF-824C-915CB74EC764}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7BBF6C3B-EDBD-4655-9937-60B7705AA2E3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{71DA4912-BC97-4EC8-8861-0078071CD7A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BA7DE97F-A7BE-4487-9F78-B366A41EBF56}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4F872A08-5347-41EB-8F94-334F3CD87D2A}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{E7013A8C-A57B-4731-9438-E607E7F2E1AF}] => (Allow) C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe (AOMEI International Network Limited -> AOMEI International Network Limited)
FirewallRules: [{99597DD8-8A00-43E4-BF46-5F7F45EBC96E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{51A7D262-8B2C-4CBE-9453-FCB6957C5FB1}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

10-01-2024 08:55:21 Instalační služba modulů systému Windows
16-01-2024 13:23:33 AdwCleaner_BeforeCleaning_16/01/2024_13:23:33

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Myš Microsoft PS/2
Description: Myš Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/16/2024 01:49:49 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (5800,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (01/16/2024 01:49:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (6160,R,98) SUS20ClientDataStore: Při otevírání souboru protokolu C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00017.log došlo k chybě -1811 (0xfffff8ed).

Error: (01/16/2024 01:49:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (5756,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (01/16/2024 01:49:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (5756,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (01/16/2024 01:49:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (5756,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (01/16/2024 01:49:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (5756,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (01/16/2024 01:49:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (5756,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).

Error: (01/16/2024 01:49:00 PM) (Source: ESENT) (EventID: 483) (User: )
Description: svchost (5756,P,98) SRUJet: Pokus o vytvoření složky C:\WINDOWS\system32\SRU\ selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření složky selže a dojde k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (01/16/2024 01:51:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Edge Update Service (edgeupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/16/2024 01:49:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba EpsonCustomerResearchParticipation neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/16/2024 01:49:07 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1TH6EDE)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/16/2024 01:49:07 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1TH6EDE)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/16/2024 01:23:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K identifikaci rozhraní, jehož inicializace se nezdařila, lze použít
řetězec %2. Je reprezentován adresou MAC tohoto rozhraní nebo globálně
jedinečným identifikátorem (GUID), pokud nemohlo rozhraní NetBT
získat adresu MAC podle identifikátoru GUID. Pokud nebyla k dispozici adresa MAC
ani identifikátor GUID, je řetězec reprezentován názvem zařízení clusteru.

Error: (01/16/2024 01:23:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K identifikaci rozhraní, jehož inicializace se nezdařila, lze použít
řetězec %2. Je reprezentován adresou MAC tohoto rozhraní nebo globálně
jedinečným identifikátorem (GUID), pokud nemohlo rozhraní NetBT
získat adresu MAC podle identifikátoru GUID. Pokud nebyla k dispozici adresa MAC
ani identifikátor GUID, je řetězec reprezentován názvem zařízení clusteru.

Error: (01/16/2024 01:23:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K identifikaci rozhraní, jehož inicializace se nezdařila, lze použít
řetězec %2. Je reprezentován adresou MAC tohoto rozhraní nebo globálně
jedinečným identifikátorem (GUID), pokud nemohlo rozhraní NetBT
získat adresu MAC podle identifikátoru GUID. Pokud nebyla k dispozici adresa MAC
ani identifikátor GUID, je řetězec reprezentován názvem zařízení clusteru.

Error: (01/16/2024 01:23:53 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K identifikaci rozhraní, jehož inicializace se nezdařila, lze použít
řetězec %2. Je reprezentován adresou MAC tohoto rozhraní nebo globálně
jedinečným identifikátorem (GUID), pokud nemohlo rozhraní NetBT
získat adresu MAC podle identifikátoru GUID. Pokud nebyla k dispozici adresa MAC
ani identifikátor GUID, je řetězec reprezentován názvem zařízení clusteru.


Windows Defender:
================
Date: 2022-11-22 06:48:22
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.H!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_E:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
PĹŻvod detekce: MĂ­stnĂ­ poÄŤĂ­taÄŤ
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
UĹľivatel: DESKTOP-1TH6EDE\jtrac
Název procesu: D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
Verze bezpeÄŤnostnĂ­ch informacĂ­: AV: 1.379.727.0, AS: 1.379.727.0, NIS: 1.379.727.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-21 14:49:06
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/SyncAppvPublishAbuse.A
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: CmdLine:_C:\Windows\System32\wscript.exe C:\Windows\System32\SyncAppvPublishingServer.vbs n; $a=Get-Content C:\Windows\logs\system-logs.txt | Select -Index 17033;$script_decoded = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($a)); $script_block = [Scriptblock]::Create($script_decoded);Invoke-Command $script_block
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Systém
UĹľivatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpeÄŤnostnĂ­ch informacĂ­: AV: 1.379.706.0, AS: 1.379.706.0, NIS: 1.379.706.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-21 14:39:24
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_F:\INSTALPRAC\SYSTEM\KSM.Aktivator.Office2017.exe
PĹŻvod detekce: MĂ­stnĂ­ poÄŤĂ­taÄŤ
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
UĹľivatel: DESKTOP-1TH6EDE\jtrac
Název procesu: D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
Verze bezpeÄŤnostnĂ­ch informacĂ­: AV: 1.379.706.0, AS: 1.379.706.0, NIS: 1.379.706.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-21 14:38:02
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Script/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_D:\INSTALPRAC\GRAFIKA\Master PDF Editor 5.8.03 (x64)FUN\Master PDF Editor 5.8.03 (x64)FUN.rar
PĹŻvod detekce: MĂ­stnĂ­ poÄŤĂ­taÄŤ
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
UĹľivatel: DESKTOP-1TH6EDE\jtrac
Název procesu: D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
Verze bezpeÄŤnostnĂ­ch informacĂ­: AV: 1.379.706.0, AS: 1.379.706.0, NIS: 1.379.706.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

Date: 2022-11-21 14:32:24
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Backdoor:Win32/Bladabindi!ml
Závažnost: Vážné
Kategorie: Zadní vrátka
Cesta: file:_D:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
PĹŻvod detekce: MĂ­stnĂ­ poÄŤĂ­taÄŤ
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
UĹľivatel: DESKTOP-1TH6EDE\jtrac
Název procesu: D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
Verze bezpeÄŤnostnĂ­ch informacĂ­: AV: 1.379.706.0, AS: 1.379.706.0, NIS: 1.379.706.0
Verze modulu: AM: 1.1.19800.4, NIS: 1.1.19800.4

CodeIntegrity:
===============
Date: 2024-01-16 13:52:43
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2024-01-16 13:50:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard L01 v02.33 07/15/2014
Motherboard: Hewlett-Packard 1998
Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 61%
Total physical RAM: 8103.52 MB
Available physical RAM: 3104.11 MB
Total Virtual: 16295.52 MB
Available Virtual: 11007.48 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:237.34 GB) (Free:156.95 GB) (Model: SanDisk SD8SB8U256G1122) NTFS
Drive d: (PRACKAV) (Fixed) (Total:2794.5 GB) (Free:1128.41 GB) (Model: TOSHIBA HDWD130) NTFS

\\?\Volume{4137a2b2-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:1.13 GB) (Free:0.17 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 4137A2B2)
Partition 1: (Active) - (Size=1.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.3 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
a
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2024
Ran by jtrac (administrator) on DESKTOP-1TH6EDE (Hewlett-Packard HP EliteDesk 800 G1 SFF) (16-01-2024 13:51:40)
Running from C:\Users\jtrac\OneDrive\Plocha\FRST64.exe
Loaded Profiles: jtrac
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3930 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe <4>
(C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe ->) (Avast Software s.r.o. -> Avast Software) C:\Program Files\Avast Software\SecureLine VPN\WireGuard\wireguardtun.exe
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\BreachGuard\bgui.exe <3>
(explorer.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <24>
(explorer.exe ->) (Nenad Hrg -> Nenad Hrg (SoftwareOK.com)) C:\Program Files\Q-Dir\Q-Dir.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIYXE.EXE
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\BreachGuard\bgsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3745_none_7ded3f327ca60a41\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102800 2021-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617864 2021-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Q-Dir] => C:\Program Files\Q-Dir\Q-Dir.exe [2323776 2022-02-24] (Nenad Hrg -> Nenad Hrg (SoftwareOK.com))
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [4478360 2023-11-22] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Avast BreachGuard] => C:\Program Files\Avast Software\BreachGuard\bgui.exe [7718296 2024-01-10] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [417176 2023-12-22] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [455968 2023-05-26] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2756368 2023-08-09] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIYXE.EXE [486808 2022-04-12] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3412725004-164030467-415606481-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2022-11-22] (BitTorrent Inc -> BitTorrent, Inc.)
HKLM\...\Print\Monitors\EPSON L3210 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBYXE.DLL [237568 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EPSON L550 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMI6E.DLL [120320 2011-04-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\MPE3 Port: C:\WINDOWS\system32\mpelocalmon.dll [26112 2018-05-15] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\...\Print\Monitors\PDF-XChange5-ABBYY-FR15: C:\WINDOWS\system32\pxc50pmaf15.dll [57328 2018-12-05] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\...\Print\Monitors\UDC: C:\WINDOWS\system32\udcpm.dll [42456 2016-11-05] (fCoder SIA -> fCoder Group, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.217\Installer\chrmstp.exe [2024-01-10] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\120.0.23505.199\Installer\chrmstp.exe [2024-01-16] (Avast Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2024-01-16]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {F0CEC57D-5FA2-466D-951F-9D3399E5EC61} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {FAE20A4A-1B0E-4E82-A5DD-AEC6FB98AEFF} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5094808 2023-12-22] (Avast Software s.r.o. -> AVAST Software)
Task: {0ADC3C72-FF47-41C7-877F-53FE1A718651} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [3057448 2024-01-04] (Avast Software s.r.o. -> AVAST Software)
Task: {546ABB36-4B46-4212-86CD-820734BDCB74} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [3057448 2024-01-04] (Avast Software s.r.o. -> AVAST Software)
Task: {4B764D91-33E4-4DFB-B55C-749732502A7C} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1425816 2024-01-16] (Avast Software s.r.o. -> AVAST Software)
Task: {0F2BF6D3-C8A0-47EB-A885-CDCCA605FB65} - System32\Tasks\Avast Software\Avast BreachGuard Crash Reporter => C:\Program Files\Avast Software\BreachGuard\AvBugReport.exe [4976024 2024-01-10] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 135 --path "C:\ProgramData\Avast Software\BreachGuard\log" --logpath "C:\ProgramData\Avast Software\BreachGuard\log" --configpath "C:\Program Files\Avast Software\BreachGuard\Setup" --programpath "C:\Program Files\Avast Software\BreachGuard" --guid d03b2697-4 (the data entry has 26 more characters).
Task: {A8E8194E-B76C-4592-A49D-F4FC6ADA8883} - System32\Tasks\Avast Software\Avast BreachGuard Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-bg\icarus.exe [7498648 2024-01-03] (Avast Software s.r.o. -> Avast Software)
Task: {7635D510-4AE3-4ED9-88A9-8091117F50F2} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [4845464 2023-11-22] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\A (the data entry has 70 more characters).
Task: {04B3A491-053D-4BA4-86C0-3EB38709C7AF} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [7319448 2023-11-20] (Avast Software s.r.o. -> Avast Software)
Task: {EE729D8F-4CAD-4BC5-855F-3256FCE12D7E} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4920728 2024-01-16] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramDat (the data entry has 80 more characters).
Task: {9ED2D688-9155-430A-8378-B79EFA6C1C2D} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [7498648 2024-01-09] (Avast Software s.r.o. -> Avast Software)
Task: {FA199768-F906-4424-A393-1364135C7424} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-11-23] (Avast Software s.r.o. -> Avast Software)
Task: {7B67F3A6-F8DC-460B-BBC8-ABCE42A1E431} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-11-23] (Avast Software s.r.o. -> AVAST Software)
Task: {6C89BA66-CD0C-4D01-B88E-95EEE5C85A4C} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-11-23] (Avast Software s.r.o. -> AVAST Software)
Task: {08CB8D2F-21E0-4B22-A94B-3A6F67B805D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [5550856 2023-12-13] (Microsoft Windows -> Microsoft Corporation)
Task: {A3EE9EC5-2507-4D1C-BF7E-50DDEA7C4064} - System32\Tasks\Driver Booster SkipUAC (jtrac) => C:\Program Files (x86)\IObit\Driver Booster\11.1.0\DriverBooster.exe [9044456 2023-10-26] (IObit CO., LTD -> IObit)
Task: {75FBD40C-6C8E-4CE2-9B50-0E80BD52FD76} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\11.1.0\AutoUpdate.exe [2524648 2023-09-28] (IObit CO., LTD -> IObit)
Task: {3D2402A1-13A1-4749-9DEF-5837C68857AE} - System32\Tasks\EPSON L3210 Series Update {66AAEAEE-0415-4056-9425-BC66E1AB62F2} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYXE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {84354AC7-6400-4A9D-BF0B-3933B27FBAA1} - System32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {A9EF7BA9-7403-4286-AADB-5A727492FDB2} - System32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {5FFE0637-8C50-48C9-84AC-6E52329E21A0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -ABO (No File)
Task: {A35BF7FE-A6E2-4846-8D87-80206AA0C0D4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BatteryStatusError (No File)
Task: {F0FBACB1-AC64-4BFB-ADBC-C971A9ABC900} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BatteryStatusTest (No File)
Task: {77F82DB2-A5F1-4B46-9B3D-2ECADF2E04EB} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BCF (No File)
Task: {6379361D-B6BE-47DD-87A7-04A63B48DA0D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BHM1 (No File)
Task: {D8A9AFB4-4DE7-4A6C-8C4A-02C553012427} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BHM2 (No File)
Task: {CEA9F6E4-5B0E-43F9-B5E8-4BC91B791528} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -LaunchUI (No File)
Task: {71F627A4-E4F6-45D7-B7D7-B1082FA10231} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe (No File)
Task: {316B4090-638D-4F93-9D29-492975773016} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -SmartCheckError (No File)
Task: {C569EA73-DE78-40F2-8F02-D7AC7FDBE04B} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -SmartCheckTest (No File)
Task: {55D2A885-A7E5-4263-8526-1868AAE09060} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [703536 2023-10-30] (HP Inc. -> HP Inc.)
Task: {AAACCBFF-6806-4E1F-9A35-F782EA8D6733} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-10-30] (HP Inc. -> HP Inc.)
Task: {4260AB6D-13B9-400D-9247-A771B512AE25} - System32\Tasks\iTop BF Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopbfp23.exe" /bf (No File)
Task: {05557EA5-D785-4FFF-BBD8-FCF9F852D894} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {E5BDFA4C-7044-492E-9CD0-19DC78E0EA09} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF53FB6E-5836-44ED-AD8A-06944672C6CB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305744 2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4A75C33-928A-49EA-8925-69FBD5CD975F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305744 2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2FE3589-55E8-4EFD-AB9D-E1CC4162C32E} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170048 2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {CA1F2213-5C41-4484-A7D7-EF3B8F5F9DE3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {BA1D94E9-6988-4711-B58A-C31AED7BAA14} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {63C5145F-3A00-4931-880D-4A9C7128A7EB} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4189064 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {244E4497-8925-444F-93FE-C53286925986} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3412725004-164030467-415606481-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4189064 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B90F944C-1438-47BC-92F6-70BF5DCEA5A8} - System32\Tasks\Sump Task (One-Time) => "C:\Program Files (x86)\IObit\IObit Uninstaller\sump.exe" /sup2 (No File)
Task: {670339E4-1306-47E6-BB53-FCDE71006426} - System32\Tasks\Uninstaller_SkipUac_jtrac => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [9909256 2023-12-04] (IObit CO., LTD -> IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON L3210 Series Update {66AAEAEE-0415-4056-9425-BC66E1AB62F2}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSYXE.EXE:/EXE:{66AAEAEE-0415-4056-9425-BC66E1AB62F2} /F:UpdateWORKGROUP\DESKTOP-1TH6EDE$ÄŠSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{41766173-7453-6f66-7477-617265415357}: [NameServer] 100.126.0.1
Tcpip\..\Interfaces\{7e9039e2-cc16-4442-b67a-0fc547256861}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{7e9039e2-cc16-4442-b67a-0fc547256861}: [DhcpDomain] homerouter.cpe
Tcpip\..\Interfaces\{ae73a1ed-eef8-4d13-93dd-2c7aa71dd787}: [NameServer] 100.120.194.1

Edge:
=======
Edge Profile: C:\Users\jtrac\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-30]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2022-05-09] [Legacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-01-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-12-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1653.5\npAvastBrowserUpdate3.dll [2023-11-23] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1653.5\npAvastBrowserUpdate3.dll [2023-11-23] (Avast Software s.r.o. -> AVAST Software)

Chrome:
=======
CHR Profile: C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default [2024-01-16]
CHR DownloadDir: D:\DOWN
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://movie-download.cz; hxxps://www.darekvakci.cz; hxxps://www.facebook.com; hxxps://www.tsbohemia.cz
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-01-10]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2023-11-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-12]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-11-23]
CHR Extension: (FormApps Extension) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2022-11-21]
CHR Extension: (HP Network Check Launcher) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2022-02-03]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2022-02-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\jtrac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.15.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe [1058032 2019-07-30] (ABBYY Production LLC -> ABBYY Production LLC)
S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [9065880 2023-12-22] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-11-23] (Avast Software s.r.o. -> AVAST Software)
R2 Avast BreachGuard Service; C:\Program Files\Avast Software\BreachGuard\bgsvc.exe [8364952 2024-01-10] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [753048 2023-12-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2335128 2023-12-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1157528 2023-12-22] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [191120 2023-11-23] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\120.0.23505.199\elevation_service.exe [1847216 2024-01-04] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-11-23] (Avast Software s.r.o. -> AVAST Software)
S4 Backupper Service; C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe [1102320 2023-10-30] (AOMEI International Network Limited -> AOMEI International Network Limited)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [18267032 2023-11-22] (Avast Software s.r.o. -> AVAST Software)
S4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13777080 2024-01-05] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2021-06-21] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S4 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.225.1026.0001\FileSyncHelper.exe [3476368 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [887848 2023-10-30] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [886824 2023-10-30] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [882728 2023-10-30] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [886824 2023-10-30] (HP Inc. -> HP Inc.)
S4 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [167432 2023-11-09] (IObit CO., LTD -> IObit)
S4 NativePushService; C:\Users\jtrac\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [594320 2023-02-22] (Wondershare Technology Group Co.,Ltd -> Wondershare)
S4 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.225.1026.0001\OneDriveUpdaterService.exe [3842480 2022-11-21] (Microsoft Corporation -> Microsoft Corporation)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [11913112 2024-01-16] (Avast Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S3 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\120.0.2210.61\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2019-05-14] (CHENGDU AOMEI Tech Co., Ltd. -> )
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [172928 2023-11-25] (AOMEI International Network Limited -> )
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [32176 2023-11-25] (AOMEI International Network Limited -> )
S3 ANVSOFT_WaveExtensible; C:\WINDOWS\system32\drivers\ammvrtaudio.sys [38048 2019-12-24] (深圳市安韦尔软件技术有限公司 -> )
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [243136 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [394008 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297984 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [96064 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [26616 2023-11-23] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39752 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [276848 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [561888 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105352 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80528 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [952856 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [711664 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [213296 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319672 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [78632 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Avast Software)
R3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [40832 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Avast Software)
R3 aswWireGuard; C:\WINDOWS\System32\drivers\aswWireguard.sys [174480 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Avast Software)
R1 cbfsfilter2017; C:\WINDOWS\system32\drivers\cbfsfilter2017.sys [360680 2020-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
R1 cbfsprocess2017; C:\WINDOWS\system32\drivers\cbfsprocess2017.sys [62480 2019-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2021-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2021-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [41536 2022-08-17] (Microsoft Windows Hardware Compatibility Publisher -> IObit Information Technology)
R3 NmPar; C:\WINDOWS\system32\DRIVERS\NmPar.sys [95744 2022-02-24] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [469288 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz150; \??\C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-16 13:50 - 2024-01-16 13:50 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2024-01-16 13:49 - 2024-01-16 13:49 - 000525416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-01-16 13:49 - 2024-01-16 13:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-01-16 13:24 - 2024-01-16 13:24 - 000004050 _____ C:\Users\jtrac\OneDrive\Plocha\AdwCleaner[C00].txt
2024-01-16 13:17 - 2024-01-16 13:23 - 000000000 ____D C:\AdwCleaner
2024-01-16 12:26 - 2024-01-16 12:26 - 000002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2024-01-16 12:19 - 2024-01-16 12:19 - 000022410 _____ C:\Users\jtrac\OneDrive\Plocha\AddFRST.rar
2024-01-16 12:13 - 2024-01-16 12:14 - 000051166 _____ C:\Users\jtrac\OneDrive\Plocha\Addition.txt
2024-01-16 12:11 - 2024-01-16 13:52 - 000034550 _____ C:\Users\jtrac\OneDrive\Plocha\FRST.txt
2024-01-16 12:09 - 2024-01-16 12:10 - 002389504 _____ (Farbar) C:\Users\jtrac\OneDrive\Plocha\FRST64.exe
2024-01-13 08:37 - 2024-01-13 08:37 - 000001024 ____H C:\SYSTAG.BIN
2024-01-13 08:05 - 2024-01-13 08:19 - 000000000 ____D C:\ProgramData\SecTaskMan
2024-01-11 07:56 - 2024-01-11 07:56 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-01-11 07:55 - 2024-01-16 12:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2024-01-11 07:55 - 2024-01-11 07:55 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2024-01-11 07:55 - 2024-01-11 07:55 - 000002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2024-01-11 07:55 - 2024-01-11 07:55 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-01-11 07:55 - 2024-01-11 07:55 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype pro firmy.lnk
2024-01-11 07:55 - 2024-01-11 07:55 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2024-01-11 07:55 - 2024-01-11 07:55 - 000000000 ___HD C:\$WinREAgent
2024-01-10 07:32 - 2024-01-10 07:32 - 000000000 ____D C:\ProgramData\Norton
2024-01-10 07:31 - 2024-01-10 07:31 - 000000020 _____ C:\Users\jtrac\OneDrive\Plocha\vypnutiPC.txt
2024-01-08 14:06 - 2024-01-08 14:18 - 000000760 _____ C:\Users\jtrac\OneDrive\Plocha\soustruh.txt
2024-01-08 08:36 - 2024-01-08 09:03 - 000000000 ____D C:\Users\jtrac\AppData\Local\OO Software
2024-01-08 08:36 - 2024-01-08 08:36 - 001972592 _____ (O&O Software GmbH) C:\Users\jtrac\Downloads\oo-lanytix-1.0.1340-installer.exe
2024-01-08 08:16 - 2020-03-22 10:29 - 000016768 _____ (Callback Technologies, Inc.) C:\WINDOWS\system32\cbfsprocessevtmsg.dll
2024-01-08 08:15 - 2024-01-08 08:24 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\LMTAntiMalware
2024-01-08 08:15 - 2024-01-08 08:15 - 000000000 ____D C:\Users\jtrac\AppData\Local\Le_Minh_Thanh
2024-01-08 08:15 - 2024-01-08 08:15 - 000000000 ____D C:\Program Files\Le Minh Thanh
2024-01-06 12:07 - 2024-01-06 12:47 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\dvdcss
2024-01-05 09:29 - 2024-01-15 09:25 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-01-05 09:28 - 2024-01-05 09:28 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-01-04 14:26 - 2009-09-03 12:08 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2024-01-04 14:26 - 2009-09-03 12:08 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2024-01-02 07:45 - 2024-01-02 07:45 - 000000000 ____D C:\Users\jtrac\.ms-ad
2023-12-30 07:01 - 2023-12-30 07:04 - 000000000 ____D C:\Users\jtrac\AppData\Local\Webshare
2023-12-26 14:39 - 2023-12-26 14:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIOT
2023-12-26 14:39 - 2023-12-26 14:39 - 000000000 ____D C:\Program Files\Riot
2023-12-25 09:43 - 2023-12-25 09:43 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\EurekaLab s.a.s
2023-12-22 10:03 - 2024-01-15 07:39 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-12-22 10:03 - 2023-12-22 10:03 - 000314264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-12-21 14:02 - 2024-01-15 15:56 - 000002646 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_jtrac
2023-12-21 14:02 - 2023-12-21 14:02 - 000001436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2023-12-20 08:21 - 2023-12-20 08:21 - 000000000 ___HD C:\$AV_ASW
2023-12-20 08:15 - 2023-12-20 08:15 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\ChemTable Software
2023-12-20 08:14 - 2023-12-20 08:15 - 000000000 ____D C:\Users\jtrac\AppData\Local\ChemTable Software
2023-12-19 08:59 - 2023-12-19 08:59 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\Eusing
2023-12-19 08:38 - 2023-12-19 08:38 - 000000000 ____D C:\Users\jtrac\AppData\LocalLow\Temp
2023-12-19 08:30 - 2023-12-19 08:37 - 000000000 ____D C:\Program Files (x86)\SlimComputer

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-16 13:51 - 2022-11-22 11:09 - 000000000 ____D C:\FRST
2024-01-16 13:51 - 2022-02-03 14:10 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-16 13:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-16 13:50 - 2022-02-03 16:02 - 000000000 ____D C:\Users\jtrac\OneDrive\Plocha\SYSTEM
2024-01-16 13:50 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-01-16 13:49 - 2023-11-25 09:54 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-16 13:49 - 2023-11-22 15:55 - 000000000 ____D C:\ProgramData\Avast Software
2024-01-16 13:49 - 2022-02-03 14:02 - 000000000 __SHD C:\Users\jtrac\IntelGraphicsProfiles
2024-01-16 13:49 - 2020-11-19 00:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-01-16 13:49 - 2020-11-18 23:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-01-16 13:49 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-01-16 13:23 - 2022-04-21 11:19 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\Hewlett-Packard
2024-01-16 13:23 - 2022-02-26 09:36 - 000000000 ____D C:\Program Files\EPSON
2024-01-16 13:23 - 2022-02-10 07:49 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-01-16 13:23 - 2022-02-10 07:48 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-01-16 13:23 - 2022-02-04 08:11 - 000000000 ____D C:\Users\jtrac\AppData\LocalLow\IObit
2024-01-16 13:23 - 2022-02-04 08:09 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\IObit
2024-01-16 13:23 - 2022-02-04 08:09 - 000000000 ____D C:\ProgramData\IObit
2024-01-16 13:23 - 2022-02-03 13:50 - 000000000 ____D C:\ProgramData\EPSON
2024-01-16 12:26 - 2022-03-09 08:36 - 000000000 ____D C:\Program Files\Microsoft Office
2024-01-16 12:10 - 2022-03-04 15:48 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\calibre
2024-01-16 12:10 - 2022-02-28 09:18 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\Microsoft\Excel
2024-01-16 07:53 - 2022-02-28 14:23 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-01-16 07:26 - 2023-11-23 07:44 - 000002516 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2024-01-15 15:56 - 2022-02-28 09:23 - 000000000 ____D C:\Users\jtrac\AppData\Local\D3DSCache
2024-01-15 15:56 - 2022-02-03 15:12 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\vlc
2024-01-15 15:36 - 2023-11-23 07:57 - 000000000 ____D C:\ProgramData\ProductData3
2024-01-15 08:59 - 2022-02-03 14:47 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\Microsoft\Word
2024-01-13 08:44 - 2022-02-04 09:01 - 000000000 ____D C:\ProgramData\AomeiBR
2024-01-13 08:37 - 2023-11-23 08:44 - 000000432 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2024-01-13 08:37 - 2022-02-03 16:41 - 000001144 _____ C:\WINDOWS\SysWOW64\AbBakConfig.dat
2024-01-13 08:28 - 2022-03-09 07:43 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-01-13 08:21 - 2022-02-21 08:56 - 000000000 ____D C:\Users\jtrac\AppData\Local\JDownloader 2.0
2024-01-13 08:20 - 2022-02-16 11:20 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\uTorrent
2024-01-13 08:09 - 2023-12-14 09:19 - 000002808 _____ C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (jtrac)
2024-01-13 08:09 - 2023-12-14 09:19 - 000002630 _____ C:\WINDOWS\system32\Tasks\Driver Booster Scheduler
2024-01-13 08:09 - 2023-12-14 09:19 - 000002616 _____ C:\WINDOWS\system32\Tasks\Driver Booster Update
2024-01-12 10:54 - 2022-02-04 08:10 - 000000000 ____D C:\ProgramData\ProductData
2024-01-11 07:58 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-10 10:57 - 2022-02-10 08:21 - 000000000 ____D C:\Users\jtrac\AppData\Local\calibre-cache
2024-01-10 09:29 - 2020-11-19 00:55 - 001694140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-01-10 09:29 - 2019-12-07 15:43 - 000717008 _____ C:\WINDOWS\system32\perfh005.dat
2024-01-10 09:29 - 2019-12-07 15:43 - 000145186 _____ C:\WINDOWS\system32\perfc005.dat
2024-01-10 09:21 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-01-10 09:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-01-10 09:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-01-10 09:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-01-10 09:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-01-10 09:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-01-10 07:55 - 2022-03-09 07:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-01-10 07:51 - 2022-02-03 17:27 - 189718008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-01-10 07:36 - 2022-02-03 14:10 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-01-10 07:34 - 2023-11-23 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-01-10 07:34 - 2023-11-23 10:27 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-01-09 16:32 - 2022-03-04 09:02 - 000000000 ____D C:\Users\jtrac\OneDrive\Dokumenty\Vlastní šablony Office
2024-01-09 16:31 - 2022-02-09 20:45 - 000000000 ____D C:\Users\jtrac\OneDrive\Plocha\BOOK
2024-01-09 15:56 - 2023-11-25 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2024-01-09 15:55 - 2022-03-04 08:46 - 000000000 ____D C:\Program Files\Calibre2
2024-01-08 09:09 - 2022-02-03 14:02 - 000000000 ____D C:\Users\jtrac\AppData\Local\Packages
2024-01-06 12:47 - 2022-02-04 10:26 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\MyPhoneExplorer
2024-01-05 09:29 - 2022-02-16 19:42 - 000000000 ____D C:\Users\jtrac\AppData\LocalLow\Adobe
2024-01-04 14:41 - 2022-02-03 16:02 - 000000000 ____D C:\Users\jtrac\OneDrive\Plocha\JURA
2024-01-04 14:26 - 2022-02-10 07:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplikace MB
2024-01-02 09:42 - 2022-02-03 15:21 - 000000000 ____D C:\Program Files (x86)\epson
2024-01-02 07:45 - 2022-02-09 12:24 - 000000000 ____D C:\Users\jtrac
2023-12-29 14:56 - 2022-11-21 15:04 - 000000000 ____D C:\Users\All Users
2023-12-29 14:55 - 2022-02-09 14:51 - 000000000 ____D C:\temp
2023-12-29 14:15 - 2022-04-16 11:45 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\Similarity
2023-12-29 14:15 - 2022-02-10 08:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey 5
2023-12-26 14:40 - 2022-02-03 16:02 - 000000000 ____D C:\Users\jtrac\OneDrive\Plocha\GRAFIKA
2023-12-25 15:00 - 2022-02-09 12:06 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\avidemux
2023-12-25 11:50 - 2022-02-09 20:45 - 000000000 ____D C:\Users\jtrac\OneDrive\Plocha\MEDIA
2023-12-25 11:46 - 2022-02-10 08:08 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\MediaMonkey5
2023-12-25 09:43 - 2022-02-10 08:07 - 000000000 ____D C:\Program Files (x86)\MediaMonkey 5
2023-12-22 10:03 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-12-21 14:02 - 2022-02-04 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2023-12-21 14:01 - 2022-02-09 15:14 - 000000000 ____D C:\ProgramData\Package Cache
2023-12-20 09:03 - 2023-11-23 09:05 - 000000000 ____D C:\Users\jtrac\AppData\Local\CrashDumps
2023-12-20 09:03 - 2022-05-26 07:22 - 000000000 ____D C:\Users\jtrac\AppData\Roaming\Mp3tag

==================== FLock ==============================

2020-09-23 09:17 C:\Users\jtrac\OneDrive\Plocha\Boomerang Coffee Roastery.docx
2020-02-10 09:41 C:\Users\jtrac\OneDrive\Plocha\Platby BC_2020.docx
2022-06-30 10:14 C:\Users\jtrac\OneDrive\Plocha\prestavka.docx

==================== FCheck ================================

(If an entry is included in the fixlist, the file/folder will be moved.)

FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2022-02-04] <==== ATTENTION (zero byte File/Folder)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

[Rudy]

OK, děkuji. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [286]
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
E:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\SyncAppvPublishingServer.vbs
F:\INSTALPRAC\SYSTEM\KSM.Aktivator.Office2017.exe
D:\INSTALPRAC\GRAFIKA\Master PDF Editor 5.8.03 (x64)FUN\Master PDF Editor 5.8.03 (x64)FUN.rar
D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
D:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {84354AC7-6400-4A9D-BF0B-3933B27FBAA1} - System32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {A9EF7BA9-7403-4286-AADB-5A727492FDB2} - System32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {5FFE0637-8C50-48C9-84AC-6E52329E21A0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -ABO (No File)
Task: {A35BF7FE-A6E2-4846-8D87-80206AA0C0D4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BatteryStatusError (No File)
Task: {F0FBACB1-AC64-4BFB-ADBC-C971A9ABC900} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BatteryStatusTest (No File)
Task: {77F82DB2-A5F1-4B46-9B3D-2ECADF2E04EB} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BCF (No File)
Task: {6379361D-B6BE-47DD-87A7-04A63B48DA0D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BHM1 (No File)
Task: {D8A9AFB4-4DE7-4A6C-8C4A-02C553012427} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BHM2 (No File)
Task: {CEA9F6E4-5B0E-43F9-B5E8-4BC91B791528} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -LaunchUI (No File)
Task: {71F627A4-E4F6-45D7-B7D7-B1082FA10231} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe (No File)
Task: {316B4090-638D-4F93-9D29-492975773016} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -SmartCheckError (No File)
Task: {C569EA73-DE78-40F2-8F02-D7AC7FDBE04B} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -SmartCheckTest (No File)
Task: {4260AB6D-13B9-400D-9247-A771B512AE25} - System32\Tasks\iTop BF Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopbfp23.exe" /bf (No File)
Task: {CA1F2213-5C41-4484-A7D7-EF3B8F5F9DE3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {BA1D94E9-6988-4711-B58A-C31AED7BAA14} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {B90F944C-1438-47BC-92F6-70BF5DCEA5A8} - System32\Tasks\Sump Task (One-Time) => "C:\Program Files (x86)\IObit\IObit Uninstaller\sump.exe" /sup2 (No File)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\SysWOW64\version_IObitDel.dll

EmptyTemp:
Hosts:
End

Uložte do C:\Users\jtrac\OneDrive\Plocha jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[devet]

Rudy
tohle vypadlo
Fix result of Farbar Recovery Scan Tool (x64) Version: 16.01.2024
Ran by jtrac (16-01-2024 15:59:59) Run:1
Running from C:\Users\jtrac\OneDrive\Plocha
Loaded Profiles: jtrac
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [286]
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
E:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\SyncAppvPublishingServer.vbs
F:\INSTALPRAC\SYSTEM\KSM.Aktivator.Office2017.exe
D:\INSTALPRAC\GRAFIKA\Master PDF Editor 5.8.03 (x64)FUN\Master PDF Editor 5.8.03 (x64)FUN.rar
D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe
D:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {84354AC7-6400-4A9D-BF0B-3933B27FBAA1} - System32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {A9EF7BA9-7403-4286-AADB-5A727492FDB2} - System32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-03] (Google LLC -> Google LLC)
Task: {5FFE0637-8C50-48C9-84AC-6E52329E21A0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -ABO (No File)
Task: {A35BF7FE-A6E2-4846-8D87-80206AA0C0D4} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BatteryStatusError (No File)
Task: {F0FBACB1-AC64-4BFB-ADBC-C971A9ABC900} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BatteryStatusTest (No File)
Task: {77F82DB2-A5F1-4B46-9B3D-2ECADF2E04EB} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BCF (No File)
Task: {6379361D-B6BE-47DD-87A7-04A63B48DA0D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BHM1 (No File)
Task: {D8A9AFB4-4DE7-4A6C-8C4A-02C553012427} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -BHM2 (No File)
Task: {CEA9F6E4-5B0E-43F9-B5E8-4BC91B791528} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -LaunchUI (No File)
Task: {71F627A4-E4F6-45D7-B7D7-B1082FA10231} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe (No File)
Task: {316B4090-638D-4F93-9D29-492975773016} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -SmartCheckError (No File)
Task: {C569EA73-DE78-40F2-8F02-D7AC7FDBE04B} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe -SmartCheckTest (No File)
Task: {4260AB6D-13B9-400D-9247-A771B512AE25} - System32\Tasks\iTop BF Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopbfp23.exe" /bf (No File)
Task: {CA1F2213-5C41-4484-A7D7-EF3B8F5F9DE3} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (No File)
Task: {BA1D94E9-6988-4711-B58A-C31AED7BAA14} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (No File)
Task: {B90F944C-1438-47BC-92F6-70BF5DCEA5A8} - System32\Tasks\Sump Task (One-Time) => "C:\Program Files (x86)\IObit\IObit Uninstaller\sump.exe" /sup2 (No File)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\SysWOW64\version_IObitDel.dll

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\ProgramData\TEMP => ":4FC01C57" ADS removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
"E:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe" => not found
C:\Windows\System32\wscript.exe => moved successfully
C:\Windows\System32\SyncAppvPublishingServer.vbs => moved successfully
"F:\INSTALPRAC\SYSTEM\KSM.Aktivator.Office2017.exe" => not found
D:\INSTALPRAC\GRAFIKA\Master PDF Editor 5.8.03 (x64)FUN\Master PDF Editor 5.8.03 (x64)FUN.rar => moved successfully
"D:\INSTALPRAC\POMOCSYS\Beyond Compare 4.3.4\Portable\App\BCompare\BCompare.exe" => not found
"D:\INSTALPRAC\POMOCSYS\SpyBot Search & Destroy\2.9.82\Patch\patch.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84354AC7-6400-4A9D-BF0B-3933B27FBAA1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84354AC7-6400-4A9D-BF0B-3933B27FBAA1}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{D9C9D66B-A728-49D4-8A19-A9BFF33BF4CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9EF7BA9-7403-4286-AADB-5A727492FDB2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9EF7BA9-7403-4286-AADB-5A727492FDB2}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{BE7608D0-0EC4-4A13-80C6-3ACB821F84C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FFE0637-8C50-48C9-84AC-6E52329E21A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FFE0637-8C50-48C9-84AC-6E52329E21A0}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\ABO" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A35BF7FE-A6E2-4846-8D87-80206AA0C0D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A35BF7FE-A6E2-4846-8D87-80206AA0C0D4}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\BatteryStatusError" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0FBACB1-AC64-4BFB-ADBC-C971A9ABC900}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0FBACB1-AC64-4BFB-ADBC-C971A9ABC900}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\BatteryStatusTest" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77F82DB2-A5F1-4B46-9B3D-2ECADF2E04EB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77F82DB2-A5F1-4B46-9B3D-2ECADF2E04EB}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\BCF" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6379361D-B6BE-47DD-87A7-04A63B48DA0D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6379361D-B6BE-47DD-87A7-04A63B48DA0D}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\BHM1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8A9AFB4-4DE7-4A6C-8C4A-02C553012427}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A9AFB4-4DE7-4A6C-8C4A-02C553012427}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\BHM2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEA9F6E4-5B0E-43F9-B5E8-4BC91B791528}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEA9F6E4-5B0E-43F9-B5E8-4BC91B791528}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\LaunchUI" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71F627A4-E4F6-45D7-B7D7-B1082FA10231}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71F627A4-E4F6-45D7-B7D7-B1082FA10231}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\ShowUI" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{316B4090-638D-4F93-9D29-492975773016}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{316B4090-638D-4F93-9D29-492975773016}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\SmartCheckError" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C569EA73-DE78-40F2-8F02-D7AC7FDBE04B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C569EA73-DE78-40F2-8F02-D7AC7FDBE04B}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Diagnostics\SmartCheckTest" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4260AB6D-13B9-400D-9247-A771B512AE25}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4260AB6D-13B9-400D-9247-A771B512AE25}" => removed successfully
C:\WINDOWS\System32\Tasks\iTop BF Task (One-Time) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTop BF Task (One-Time)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA1F2213-5C41-4484-A7D7-EF3B8F5F9DE3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA1F2213-5C41-4484-A7D7-EF3B8F5F9DE3}" => removed successfully
C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA1D94E9-6988-4711-B58A-C31AED7BAA14}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA1D94E9-6988-4711-B58A-C31AED7BAA14}" => removed successfully
C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B90F944C-1438-47BC-92F6-70BF5DCEA5A8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B90F944C-1438-47BC-92F6-70BF5DCEA5A8}" => removed successfully
C:\WINDOWS\System32\Tasks\Sump Task (One-Time) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Sump Task (One-Time)" => removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\WINDOWS\SysWOW64\version_IObitDel.dll => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11808242 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 41680 B
Windows/system/drivers => 6894332 B
Edge => 0 B
Chrome => 609371412 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4746 B
NetworkService => 4746 B
jtrac => 58221349 B

RecycleBin => 1814972 B
EmptyTemp: => 657.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:00:34 ====

[Rudy]

Bylo smazáno, log by již měl být OK. Ty výhrůžky vám může posílat kdokoliv. Také se mi to už stalo. Většinou to samo odejde, resp. odesilatele to přestane bavit. Pokud si myslíte, že se vám někdo vloupal např. do mailu, změňte heslo.

[devet]

Rudy,
moc děkuji. Forum púodpořím.
Přeji báječný den a hezkou oslavu narozenin.
juráš

[Rudy]

Rádo se stalo a za příspěvek děkujeme. Narozky mám až na podzim.