Odstranění adwaru gestyy.com a libittarc.com

Zpráva

haddaniel · #1 Příspěvek od **haddaniel** » 28 úno 2022 16:46

Po spuštění PC se spouští dvě adwarové stránky, prosím o pomoc při jejich odstranění.

#2 Příspěvek od **Rudy** » 28 úno 2022 16:51

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

haddaniel · #3 Příspěvek od **haddaniel** » 01 bře 2022 10:11

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by Daniel (28-02-2022 15:19:23)
Running from C:\Users\Daniel\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) (2021-05-31 05:44:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2135673099-4067616780-898855417-500 - Administrator - Disabled)
Daniel (S-1-5-21-2135673099-4067616780-898855417-1001 - Administrator - Enabled) => C:\Users\Daniel
DefaultAccount (S-1-5-21-2135673099-4067616780-898855417-503 - Limited - Disabled)
Guest (S-1-5-21-2135673099-4067616780-898855417-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2135673099-4067616780-898855417-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.20) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.70.2224, 22.07.2020 - AIMP DevTeam)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{a2caa706-dce2-4c91-8d46-b52a3c260b20}) (Version: 21.10.1 - Intel Corporation)
AutoCAD Open in Desktop (HKLM\...\{1C66A0B0-784E-4777-97B3-93F843D1C8CF}) (Version: 1.0.20.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{9C2E49CB-F671-47EC-8093-CC1A8749A92A}) (Version: 3.2.1 - Autodesk)
Autodesk AutoCAD 2022 - English (HKLM\...\{1E7D4EF7-A28E-3D3E-BA3C-C6FAE4AAB2E0}) (Version: 24.1.154.0 - Autodesk, Inc.)
Autodesk AutoCAD 2022 Language Pack – Čeština (Czech) (HKLM\...\{B914E66E-BDF2-3DB2-ADDC-782AC4A48F1F}) (Version: 24.1.51.0 - Autodesk, Inc.)
Autodesk AutoCAD 2022.0.1 Update (HKLM\...\{49F99129-F161-339D-860F-071F6FD0A47B}) (Version: 24.1.74.0 - Autodesk, Inc.) Hidden
Autodesk AutoCAD 2022.1.1 Update (HKLM\...\{F4B1542F-3F3E-3BAB-8938-9036045A627F}) (Version: 24.1.154.0 - Autodesk, Inc.)
Autodesk Download Manager (HKLM-x32\...\{402BEAF1-A9F1-4D40-85B4-4F43D0D0EA27}) (Version: 6.3.181.0 - Autodesk, Inc.)
Autodesk Genuine Service (HKLM\...\{879EB006-4A55-4873-8BC5-2183B2B5E0F5}) (Version: 4.1.2.25 - Autodesk)
Autodesk Material Library 2022 (HKLM-x32\...\{A9221A68-5AD0-4215-B54F-CB5DBA4FB27C}) (Version: 20.3.7.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2022 (HKLM-x32\...\{6256584F-B04B-41D4-8A59-44E70940C473}) (Version: 20.3.7.0 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{B9F5BDED-021C-4926-8518-4FA7114B7040}) (Version: 12.3.3.1803 - Autodesk)
CCleaner (HKLM\...\CCleaner) (Version: 5.90 - Piriform)
f.lux (HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\Flux) (Version: - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.102 - Google LLC)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1045 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0118 - Lenovo)
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM-x32\...\{4714dd0a-ebab-4f59-a708-f8d7a793b3f5}) (Version: 3.1.10.29419 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.14827.20198 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 - Shared Framework (HKLM-x32\...\{6efe3294-03d8-4977-9c67-9f57ab075130}) (Version: 3.1.10.20520 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 98.0.1108.62 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.022.0130.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\Teams) (Version: 1.4.00.35564 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{16E50919-B07A-4B4E-994A-476D4773F5BF}) (Version: 3.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29112 (HKLM-x32\...\{be826f5f-eda5-45a2-a3fe-c2cb5c1b9842}) (Version: 14.27.29112.0 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 425.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 425.91 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 425.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.91 - NVIDIA Corporation)
NVIDIA WMI 2.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.33.0 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM\...\{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{A6668863-B0A3-4812-AAF2-E47749ECFE0E}) (Version: 3.3.00.145 - O2Micro International LTD.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20198 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14827.20198 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PDF Tools (HKLM-x32\...\{dbec7754-0ae7-4959-bb4a-ae9e5b8bcbdb}) (Version: 8.0.335.0 - Tracker Software Products (Canada) Ltd.)
PDF-Tools (HKLM\...\{8DE91F5F-2716-4428-BB77-6E76757323F8}) (Version: 8.0.335.0 - Tracker Software Products (Canada) Ltd.) Hidden
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.2.0.34 - Autodesk)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8907.1 - Realtek Semiconductor Corp.)
SafeQ (HKLM-x32\...\SafeQ) (Version: 0.91 - VŠB-TUO)
Speciální aplikace Autodesk (HKLM-x32\...\{46EA8955-D629-4B3E-AAF0-D136031D7C95}) (Version: 3.2.1 - Autodesk)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.7174 - Microsoft Corporation)
Uložit do služby Autodesk Web and Mobile (HKLM\...\{192B349F-C3F7-4BBE-B49E-00DD4BD28373}) (Version: 3.0.29 - Autodesk) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-28] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-06-21] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.2180.0_x64__8wekyb3d8bbwe [2022-02-24] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2135673099-4067616780-898855417-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21328.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2135673099-4067616780-898855417-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2135673099-4067616780-898855417-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2135673099-4067616780-898855417-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2135673099-4067616780-898855417-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2022\cs-CZ\acadficn.dll (Autodesk Asia Pte. Ltd. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2021-01-29] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2021-01-29] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-06-21] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2021-06-21] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncShell64.dll [2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-07-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-02-28 09:37 - 2019-12-23 10:46 - 000911360 _____ () [File not signed] C:\Windows\System32\SafeQCairoLib64.dll
2022-02-28 09:37 - 2019-12-23 10:46 - 004889600 _____ () [File not signed] C:\Windows\System32\SAFEQVS64.DLL
2022-02-28 09:37 - 2019-12-23 10:46 - 000005632 _____ (Y Soft Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Y Soft\SafeQ Client\Client\cs-CZ\SafeQ Client.resources.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2135673099-4067616780-898855417-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\sharepoint.com -> hxxps://vsb-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\dotnet\
HKU\S-1-5-21-2135673099-4067616780-898855417-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img3.jpg
DNS Servers: 158.196.0.53 - 158.196.99.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKLM\...\StartupApproved\Run32: => "IMSS"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A0E69A99-2F84-42BD-87E3-1C2AE7CDA129}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{BFA9EC0B-28D0-41E3-96B8-FF3DD292E52B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{ECA64E44-2E95-4005-8B14-184E0EC3CCC5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{BA128F2E-7302-47C4-8120-1753343D3A88}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07E75148-0EDC-4CE5-B45A-97AB7AEBD4F5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2AD68E74-BDEE-473E-B516-920180D73DDA}C:\hry\metro 2033 - redux\metro.exe] => (Allow) C:\hry\metro 2033 - redux\metro.exe => No File
FirewallRules: [UDP Query User{F0C227CB-AFD5-4BAF-B141-1150352F9EB6}C:\hry\metro 2033 - redux\metro.exe] => (Allow) C:\hry\metro 2033 - redux\metro.exe => No File
FirewallRules: [TCP Query User{FD78749C-DF18-4F37-AE12-1A6B57CD26C1}C:\program files (x86)\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\call of duty - world at war\codwaw.exe => No File
FirewallRules: [UDP Query User{F6B36262-E66C-4F10-983C-BCD58A83ADF2}C:\program files (x86)\call of duty - world at war\codwaw.exe] => (Allow) C:\program files (x86)\call of duty - world at war\codwaw.exe => No File
FirewallRules: [{2A09B73A-40DD-49E0-A943-90D8645CA7B0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C6E86EA2-359F-4BA8-AE1B-585D7B5A1C34}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B4985D4B-A00D-4102-8AF4-3BD8AAED8F48}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8AE82A79-A7F9-48E3-A6AD-E622F117A10C}C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe] => (Allow) C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe => No File
FirewallRules: [UDP Query User{9E539E13-755B-49FF-8838-7A9D4F8405C5}C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe] => (Allow) C:\gog games\stronghold crusader 2\bin\win32_galaxy_release\crusader2.exe => No File
FirewallRules: [{AAF9CB3B-17CC-4AFF-B1C6-B59B0889771B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A66C106-348F-4954-82D4-B35EF9432B88}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{49DCBA80-CAAC-4C1D-8B09-28791962941F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F0E02B10-B77E-4A77-B121-C62919D18CF5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3F51FE9-E845-4C76-8557-D541319036E7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{376FC6C3-6CE9-4CD7-8317-5277C2638DA9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

10-02-2022 01:52:06 Instalační služba modulů systému Windows
19-02-2022 13:20:37 Naplánovaný kontrolní bod
26-02-2022 22:24:34 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/28/2022 03:08:21 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (02/28/2022 09:39:40 AM) (Source: SafeQPort) (EventID: 1) (User: )
Description: Job owner identification failed, using original user name from job

Error: (02/22/2022 05:41:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ShellExperienceHost.exe, verze: 10.0.19041.1320, časové razítko: 0xe78af3dd
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.1503, časové razítko: 0xb2acaea9
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000010b382
ID chybujícího procesu: 0x2838
Čas spuštění chybující aplikace: 0x01d8223369484f02
Cesta k chybující aplikaci: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\KERNELBASE.dll
ID zprávy: f6de344e-ba9b-43b2-8bbb-5bf38c30c0e7
Úplný název chybujícího balíčku: Microsoft.Windows.ShellExperienceHost_10.0.19041.1320_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: App

Error: (02/18/2022 08:58:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SearchApp.exe verze 10.0.19041.1503 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 6e8

Čas spuštění: 01d822341483a3da

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

ID hlášení: 69857c0f-db18-4bd4-9d8d-43f4681bc0a9

Úplný název balíčku s chybou: Microsoft.Windows.Search_1.14.3.19041_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: ShellFeedsUI

Typ zablokování: Navigation

Error: (02/10/2022 02:06:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (02/10/2022 02:06:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (02/10/2022 02:06:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (02/10/2022 02:06:40 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

System errors:
=============
Error: (02/28/2022 02:48:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Autodesk Desktop Licensing Service neuspěla při spuštění v důsledku následující chyby:
Služba nebyla zahájena, protože se nepodařilo přihlásit.

Error: (02/28/2022 02:48:29 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba AdskLicensingService se nemohla přihlásit jako NT AUTHORITY\LocalService s aktuálně konfigurovaným heslem z důvodu následující chyby:
Požadavek není podporován.

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (02/28/2022 02:48:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Autodesk Desktop Licensing Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (02/28/2022 02:24:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Autodesk Desktop Licensing Service neuspěla při spuštění v důsledku následující chyby:
Služba nebyla zahájena, protože se nepodařilo přihlásit.

Error: (02/28/2022 02:24:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba AdskLicensingService se nemohla přihlásit jako NT AUTHORITY\LocalService s aktuálně konfigurovaným heslem z důvodu následující chyby:
Požadavek není podporován.

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (02/28/2022 02:24:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Autodesk Desktop Licensing Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (02/24/2022 06:41:57 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-75DGSK6)
Description: Nelze spustit server DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. Došlo k chybě:
2147942767
při provádění příkazu:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/24/2022 06:20:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9NMPJ99VJBWV-Microsoft.YourPhone.

Windows Defender:
================Event[0]:

Date: 2022-02-13 21:28:36
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.357.399.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18900.2
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2022-02-10 00:09:42
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.357.350.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18900.2
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

Date: 2022-02-10 00:09:42
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.357.350.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.18900.2
Kód chyby: 0x80240022
Popis chyby: V daném programu nelze zkontrolovat aktualizace definic.

==================== Memory info ===========================

BIOS: LENOVO GNET93WW (2.41 ) 04/13/2020
Motherboard: LENOVO 20EGS0QG1V
Processor: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz
Percentage of memory in use: 24%
Total physical RAM: 16263.2 MB
Available physical RAM: 12275.55 MB
Total Virtual: 18695.2 MB
Available Virtual: 14348.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:167.16 GB) (Free:61.55 GB) NTFS

\\?\Volume{cf068650-b801-4ce4-8217-19613b983965}\ () (Fixed) (Total:0.39 GB) (Free:0.36 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 167.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

haddaniel · #4 Příspěvek od **haddaniel** » 01 bře 2022 10:12

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by Daniel (administrator) on DESKTOP-75DGSK6 (LENOVO 20EGS0QG1V) (28-02-2022 15:18:14)
Running from C:\Users\Daniel\Downloads
Loaded Profiles: Daniel
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\shtctky.exe
(DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tpnumlkd.exe
(DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tposd.exe
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\11.0.0.4854\AdskLicensingService\AdskLicensingService.exe
(services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe
(services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe <2>
(services.exe ->) (O2Micro -> BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <2>
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Y Soft Corporation, a.s. -> Y Soft Corporation) C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" (No File)
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe" (No File)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1203488 2016-12-05] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\ProgramData\Autodesk\Genuine Service\x64\GenuineService.exe [2483552 2021-01-07] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [668376 2021-05-11] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [109324536 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SafeQ Client] => C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [262328 2020-01-03] (Y Soft Corporation, a.s. -> Y Soft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2618248 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35646080 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\Run: [f.lux] => C:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe [1515848 2021-06-18] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2135673099-4067616780-898855417-1001\...\MountPoints2: {7561fbb7-d8b3-11eb-9e01-5891cfe38360} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2135673099-4067616780-898855417-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [39936 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\Windows\system32\pxcpmL.dll [2147072 2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\...\Print\Monitors\RICOH Language Monitor2: C:\Windows\system32\rc4mon64.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\...\Print\Monitors\SafeQ: C:\Windows\system32\SAFEQVS64.DLL [4889600 2019-12-23] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-17] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-24] () [File not signed] <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AC9258-D514-491C-A608-CBBCB30B9929} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\Schedule #1 created by enrollment client => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {04166A3E-75E2-4CAE-B535-C7B08CE19BE4} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2135673099-4067616780-898855417-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4158856 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {04ECBAFC-7CCF-4B08-B687-547CFDB64E80} - System32\Tasks\CCleanerSkipUAC - Daniel => C:\Program Files\CCleaner\CCleaner.exe [29764224 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0FF693F4-9018-4267-B0F2-97DB991D1F7D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\Schedule #2 created by enrollment client => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {1B9C72DD-C50E-4604-BF5F-6C5920912056} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\Schedule created by enrollment client for renewal of certificate warning => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {1CE51479-BBA5-4D2C-890B-DDB67B3CC60A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\OS Edition Upgrade event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {2126C148-7F57-47C5-95ED-FE3D13969809} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\Schedule to run OMADMClient by client => C:\Windows\system32\omadmclient.exe [438784 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {2FFA7A8E-E960-4690-8DB4-A5E3C75673CB} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [543536 2016-10-13] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {302FCD32-037C-4900-B266-84EA9F0E9F63} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\PushLaunch => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {4049FAB0-DD72-4DF5-B1E0-DDB4F3770BFF} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4158856 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {50719F62-C23F-4191-9340-B7A57B463A6C} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4190296 2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B04A768-95E6-45F1-B2A7-AA4390B782B1} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\PushRenewal => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {5CCC3B53-F7EC-4A4A-BC42-97D1B6BF97E5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2022-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D0116E0-A009-49DA-AC98-9676AECFE0C8} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\Provisioning initiated session => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {638E129F-3949-4CB7-BAC2-40B9EEE44420} - System32\Tasks\GoogleUpdateTaskMachineUA{54EBC1CD-A99E-44A9-B657-5B5182C784ED} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-05] (Google LLC -> Google LLC)
Task: {7745ECB2-FCDF-47FB-8021-BFDD92106156} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [114112 2021-12-02] (Lenovo -> Lenovo)
Task: {7CE12545-E3C8-4EC8-87E5-DF12D928260F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-02-14] (Piriform Software Ltd -> Piriform)
Task: {8158EE08-3D17-4650-B5ED-C004306AD39B} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\Passport for Work alert created by enrollment client => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {889FFCEF-926A-4435-A420-8317B0A2C206} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8573352 2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F6519E7-EEC1-4F9E-A05C-9DB647364044} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {92959FBD-2EDD-4372-86AE-B7B28E5E8F0C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\Schedule to run OMADMClient by server => C:\Windows\system32\omadmclient.exe [438784 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {989C0325-7B1D-4965-BFE3-27CB5AC41728} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {98F07A6B-EBD2-4771-8CC0-8C312423FFF0} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [63936 2021-12-02] (Lenovo -> )
Task: {AA081E03-BBF1-4046-A922-CD9DC638ADC7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8573352 2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {B8EAEA85-0360-4964-9C0E-A375836E34A2} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe -autostart (No File)
Task: {BBA61178-AE3D-4F7C-9FAD-DD370D0FBA6E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\Schedule #3 created by enrollment client => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {CC3C36DB-8132-453E-9CD0-472C2F6A099D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CDA68CE5-8B46-4273-BF16-C0492AD99284} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CE75983D-30C6-4C1D-B83E-43029C58D156} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [899056 2019-05-22] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D28577C0-49EA-4770-BA52-2ECE320B7F5B} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617568 2020-03-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {E89A3BBE-4EEF-48BA-BAD6-4904790E80B5} - System32\Tasks\GoogleUpdateTaskMachineCore{199CC8E4-2AD3-4261-9FA3-70486FA682C5} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-05] (Google LLC -> Google LLC)
Task: {E9144194-81C9-4445-A480-6C74E773A113} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22880136 2022-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {F22A416A-641F-4ABB-9F30-A3680CFD48D3} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\E7E7C7CF-C745-4D89-BFF9-640969CBD123\Win10 S Mode event listener created by enrollment client => C:\Windows\system32\deviceenroller.exe [448512 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {FA43421C-B84A-41E5-AC1F-4D867C6F185D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2022-02-20] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 158.196.0.53 158.196.99.166
Tcpip\..\Interfaces\{37b3fdfd-2fcd-4329-aad4-b63c2675a8ba}: [DhcpNameServer] 158.196.0.53 158.196.99.166
Tcpip\..\Interfaces\{e60e57c8-1405-4792-ae01-cbaef02d80ab}: [DhcpNameServer] 192.168.135.1 81.19.0.67 8.8.8.8

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Daniel\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-28]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-07-01] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-07-01] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.15 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2135673099-4067616780-898855417-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2135673099-4067616780-898855417-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2135673099-4067616780-898855417-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-12-16] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default [2022-02-28]
CHR StartupUrls: Default -> "hxxp://www.pulsetheworld.com/cz/jak-odstranit- ... ://newtab/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Prezentace) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-05]
CHR Extension: (Dokumenty) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-05]
CHR Extension: (Disk Google) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-05]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-05]
CHR Extension: (Tabulky) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-05]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-05]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1050920 2021-05-11] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82640 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [18673448 2020-11-17] (Autodesk, Inc. -> Autodesk)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12124536 2022-02-03] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncHelper.exe [3380616 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [4738952 2019-08-15] (NVIDIA Corporation -> NVIDIA Corporation)
R2 O2FLASH; C:\Windows\SysWOW64\drivers\o2flash.exe [82096 2015-05-21] (O2Micro -> BayHubTech/O2Micro International)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-05-05] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.022.0130.0001\OneDriveUpdaterService.exe [3851128 2022-02-26] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe [465200 2020-12-28] (Lenovo -> Lenovo Group Limited)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2x64.sys [201240 2015-05-21] (BayHub Technology Inc. -> BayHubTech/O2Micro)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
S3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [735744 2016-03-10] (Sunplus Innovation Technology Inc. -> Sunplus)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2022-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [438520 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-10] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-28 15:18 - 2022-02-28 15:18 - 000028590 _____ C:\Users\Daniel\Downloads\FRST.txt
2022-02-28 14:18 - 2022-02-28 14:18 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\Synaptics
2022-02-28 14:13 - 2022-02-28 14:13 - 000000000 ____D C:\Users\Daniel\AppData\Local\mbam
2022-02-28 14:10 - 2022-02-28 14:11 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-28 09:37 - 2022-02-28 09:37 - 000000158 _____ C:\Windows\system32\ricdb.ini
2022-02-28 09:37 - 2022-02-28 09:37 - 000000000 ____D C:\Users\Daniel\AppData\Local\TempSafeQ
2022-02-28 09:37 - 2022-02-28 09:37 - 000000000 ____D C:\Program Files (x86)\Y Soft
2022-02-28 09:37 - 2022-02-28 09:37 - 000000000 ____D C:\Program Files (x86)\SafeQ
2022-02-28 09:37 - 2019-12-23 10:46 - 004889600 _____ C:\Windows\system32\SAFEQVS64.DLL
2022-02-28 09:37 - 2019-12-23 10:46 - 000911360 _____ C:\Windows\system32\SafeQCairoLib64.DLL
2022-02-28 09:37 - 2019-12-23 10:46 - 000314368 _____ C:\Windows\system32\SAFEQ64UI.DLL
2022-02-28 09:37 - 2019-12-23 10:46 - 000001536 _____ C:\Windows\system32\SafeQEvent.dll
2022-02-10 01:58 - 2022-02-10 01:58 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-02-10 01:58 - 2022-02-10 01:58 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2022-02-10 01:58 - 2022-02-10 01:58 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2022-02-10 01:58 - 2022-02-10 01:58 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-02-10 01:58 - 2022-02-10 01:58 - 000011813 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-02-10 01:52 - 2022-02-10 01:52 - 000000000 ___HD C:\$WinREAgent
2022-02-08 22:40 - 2022-02-08 22:40 - 000000000 ____D C:\ProgramData\GOG.com
2022-02-08 22:37 - 2022-02-10 17:43 - 000000000 ____D C:\GOG Games
2022-02-05 16:46 - 2022-02-28 15:17 - 002312192 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2022-02-05 15:48 - 2022-02-28 15:18 - 000000000 ____D C:\FRST
2022-02-05 15:13 - 2022-02-17 01:19 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-05 15:13 - 2022-02-05 15:13 - 000000000 ____D C:\Program Files\Google
2022-02-05 15:12 - 2022-02-05 15:12 - 000003550 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{54EBC1CD-A99E-44A9-B657-5B5182C784ED}
2022-02-05 15:12 - 2022-02-05 15:12 - 000003426 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{199CC8E4-2AD3-4261-9FA3-70486FA682C5}
2022-02-05 13:07 - 2022-02-05 13:07 - 000000000 ____D C:\Windows\system32\appmgmt
2022-02-05 12:51 - 2022-02-05 16:16 - 000000140 _____ C:\Windows\Reimage.ini
2022-02-04 21:17 - 2022-02-04 21:17 - 000000000 ____D C:\ProgramData\Daniel

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-28 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-28 15:18 - 2021-06-04 11:06 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-28 15:08 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-02-28 14:53 - 2021-05-05 08:40 - 001694140 _____ C:\Windows\system32\PerfStringBackup.INI
2022-02-28 14:53 - 2019-12-07 15:43 - 000718262 _____ C:\Windows\system32\perfh005.dat
2022-02-28 14:53 - 2019-12-07 15:43 - 000145404 _____ C:\Windows\system32\perfc005.dat
2022-02-28 14:53 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2022-02-28 14:51 - 2021-06-21 20:28 - 000000000 ____D C:\Program Files\CCleaner
2022-02-28 14:49 - 2021-05-31 06:44 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-02-28 14:48 - 2021-05-05 09:14 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-28 14:48 - 2021-05-05 08:33 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-28 14:48 - 2021-05-05 08:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-02-28 14:48 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2022-02-28 14:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\NDF
2022-02-28 14:24 - 2021-12-10 15:35 - 000000000 ____D C:\Program Files\Recuva
2022-02-28 14:24 - 2021-06-22 07:12 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-02-28 14:24 - 2021-06-21 20:55 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\AIMP
2022-02-28 14:24 - 2021-06-04 10:49 - 000000000 __SHD C:\Users\Daniel\IntelGraphicsProfiles
2022-02-28 14:18 - 2021-06-04 10:50 - 000000000 ____D C:\Users\Daniel\AppData\Local\Packages
2022-02-28 14:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-28 14:18 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2022-02-28 12:36 - 2021-05-05 08:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-02-26 22:15 - 2021-06-22 07:03 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-02-26 22:15 - 2021-06-22 07:03 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-26 22:15 - 2021-05-05 09:29 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-26 22:01 - 2021-06-21 20:29 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-02-24 18:42 - 2021-06-04 10:47 - 000000000 ____D C:\Users\Daniel
2022-02-24 15:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-02-24 07:14 - 2021-06-21 20:53 - 000000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2022-02-20 21:59 - 2021-06-22 06:56 - 000000000 ____D C:\Program Files\Microsoft Office
2022-02-19 01:33 - 2021-05-05 09:15 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-16 20:41 - 2021-12-13 08:03 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2135673099-4067616780-898855417-1001
2022-02-10 02:17 - 2021-05-05 08:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2022-02-10 02:07 - 2021-05-05 08:33 - 000550200 _____ C:\Windows\system32\FNTCACHE.DAT
2022-02-10 02:06 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-02-10 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-02-10 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2022-02-10 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\et-EE
2022-02-10 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-02-10 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2022-02-10 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2022-02-10 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-02-10 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-02-10 02:06 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2022-02-10 02:06 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2022-02-10 02:01 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2022-02-10 01:58 - 2021-05-05 08:36 - 002877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-02-10 01:50 - 2021-05-05 09:12 - 000000000 ____D C:\Windows\system32\MRT
2022-02-10 01:38 - 2021-05-05 09:12 - 149611728 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-02-05 15:13 - 2021-06-04 11:05 - 000000000 ____D C:\Users\Daniel\AppData\Local\Google
2022-02-04 21:17 - 2021-06-22 07:27 - 000002369 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2022-02-04 21:17 - 2021-06-22 07:27 - 000000000 ____D C:\Users\Daniel\AppData\Local\SquirrelTemp
2022-01-29 12:30 - 2021-08-17 18:40 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories ========

2021-12-10 16:00 - 2021-12-10 16:00 - 000000048 _____ () C:\Users\Daniel\AppData\Roaming\pfpath.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

#5 Příspěvek od **Rudy** » 01 bře 2022 16:00

Smažte tento soubor a restartujte: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat .

haddaniel · #6 Příspěvek od **haddaniel** » 02 bře 2022 11:39

Děkuji moc, povedlo se.

#7 Příspěvek od **Rudy** » 02 bře 2022 15:05

Rádo se stalo!

VIRY.CZ

Odstranění adwaru gestyy.com a libittarc.com

Odstranění adwaru gestyy.com a libittarc.com

Re: Odstranění adwaru gestyy.com a libittarc.com

Re: Odstranění adwaru gestyy.com a libittarc.com

Re: Odstranění adwaru gestyy.com a libittarc.com

Re: Odstranění adwaru gestyy.com a libittarc.com

Re: Odstranění adwaru gestyy.com a libittarc.com

Re: Odstranění adwaru gestyy.com a libittarc.com