Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
HINEGB
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 22 led 2009 09:34

Prosím o kontrolu

#1 Příspěvek od HINEGB »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2023
Ran by hynek (24-02-2023 19:50:22)
Running from C:\Users\hynek\OneDrive\Plocha
Microsoft Windows 10 Home Version 2004 19041.508 (X64) (2020-09-07 07:44:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1695572103-1893823028-2198395607-500 - Administrator - Disabled)
brydl (S-1-5-21-1695572103-1893823028-2198395607-1004 - Limited - Disabled)
ca (S-1-5-21-1695572103-1893823028-2198395607-1006 - Limited - Disabled)
dagma (S-1-5-21-1695572103-1893823028-2198395607-1003 - Limited - Disabled)
DefaultAccount (S-1-5-21-1695572103-1893823028-2198395607-503 - Limited - Disabled)
Guest (S-1-5-21-1695572103-1893823028-2198395607-501 - Limited - Disabled)
Host (S-1-5-21-1695572103-1893823028-2198395607-1011 - Limited - Enabled) => C:\Users\Host
hynek (S-1-5-21-1695572103-1893823028-2198395607-1001 - Administrator - Enabled) => C:\Users\hynek
vendu (S-1-5-21-1695572103-1893823028-2198395607-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1695572103-1893823028-2198395607-504 - Limited - Disabled)
zdene (S-1-5-21-1695572103-1893823028-2198395607-1005 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.003.20322 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601042}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.18 - ASUS)
Balíček ovladače systému Windows - SALTO SYSTEMS S.L. (WinUSB) USB (04/08/2013 4.0.0.0) (HKLM\...\F32B78D41EE27E123D05633D86F2858D095E5042) (Version: 04/08/2013 4.0.0.0 - SALTO SYSTEMS S.L.)
Bonjour (HKLM\...\{2EF5C74A-1137-46B1-A7BA-5A39ED27A22A}) (Version: 1.0.105 - Apple Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{340C451C-F2FD-4309-B259-580FD5E44025}) (Version: 18.1.0.661 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{340C451C-F2FD-4309-B259-580FD5E44025}) (Version: 18.1.661 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{B86D7255-2418-45F1-A36F-7E1FF617550C}) (Version: 18.1.661 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
FortiClient VPN (HKLM\...\{32123CA3-C24D-4A99-9347-70049B8E4C23}) (Version: 7.0.7.0345 - Fortinet Technologies Inc)
GanttProject (HKLM-x32\...\GanttProject) (Version: - )
GeneralZoomy (HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\GeneralZoomy) (Version: - )
Ghost Trap 1.2.9.10 (HKLM-x32\...\Ghost Trap_is1) (Version: - Chris Dance, PaperCut Software Int. Pty. Ltd.)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 71.0.3.0 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.105 - Google LLC)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{6309F485-5713-4A87-9F3F-C47A08BA53DC}) (Version: 18.1.1525.1445 - Intel Corporation)
iPhotoDraw 2.6 (HKLM-x32\...\{3C4C9BAC-248B-4466-B889-8582360F5151}) (Version: 2.6.0.0 - Simen Wu)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.13801.20266 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.50 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.50 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\OneDriveSetup.exe) (Version: 23.033.0212.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1695572103-1893823028-2198395607-1011\...\OneDriveSetup.exe) (Version: 21.180.0905.0007 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\Teams) (Version: 1.3.00.28779 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23506 (HKLM\...\{B0B194F8-E0CE-33FE-AA11-636428A4B73D}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23506 (HKLM\...\{A1C31BA5-5438-3A07-9EEE-A5FB2D0FDE36}) (Version: 14.0.23506 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Finalizer (HKLM-x32\...\{20D2A362-23EB-3BDB-BAD3-F4510B2B32A5}) (Version: 14.0.23217 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x64 Hosting Support (HKLM\...\{6D0ED930-AE5C-3289-ADA3-E6C3B13050DE}) (Version: 14.0.23217 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x86 Hosting Support (HKLM-x32\...\{84DD3A17-A979-39BC-8816-8226CB7DF8A7}) (Version: 14.0.23217 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13801.20182 - Microsoft Corporation) Hidden
PaperCut Mobility Print (HKLM-x32\...\PaperCut Mobility Print_is1) (Version: - PaperCut Software International Pty Ltd)
PDF-XChange Editor (HKLM\...\{937C4E9D-C00A-4F8A-A1CF-4FD358BC1DEB}) (Version: 7.0.326.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{d8a38cca-ed58-496c-aa9d-b75df8ea7a98}) (Version: 7.0.326.1 - Tracker Software Products (Canada) Ltd.)
Průvodce přenosem dat pro Windows (HKLM-x32\...\{1316CC3A-F576-469A-9C54-B98D2DC6E5AE}) (Version: 2.1.2.0 - Apple Inc.)
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Saal Designer (HKLM-x32\...\SaalDesigner) (Version: 4.0 - )
SADPTool (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 2.2.3.6 - hikvision)
SALTO Local IO Bridge (HKLM-x32\...\{b3e7fc8b-e2bd-401a-9b2a-b4bd1706340a}) (Version: 1.3.0.0 - SALTO Systems S.L.)
SaltoLocalIOBridge Setup (HKLM-x32\...\{EEFECA3D-E704-463A-BDE5-AC65C52D978F}) (Version: 1.3.0.0 - SALTO Systems S.L.) Hidden
Signal 6.6.0 (HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.6.0 - Signal Messenger, LLC)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.32.3 - TeamViewer)
Ubiquiti UniFi (remove only) (HKLM-x32\...\Ubiquiti UniFi) (Version: - )
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WireGuard (HKLM\...\{2FDB79CE-5193-4A39-82BB-E00158CC1533}) (Version: 0.5.3 - WireGuard LLC)
Zoom (HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\ZoomUMX) (Version: 5.13.7 (12602) - Zoom Video Communications, Inc.)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.6.36.0_x86__kgqvnymyfvs32 [2021-07-06] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.60.1.0_x86__kgqvnymyfvs32 [2021-06-24] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-28] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation)
Free Virtual Keyboard -> C:\Program Files\WindowsApps\ComfortSoftwareGroup.FreeVirtualKeyboard_5.0.0.0_x64__2tsmkga83t66w [2021-09-24] (Comfort Software Group)
Kiosk Browser -> C:\Program Files\WindowsApps\Microsoft.KioskBrowser_1.0.4.0_x64__8wekyb3d8bbwe [2020-09-15] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-07-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-19] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_1.0.41311.0_x64__8wekyb3d8bbwe [2021-06-10] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0 [2021-06-29] (Spotify AB) [Startup Task]
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-23] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-23] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1695572103-1893823028-2198395607-1001_Classes\CLSID\{04271989-C4D2-49B4-7572-AE77FCFD0D9A} -> [OneDrive - DER Touristik CZ] => C:\Users\hynek\OneDrive - DER Touristik CZ [2022-12-14 16:08]
CustomCLSID: HKU\S-1-5-21-1695572103-1893823028-2198395607-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\hynek\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1695572103-1893823028-2198395607-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\hynek\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\71.0.3.0\drivefsext.dll [2023-02-22] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\71.0.3.0\drivefsext.dll [2023-02-22] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\71.0.3.0\drivefsext.dll [2023-02-22] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\71.0.3.0\drivefsext.dll [2023-02-22] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\71.0.3.0\drivefsext.dll [2023-02-22] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\71.0.3.0\drivefsext.dll [2023-02-22] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\71.0.3.0\drivefsext.dll [2023-02-22] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\hynek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Google Keep.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eilembjdkfgodjkcjnpgpaenohkicgjd
ShortcutWithArgument: C:\Users\hynek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Kiosk (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 2" --app-id=afhcomalholahplbjhnmahkoekoijban
ShortcutWithArgument: C:\Users\hynek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Keep – poznámky a seznamy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki

==================== Loaded Modules (Whitelisted) =============

2008-08-29 08:54 - 2008-08-29 08:54 - 000193024 _____ (Apple Inc.) [File not signed] C:\Program Files\Bonjour\mdnsNSP.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ra.fischer.cz/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-02-03] (Oracle America, Inc. -> Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-02-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech Inc -> Logitech, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\sharepoint.com -> hxxps://dertouristikcz-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2023-02-24 15:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2019-08-06 21:39 - 2021-07-23 20:39 - 000000587 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-80FHSG7.mshome.net # 2026 7 3 22 19 39 24 239
192.168.137.22 LGSmartTV.mshome.net # 2021 7 5 30 19 39 24 239
30 40 365
192.168.137.114 LGSmartTV.mshome.net # 2020 5 6 9 15 56 31 918

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %C_EM64T_REDIST11%bin\Intel64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\QuickTime Alternative\QTSystem;C:\Program Files\WireGuard\
HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\hynek\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-1695572103-1893823028-2198395607-1011\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled)
Ethernet 2: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled)
Ethernet 3: FortiClient NDIS 6.3 Packet Filter Driver -> ft_fortifilter (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{050E5BD7-769E-404B-83F6-36917A5CE086}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{4F155120-BD8C-4BBD-B541-FB73561634A6}C:\program files (x86)\sadptool\sadptool.exe] => (Allow) C:\program files (x86)\sadptool\sadptool.exe (HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [{C4419699-A68B-4D67-BBDB-FA0A5075D3F4}] => (Allow) C:\Users\hynek\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D7D4FBF2-D8BB-411D-A30A-6217FC22EF9D}] => (Allow) C:\Users\hynek\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F657D0FF-58E7-44C1-8736-24AB47F3C86B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9B7B7020-C8E9-495A-AE61-65B1A38BA09D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E2837EF7-605B-4E91-95C8-E7C50E51B160}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BAB7EAF7-F80C-4A70-8321-8146E78010E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{E0C17448-8061-4297-AB6A-252CD920E76D}C:\users\hynek\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hynek\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F333B2BB-57A2-4367-8D9B-4AC2C15799B7}C:\users\hynek\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hynek\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A0F8F7C-8FCE-4167-BC8D-57A2897BCC96}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BAC77EA7-9F74-48F5-A279-0FEB6D05077D}C:\program files (x86)\common files\oracle\java\javapath_target_7596796\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7596796\javaw.exe
FirewallRules: [UDP Query User{C31555FD-6493-4463-90CE-3690ED709274}C:\program files (x86)\common files\oracle\java\javapath_target_7596796\javaw.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_7596796\javaw.exe
FirewallRules: [{1788616D-03EB-44E6-A655-08950B73A405}] => (Allow) C:\Program Files\Java\jre1.8.0_281\bin\java.exe
FirewallRules: [{499F681F-9847-47A4-A1A7-ECC65A8629E0}] => (Allow) C:\Program Files\Java\jre1.8.0_281\bin\java.exe
FirewallRules: [{51A2C605-15A5-4D56-A6E7-D4987EF86191}] => (Allow) C:\Users\hynek\Ubiquiti UniFi\bin\mongod.exe (MongoDB, Inc) [File not signed]
FirewallRules: [{03C7854C-8566-4560-9B3D-70049FC949E5}] => (Allow) C:\Users\hynek\Ubiquiti UniFi\bin\mongod.exe (MongoDB, Inc) [File not signed]
FirewallRules: [{C2DCDA8E-4436-41F6-8EFD-027291CF4FD8}] => (Allow) LPort=9163
FirewallRules: [{23211DB1-A05C-4BD2-BDC9-5CA100122863}] => (Allow) LPort=9164
FirewallRules: [{579B483E-7B02-49DF-A61A-37448045AB13}] => (Allow) LPort=5353
FirewallRules: [{2F49922E-3FB7-4E0D-870A-FEB8E67040E0}] => (Allow) LPort=53
FirewallRules: [{D3BA936C-F949-4948-BB89-E1B3FE69E327}] => (Allow) LPort=53
FirewallRules: [{2904CF0C-6771-4BA2-9E88-4EF99445CC0F}] => (Allow) C:\Program Files (x86)\PaperCut Mobility Print\pc-updater.exe (PaperCut Software International Pty. Ltd. -> )
FirewallRules: [{E19F8ECB-D565-4508-B02E-87259A955657}] => (Allow) C:\Program Files (x86)\PaperCut Mobility Print\pc-updater.exe (PaperCut Software International Pty. Ltd. -> )
FirewallRules: [{DC2A01F7-2176-4AE8-B417-C29D378E5811}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E8DEA00-B1FB-4507-A7A3-9FAF45A4BBA0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BABCA958-E342-475F-B398-BC3FA71B0830}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5424263-DC41-42FA-870D-AD90FD9DE971}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{A54E20C0-05EE-4820-B6B9-8B737B78A644}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{2D52DDD1-2F26-425D-A2F0-A2D5A31D8B27}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{F7E1A743-ECE6-4716-B78D-F6048550E96A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AB6D1808-65A1-4AB7-AE79-4C24BE909EB6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B5FF6244-0F27-435C-831E-9DD16AC25148}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DEE1F30E-571E-4ABA-815D-F31860194746}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E16D0A5B-71C4-4057-B871-7A5D9D68EBC2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D55D391E-2F9D-4564-AB75-B020CC029F49}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B2F30803-280F-4D87-B0B8-9A3E71419A5C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E635EF21-C86E-4FB1-B76E-DD3357A1BB9D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ABFC4F58-5354-4E48-8B7A-151F39B6229B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8487B54D-4A70-4C8A-9493-0B8ADD9D0551}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A3F34578-A89F-452A-8EB2-F1A29BC99A53}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7B1D4F3C-4297-4DF8-964B-A105F632FBC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{51F84A71-90FE-4AB5-B2A9-A5794B2E7837}C:\users\hynek\onedrive\plocha\winbox.exe] => (Allow) C:\users\hynek\onedrive\plocha\winbox.exe (Mikrotikls SIA -> )
FirewallRules: [UDP Query User{65457697-AE4B-4B59-A95C-384811A680BA}C:\users\hynek\onedrive\plocha\winbox.exe] => (Allow) C:\users\hynek\onedrive\plocha\winbox.exe (Mikrotikls SIA -> )
FirewallRules: [TCP Query User{B51E72D3-C376-4CED-9D17-75252AA735E3}C:\users\hynek\downloads\anydesk.exe] => (Allow) C:\users\hynek\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{017721EF-BC68-4FE1-A49B-101E5510E528}C:\users\hynek\downloads\anydesk.exe] => (Allow) C:\users\hynek\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{F034DABF-8AB9-4392-82CE-51E3F75B2227}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8EB2ABC2-C974-4859-A5E8-0571EB55517B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9031811A-1FC5-4534-9C9C-2538CADAEC11}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FEF2C250-E463-4D6D-A23A-B5F00EAA30EE}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{B2900A25-0337-4A4B-A6C9-28B1F5728C8D}C:\users\hynek\downloads\anydesk (1).exe] => (Allow) C:\users\hynek\downloads\anydesk (1).exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{6F313DF4-0FEE-466C-9D21-56D70086019D}C:\users\hynek\downloads\anydesk (1).exe] => (Allow) C:\users\hynek\downloads\anydesk (1).exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{3F05D1DB-29D5-4CF0-9A99-43B305ED98BF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D2B10ABE-395A-4F35-9A7F-40D34F3EF755}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{5B10B87D-2093-4FF8-8FB8-81AC3E36F333}C:\users\hynek\onedrive\plocha\winbox-desktop-8gl7ptv.exe] => (Allow) C:\users\hynek\onedrive\plocha\winbox-desktop-8gl7ptv.exe (Mikrotikls SIA -> )
FirewallRules: [UDP Query User{02AEA412-5E1A-4094-BAA2-065A205B07BF}C:\users\hynek\onedrive\plocha\winbox-desktop-8gl7ptv.exe] => (Allow) C:\users\hynek\onedrive\plocha\winbox-desktop-8gl7ptv.exe (Mikrotikls SIA -> )
FirewallRules: [{3451C751-E1CA-4414-92EC-BA98DB2C825F}] => (Block) C:\users\hynek\onedrive\plocha\winbox-desktop-8gl7ptv.exe (Mikrotikls SIA -> )
FirewallRules: [{590A8D2E-1AE2-457C-A628-CFB58C9D5D96}] => (Block) C:\users\hynek\onedrive\plocha\winbox-desktop-8gl7ptv.exe (Mikrotikls SIA -> )

==================== Restore Points =========================

10-02-2023 11:15:12 Naplánovaný kontrolní bod
19-02-2023 23:28:40 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Fortinet SSL VPN Virtual Ethernet Adapter
Description: Fortinet SSL VPN Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Fortinet Inc
Service: ftsvnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Řadič PCI pro získávání dat a zpracování signálu
Description: Řadič PCI pro získávání dat a zpracování signálu
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: LG FH6 (49) Stereo
Description: Zdroj Microsoft Bluetooth A2dp
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthA2dp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/24/2023 04:14:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.488, časové razítko: 0x5b4a3325
Kód výjimky: 0xc06d007e
Posun chyby: 0x0000000000023e49
ID chybujícího procesu: 0x1904
Čas spuštění chybující aplikace: 0x01d947fe19db25c1
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 807910c8-2131-4caf-8528-5c7277146b32
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/23/2023 09:17:43 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/23/2023 05:04:18 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. 0xc0041801 (0xc0041801)

Error: (02/23/2023 05:04:18 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4810 - onecoreuap\base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayeroccurrences.cpp (600)} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Neplatné údaje. 0x8007000d (0x8007000d)

Error: (02/23/2023 02:16:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.488, časové razítko: 0x5b4a3325
Kód výjimky: 0xc06d007e
Posun chyby: 0x0000000000023e49
ID chybujícího procesu: 0xa6c
Čas spuštění chybující aplikace: 0x01d94724798e8b15
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 2b878f1e-4804-4837-8aea-8d27d8161541
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/22/2023 03:28:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.488, časové razítko: 0x5b4a3325
Kód výjimky: 0xc06d007e
Posun chyby: 0x0000000000023e49
ID chybujícího procesu: 0x1368
Čas spuštění chybující aplikace: 0x01d946654e35957b
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: dc103884-9fbc-465c-8891-41e9818d55ff
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/21/2023 11:57:36 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/21/2023 01:29:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.488, časové razítko: 0x5b4a3325
Kód výjimky: 0xc06d007e
Posun chyby: 0x0000000000023e49
ID chybujícího procesu: 0x1ad4
Čas spuštění chybující aplikace: 0x01d9458b9930a31a
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 787d6642-a8de-4b98-ac7f-e5cc7e698fef
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (02/24/2023 03:01:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (12:05:35, ‎24.‎02.‎2023) bylo neočekávané.

Error: (02/24/2023 11:12:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (7:42:07, ‎24.‎02.‎2023) bylo neočekávané.

Error: (02/24/2023 07:42:24 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K identifikaci rozhraní, jehož inicializace se nezdařila, lze použít
řetězec %2. Je reprezentován adresou MAC tohoto rozhraní nebo globálně
jedinečným identifikátorem (GUID), pokud nemohlo rozhraní NetBT
získat adresu MAC podle identifikátoru GUID. Pokud nebyla k dispozici adresa MAC
ani identifikátor GUID, je řetězec reprezentován názvem zařízení clusteru.

Error: (02/24/2023 07:42:24 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K identifikaci rozhraní, jehož inicializace se nezdařila, lze použít
řetězec %2. Je reprezentován adresou MAC tohoto rozhraní nebo globálně
jedinečným identifikátorem (GUID), pokud nemohlo rozhraní NetBT
získat adresu MAC podle identifikátoru GUID. Pokud nebyla k dispozici adresa MAC
ani identifikátor GUID, je řetězec reprezentován názvem zařízení clusteru.

Error: (02/24/2023 07:42:07 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (4:11:25, ‎24.‎02.‎2023) bylo neočekávané.

Error: (02/24/2023 04:11:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (0:34:13, ‎24.‎02.‎2023) bylo neočekávané.

Error: (02/23/2023 08:34:25 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K identifikaci rozhraní, jehož inicializace se nezdařila, lze použít
řetězec %2. Je reprezentován adresou MAC tohoto rozhraní nebo globálně
jedinečným identifikátorem (GUID), pokud nemohlo rozhraní NetBT
získat adresu MAC podle identifikátoru GUID. Pokud nebyla k dispozici adresa MAC
ani identifikátor GUID, je řetězec reprezentován názvem zařízení clusteru.

Error: (02/23/2023 08:34:25 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Inicializace se nezdařila, protože ovladač zařízení nemohl být vytvořen.
K identifikaci rozhraní, jehož inicializace se nezdařila, lze použít
řetězec %2. Je reprezentován adresou MAC tohoto rozhraní nebo globálně
jedinečným identifikátorem (GUID), pokud nemohlo rozhraní NetBT
získat adresu MAC podle identifikátoru GUID. Pokud nebyla k dispozici adresa MAC
ani identifikátor GUID, je řetězec reprezentován názvem zařízení clusteru.


Windows Defender:
================
Date: 2023-02-24 19:47:35
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUADlManager:Win32/Seznam
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\hynek\Downloads\ganttproject-2.8.9-r2335.exe; file:_C:\Users\hynek\Downloads\iphotodraw.exe; file:_C:\Users\hynek\Downloads\QuickTime_Alternative_322.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-80FHSG7\hynek
Název procesu: C:\Users\hynek\OneDrive\Plocha\FRST64.exe
Verze bezpečnostních informací: AV: 1.383.559.0, AS: 1.383.559.0, NIS: 1.383.559.0
Verze modulu: AM: 1.1.20000.2, NIS: 1.1.20000.2

Date: 2023-02-24 19:47:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUADlManager:Win32/Seznam
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\hynek\Downloads\ganttproject-2.8.9-r2335.exe; file:_C:\Users\hynek\Downloads\iphotodraw.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-80FHSG7\hynek
Název procesu: C:\Users\hynek\OneDrive\Plocha\FRST64.exe
Verze bezpečnostních informací: AV: 1.383.559.0, AS: 1.383.559.0, NIS: 1.383.559.0
Verze modulu: AM: 1.1.20000.2, NIS: 1.1.20000.2

Date: 2023-02-24 19:46:57
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUADlManager:Win32/Seznam
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\hynek\Downloads\ganttproject-2.8.9-r2335.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-80FHSG7\hynek
Název procesu: C:\Users\hynek\OneDrive\Plocha\FRST64.exe
Verze bezpečnostních informací: AV: 1.383.559.0, AS: 1.383.559.0, NIS: 1.383.559.0
Verze modulu: AM: 1.1.20000.2, NIS: 1.1.20000.2

Date: 2023-02-23 08:26:48
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CCC86EF5-F20E-4A84-BA11-8B15564F0C3D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2023-02-22 22:00:34
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.383.440.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20000.2
Kód chyby: 0x80240438
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2023-01-26 17:41:49
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2731.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

Date: 2023-01-26 17:41:49
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.2731.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80070102
Popis chyby: Vypršel časový limit operace čekání.

CodeIntegrity:
===============
Date: 2023-02-24 19:36:10
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. UX302LA.210 06/16/2014
Motherboard: ASUSTeK COMPUTER INC. UX302LA
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 52%
Total physical RAM: 8078.34 MB
Available physical RAM: 3845.31 MB
Total Virtual: 11024.03 MB
Available Virtual: 6013.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.13 GB) (Free:19.36 GB) (Model: WDC WDS500G2B0A-00SM50) NTFS
Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:0 GB) (Model: WDC WDS500G2B0A-00SM50) FAT32

\\?\Volume{b9d9ae16-ea76-4a6a-947c-360a513be276}\ () (Fixed) (Total:0.52 GB) (Free:0.04 GB) NTFS
\\?\Volume{5eb413b0-c14f-4eec-acf5-4e025660f874}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 3E78F963)

Partition: GPT.

==================== End of Addition.txt =======================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2023
Ran by hynek (administrator) on DESKTOP-80FHSG7 (ASUSTeK COMPUTER INC. UX302LA) (24-02-2023 19:43:30)
Running from C:\Users\hynek\OneDrive\Plocha
Loaded Profiles: hynek
Platform: Microsoft Windows 10 Home Version 2004 19041.508 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe ->) (ASUSTeK Computer Inc. -> AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\110.0.1587.50\identity_helper.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSettings.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCopyAccelerator.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\71.0.3.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\71.0.3.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(services.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe
(services.exe ->) (PaperCut Software International Pty. Ltd. -> ) C:\Program Files (x86)\PaperCut Mobility Print\pc-mobility-print.exe
(services.exe ->) (Salto Systems S.L.) [File not signed] C:\SALTO\Local IO Bridge\SaltoLocalIOBridge.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (WireGuard LLC -> WireGuard LLC) C:\Program Files\WireGuard\wireguard.exe <3>
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe <6>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\hynek\AppData\Local\Microsoft\OneDrive\23.033.0212.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(svchost.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951024 2019-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\71.0.3.0\GoogleDriveFS.exe [52571928 2023-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\71.0.3.0\GoogleDriveFS.exe [52571928 2023-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\71.0.3.0\GoogleDriveFS.exe [52571928 2023-02-22] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\Run: [MicrosoftEdgeAutoLaunch_7157C86D8E139DAF9F76A72DBA4E1F89] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\MountPoints2: {1fa46193-bccd-11ec-8897-806e6f6e6963} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\MountPoints2: {772aca3a-8e08-11eb-bee2-5c514f3ffda9} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\MountPoints2: {c23672e9-3faf-11eb-bc6e-5c514f3ffdad} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\...\MountPoints2: {fb2e2697-f389-11eb-822b-5c514f3ffda9} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\71.0.3.0\GoogleDriveFS.exe [52571928 2023-02-22] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\110.0.5481.105\Installer\chrmstp.exe [2023-02-23] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {103390A3-7ADC-469E-A2F5-F129430E2D51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-20] (Google Inc -> Google LLC)
Task: {13D9C2BC-D6FC-4B10-8ADF-96723E15FD3E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {152B2D77-2A71-458B-A57E-09EF3035A29D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1511288 2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {59E98452-3A70-454C-A34F-F4CD904B8B99} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14049536 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {5C0BC97E-8324-46D0-97AD-2C6C649DD1EE} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {5C71F24C-96A3-4834-8F3E-89BA39C5CD79} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1510808 2002-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F90A50F-54E1-4706-9176-10C535D4759B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5FA85842-6F40-4B34-9B1B-206228C863DB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141184 2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {74E29553-E1A3-40E6-A87D-1645393EA034} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23080304 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {74E33745-8096-409F-9CFF-5624E7D8E84F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141184 2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {766D223C-E82B-44DA-AB66-574EE00FD4FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.)
Task: {95C0BC77-7B11-43E9-A064-58581B3B449E} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {9CA47FE7-B9AB-40EA-9213-F324448AD027} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AEEEC3F5-2CD6-43B5-BD69-13049AC31A4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-20] (Google Inc -> Google LLC)
Task: {BFD0191F-0996-47B5-88A9-56B5EB0870F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C521CDB2-04E0-468F-8C9F-D6269A74EE25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCmdRun.exe [1592184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D084E54B-8409-4DE6-9256-8BDC3B50CB63} - System32\Tasks\CorelUpdateHelperTask-3014B226FF372FCF15F4964DE35C6FC8 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (No File)
Task: {FEF3D880-AF9F-45EC-B539-684B05E81B89} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [18400 2017-03-09] (ASUSTeK Computer Inc. -> AsusTek)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [193024 2008-08-29] (Apple Inc.) [File not signed]
Tcpip\Parameters: [DhcpNameServer] 10.0.2.1
Tcpip\..\Interfaces\{f28ceb74-3dc1-4f12-900a-e729fb925015}: [DhcpNameServer] 10.0.2.1
Tcpip\..\Interfaces\{fec86f06-80bc-46ca-87a6-7d1ef3449c62}: [DhcpNameServer] 10.0.4.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\hynek\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-24]
Edge Notifications: Default -> hxxps://www.facebook.com
Edge Extension: (Edge relevant text changes) - C:\Users\hynek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-01-24]
Edge Extension: (Virtuální klávesnice pro Microsoft Edge) - C:\Users\hynek\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pcdickjcmegnimaejnpckgfbhlbnpgan [2021-09-20]
Edge Profile: C:\Users\hynek\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-01-14]

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2020-10-18] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-02-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1695572103-1893823028-2198395607-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1695572103-1893823028-2198395607-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1695572103-1893823028-2198395607-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-07-25] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default [2023-02-24]
CHR Notifications: Default -> hxxps://aukro.cz; hxxps://calendar.google.com; hxxps://drive.google.com; hxxps://teams.microsoft.com; hxxps://www.messenger.com
CHR NewTab: Default -> Not-active:"chrome-extension://kmhlclefmkbikbnpmoemeendjcgbkbha/newtab.html"
CHR Extension: (Hot Virtual Keyboard Extension) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl [2021-09-20]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-02-09]
CHR Extension: (Virtual Keyboard for Google Chrome™) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecjkcanpimnagobhegghdeeiagffoidk [2022-03-28]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-25]
CHR Extension: (Chrome Extension Manager) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddkjobhhfbocgpebgnadlbdodajapel [2020-08-28]
CHR Extension: (Comfort On-Screen Keyboard Pro Extension) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiahaffkmigpdgabgoeipffondmlnhdn [2022-11-16]
CHR Extension: (Zoom Scheduler) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2023-01-10]
CHR Extension: (Google Home™ for PC & Windows/Mac -New Tab BG) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhlclefmkbikbnpmoemeendjcgbkbha [2022-03-09]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2023-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Virtual Keyboard) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2021-09-20]
CHR Profile: C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-02-24]
CHR Profile: C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-01-08]
CHR Extension: (The Cook Company) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\afhcomalholahplbjhnmahkoekoijban [2021-09-20]
CHR Extension: (Plná Peněženka Lištička) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ecmgkhgjmodembdmiimbacpjgcdimiek [2023-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-08]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-09-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-20]
CHR Extension: (Virtual Keyboard) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2021-09-20]
CHR Profile: C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-01-08]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-08]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-12-02]
CHR Profile: C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 5 [2023-02-24]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-30]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-05]
CHR Profile: C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 6 [2022-12-02]
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-12-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-02]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-12-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-02]
CHR Profile: C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 7 [2023-01-08]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-01-08]
CHR Extension: (Google Docs Offline) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-02]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hynek\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-02]
CHR Profile: C:\Users\hynek\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-24]
CHR HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\hynek\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-1695572103-1893823028-2198395607-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-02-01] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-02-22] (Microsoft Corporation -> Microsoft Corporation)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [413784 2022-08-31] (Fortinet Technologies (Canada) ULC -> Fortinet Inc.)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-06-18] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 pc-mobility-print; C:\Program Files (x86)\PaperCut Mobility Print\pc-mobility-print.exe [5274992 2021-02-23] (PaperCut Software International Pty. Ltd. -> )
R2 SaltoLocalIOBridge; C:\SALTO\Local IO Bridge\SaltoLocalIOBridge.exe [189440 2019-08-05] (Salto Systems S.L.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [14621592 2022-07-13] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WireGuardManager; C:\Program Files\WireGuard\wireguard.exe [8185648 2021-12-22] (WireGuard LLC -> WireGuard LLC)
R2 WireGuardTunnel$Rubyk-Brydl; C:\Program Files\WireGuard\wireguard.exe [8185648 2021-12-22] (WireGuard LLC -> WireGuard LLC)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmPeStor; C:\WINDOWS\system32\drivers\AmPeStor.sys [159920 2015-07-24] (AlcorMicro, Corp. -> Alcor Micro, Corp.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [35400 2022-08-31] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [165056 2022-08-31] (Fortinet, Inc. -> Fortinet Inc)
S3 FortiTransCtrl; C:\WINDOWS\System32\drivers\FortiTransCtrl.sys [85696 2022-08-31] (Fortinet, Inc. -> Fortinet Inc)
S3 ftsvnic; C:\WINDOWS\System32\drivers\ftsvnic.sys [72800 2022-08-31] (Fortinet, Inc. -> Fortinet Inc.)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [70368 2022-08-31] (Fortinet Technologies (Canada) Inc. -> Fortinet Corporation)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-07] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 MpKsl1d4ebba4; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [134376 2022-01-17] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl93cef076; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [134376 2022-01-17] (Microsoft Windows -> Microsoft Corporation)
R2 NPF; C:\Windows\SysWOW64\drivers\npf64.sys [36600 2015-04-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473336 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
R3 WireGuard; C:\WINDOWS\system32\DRIVERS\wireguard.sys [489368 2021-10-25] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-24 19:34 - 2023-02-24 19:44 - 000000000 ____D C:\FRST
2023-02-23 14:01 - 2023-02-23 14:01 - 000000000 ____D C:\Users\hynek\AppData\Local\Zoom
2023-02-23 14:00 - 2023-02-23 14:00 - 000000000 ____D C:\Users\hynek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-02-21 15:26 - 2023-02-21 15:26 - 000000089 _____ C:\Users\hynek\Downloads\recovery_codes.txt
2023-02-21 14:33 - 2023-02-21 14:33 - 000375838 _____ C:\Users\hynek\Downloads\Metodicke_doporuceni-Blue_03-1 (4).pdf
2023-02-21 12:08 - 2023-02-21 12:09 - 108504945 _____ C:\Users\hynek\Downloads\20230222.zip
2023-02-20 16:48 - 2023-02-20 16:48 - 001510610 _____ C:\Users\hynek\Downloads\Příloha 04 Projektová dokumentace_FVE Štýřice (2).pdf
2023-02-20 13:26 - 2023-02-20 13:26 - 000239733 _____ C:\Users\hynek\Downloads\9120011692.pdf
2023-02-20 13:26 - 2023-02-20 13:26 - 000225012 _____ C:\Users\hynek\Downloads\6120114101 (1).pdf
2023-02-20 13:26 - 2023-02-20 13:26 - 000220010 _____ C:\Users\hynek\Downloads\9120024517.pdf
2023-02-20 13:25 - 2023-02-20 13:25 - 000242074 _____ C:\Users\hynek\Downloads\6120214145.pdf
2023-02-20 13:04 - 2023-02-20 13:04 - 003683273 _____ C:\Users\hynek\Downloads\Příloha č. 1_FVE 44,46 kWp B.D.H.Kovo.pdf
2023-02-20 13:03 - 2023-02-20 13:03 - 001510610 _____ C:\Users\hynek\Downloads\Příloha 04 Projektová dokumentace_FVE Štýřice (1).pdf
2023-02-20 13:00 - 2023-02-20 13:00 - 001510610 _____ C:\Users\hynek\Downloads\Příloha 04 Projektová dokumentace_FVE Štýřice.pdf
2023-02-20 12:43 - 2023-02-20 12:43 - 002477653 _____ C:\Users\hynek\Downloads\madrid_en.pdf
2023-02-20 12:43 - 2023-02-20 12:43 - 000226821 _____ C:\Users\hynek\Downloads\voucher-DC-4655610.pdf
2023-02-20 06:59 - 2023-02-20 07:03 - 000183220 _____ C:\Users\hynek\Downloads\F_Karta_Reklamace2.pdf
2023-02-19 19:55 - 2023-02-19 20:07 - 000184169 _____ C:\Users\hynek\Downloads\F_Karta_Reklamace.pdf
2023-02-18 18:08 - 2023-02-18 18:08 - 002825123 _____ C:\Users\hynek\Downloads\1662641157_Manuál pro vytvoření účtu v AIS_v3.pdf
2023-02-16 16:31 - 2023-02-16 16:31 - 000251749 _____ C:\Users\hynek\Downloads\6463_6455_Smlouva_o_zajezdu_platne_infocesta.03.xlsx
2023-02-16 16:13 - 2023-02-16 16:13 - 000003133 _____ C:\Users\hynek\Downloads\index_2023-02-01_2023-02-15.xlsx
2023-02-16 16:12 - 2023-02-16 16:12 - 000005120 _____ C:\Users\hynek\Downloads\consommation_2023-02-01_2023-02-15.xls
2023-02-13 20:17 - 2023-02-13 20:17 - 000000000 ____D C:\Users\hynek\OneDrive\Dokumenty\PDF Architect
2023-02-09 13:33 - 2023-02-09 13:34 - 202575587 _____ C:\Users\hynek\Downloads\zasilka-HN7F9WDV37NYNAXE.zip
2023-02-09 09:04 - 2023-02-20 13:42 - 000000000 ____D C:\WINDOWS\Minidump
2023-02-01 10:37 - 2023-02-01 10:38 - 157247270 _____ C:\Users\hynek\Downloads\20230201.zip
2023-02-01 09:42 - 2023-02-02 18:47 - 000833932 _____ C:\Users\hynek\Downloads\Exim_FM-2023_letak_A4_vylohy.pdf
2023-02-01 09:42 - 2023-02-02 18:46 - 000870758 _____ C:\Users\hynek\Downloads\Fischer_FM-2023_letak_A4_vylohy.pdf
2023-01-30 15:20 - 2023-01-30 15:20 - 000285488 _____ C:\Users\hynek\Downloads\96880208.pdf
2023-01-26 09:03 - 2023-01-26 09:03 - 000406476 _____ C:\Users\hynek\Downloads\rm09_usneseni_16.01.2023.pdf
2023-01-25 08:53 - 2023-01-25 08:53 - 000306436 _____ C:\Users\hynek\Downloads\CestovniSmlouva-OP674358575-S0002-TD00179150.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-24 19:43 - 2021-09-07 19:03 - 000000000 ____D C:\Users\Host
2023-02-24 19:43 - 2019-07-20 11:17 - 000000000 ____D C:\Users\hynek\OneDrive\Dokumenty\Soubory aplikace Outlook
2023-02-24 19:31 - 2022-12-14 16:08 - 000000000 ___RD C:\Users\hynek\OneDrive - DER Touristik CZ
2023-02-24 19:31 - 2019-08-06 21:00 - 000000000 ___RD C:\Users\hynek\Disk Google
2023-02-24 19:31 - 2019-07-20 10:27 - 000000000 ___RD C:\Users\hynek\OneDrive
2023-02-24 19:30 - 2021-01-10 16:57 - 000000000 ____D C:\Users\hynek\AppData\Roaming\Signal
2023-02-24 19:30 - 2020-09-07 01:38 - 000000000 ____D C:\Users\hynek
2023-02-24 19:30 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-24 19:30 - 2019-07-21 16:30 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-02-24 19:30 - 2019-07-21 16:30 - 000000000 __SHD C:\Users\hynek\IntelGraphicsProfiles
2023-02-24 19:30 - 2019-07-20 11:22 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-24 19:30 - 2019-07-20 10:26 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2023-02-24 19:11 - 2020-09-07 08:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-24 15:10 - 2020-09-07 08:44 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-02-24 15:06 - 2020-09-07 08:48 - 094580676 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-24 15:06 - 2019-12-07 15:41 - 093391652 _____ C:\WINDOWS\system32\perfh005.dat
2023-02-24 15:06 - 2019-12-07 15:41 - 028772280 _____ C:\WINDOWS\system32\perfc005.dat
2023-02-24 15:02 - 2019-08-16 17:34 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-02-24 15:01 - 2020-09-07 08:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-24 15:01 - 2020-09-07 08:38 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-24 15:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-24 11:43 - 2019-07-20 10:24 - 000000000 ____D C:\Users\hynek\AppData\Local\Packages
2023-02-23 16:19 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-23 16:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-23 14:01 - 2020-03-27 18:41 - 000000000 ____D C:\Users\hynek\AppData\Roaming\Zoom
2023-02-23 09:13 - 2019-07-20 11:24 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-23 08:16 - 2021-12-14 13:16 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1695572103-1893823028-2198395607-1001
2023-02-23 08:16 - 2021-06-29 13:14 - 000002381 _____ C:\Users\hynek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-23 08:16 - 2020-09-07 08:44 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1695572103-1893823028-2198395607-1001
2023-02-22 16:03 - 2021-09-22 18:23 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-02-19 11:14 - 2020-06-08 23:17 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-18 10:11 - 2022-10-13 13:06 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-02-15 01:38 - 2019-07-20 10:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-10 11:08 - 2020-09-07 08:44 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-10 11:08 - 2020-09-07 08:44 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#2 Příspěvek od Rudy »

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\hynek\Downloads\ganttproject-2.8.9-r2335.exe
C:\Users\hynek\Downloads\iphotodraw.exe
C:\Users\hynek\Downloads\QuickTime_Alternative_322.exe
Task: {103390A3-7ADC-469E-A2F5-F129430E2D51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-20] (Google Inc -> Google LLC)
Task: {AEEEC3F5-2CD6-43B5-BD69-13049AC31A4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-20] (Google Inc -> Google LLC)
Task: {D084E54B-8409-4DE6-9256-8BDC3B50CB63} - System32\Tasks\CorelUpdateHelperTask-3014B226FF372FCF15F4964DE35C6FC8 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (No File)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

EmptyTemp:
End
Uložte do C:\Users\hynek\OneDrive\Plocha jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

HINEGB
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 22 led 2009 09:34

Re: Prosím o kontrolu

#3 Příspěvek od HINEGB »

Provedl jsem, ale v průběhu testování se objevila windows hláška o potencionální hrozbě (viz příloha).
Zazmatkoval jsem a celou doporučenou akci zopakoval, čímž se přepsal log. Akce proběhla výrazně rychleji a log přikládám:

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2023
Ran by hynek (26-02-2023 17:03:08) Run:2
Running from C:\Users\hynek\OneDrive\Plocha
Loaded Profiles: hynek & Host
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
C:\Users\hynek\Downloads\ganttproject-2.8.9-r2335.exe
C:\Users\hynek\Downloads\iphotodraw.exe
C:\Users\hynek\Downloads\QuickTime_Alternative_322.exe
Task: {103390A3-7ADC-469E-A2F5-F129430E2D51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-20] (Google Inc -> Google LLC)
Task: {AEEEC3F5-2CD6-43B5-BD69-13049AC31A4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-20] (Google Inc -> Google LLC)
Task: {D084E54B-8409-4DE6-9256-8BDC3B50CB63} - System32\Tasks\CorelUpdateHelperTask-3014B226FF372FCF15F4964DE35C6FC8 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (No File)
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
"C:\Users\hynek\Downloads\ganttproject-2.8.9-r2335.exe" => not found
"C:\Users\hynek\Downloads\iphotodraw.exe" => not found
"C:\Users\hynek\Downloads\QuickTime_Alternative_322.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{103390A3-7ADC-469E-A2F5-F129430E2D51}" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEEEC3F5-2CD6-43B5-BD69-13049AC31A4D}" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D084E54B-8409-4DE6-9256-8BDC3B50CB63}" => not found
"C:\WINDOWS\System32\Tasks\CorelUpdateHelperTask-3014B226FF372FCF15F4964DE35C6FC8" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CorelUpdateHelperTask-3014B226FF372FCF15F4964DE35C6FC8" => not found
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10651309 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 79172 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
hynek => 23219 B
Host => 23219 B

RecycleBin => 0 B
EmptyTemp: => 11 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:03:22 ====
Přílohy
Snímek obrazovky 2023-02-26 170912.jpg
Snímek obrazovky 2023-02-26 170912.jpg (29.64 KiB) Zobrazeno 921 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#4 Příspěvek od Rudy »

Spusťte ještě tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Jinak ta hléška je pouze o tom, že hrozbu AV nepustil do PC.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

HINEGB
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 22 led 2009 09:34

Re: Prosím o kontrolu

#5 Příspěvek od HINEGB »

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-26-2023
# Duration: 00:00:00
# OS: Windows 10 (Build 19041.508)
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Conduit

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2150 octets] - [26/02/2023 18:19:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#6 Příspěvek od Rudy »

OK. Změnilo se něco?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

HINEGB
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 22 led 2009 09:34

Re: Prosím o kontrolu

#7 Příspěvek od HINEGB »

Stále stejná hrozba

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#8 Příspěvek od Rudy »

Zkusíme ještě vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

HINEGB
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 22 led 2009 09:34

Re: Prosím o kontrolu

#9 Příspěvek od HINEGB »

Omlouvám se za prodlevu, byl jsem mimo ČR.

Log posílám přílohu - je příliš dlouhý.
Přílohy
zoek_log.rar
(70.05 KiB) Staženo 33 x

HINEGB
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 22 led 2009 09:34

Re: Prosím o kontrolu

#10 Příspěvek od HINEGB »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by hynek (Administrator) on 07.03.2023 at 11:44:18,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.03.2023 at 11:47:48,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#11 Příspěvek od Rudy »

Obě utility něco smazaly. Už je vše v pořádku?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

HINEGB
Návštěvník
Návštěvník
Příspěvky: 90
Registrován: 22 led 2009 09:34

Re: Prosím o kontrolu

#12 Příspěvek od HINEGB »

snad ano :)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu

#13 Příspěvek od Rudy »

OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět