Defender hlasy problem

[frenky335]

Dobry den, Windows Defender hlasy Spyware:PowerShell/Keylogger!pz
Hned som to dal do karanteny, prosim o kontrolu logu ci este nieco je v PC.
Dakujem

FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2024 01
Ran by Angel (administrator) on EUNIKA (Dell Inc. Inspiron N5110) (31-01-2024 09:52:47)
Running from C:\Users\Angel\Desktop\FRST64.exe
Loaded Profiles: Angel
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(explorer.exe ->) (Atheros Communications Inc. -> Atheros Communications) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <27>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Communications Inc. -> Atheros Communications) [File not signed]
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
HKLM\...\Print\Monitors\HP 622a Status Monitor: C:\Windows\system32\hpinksts622aLM.dll [468584 2018-08-05] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP LaserJet MFP M129-M134): C:\Windows\system32\HPDiscoPM622a.dll [987808 2022-03-09] (HP Inc. -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-09-19] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {E2BAD69E-7B01-4686-A875-EEB86ECBF505} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {47B2C1B1-A3A6-4CCA-BA90-E879E5FDCD6A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2023-09-19] (Adobe Inc. -> Adobe)
Task: {8379959D-9CAE-4A03-B8BA-F026ED6DF1C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2023-09-19] (Adobe Inc. -> Adobe)
Task: {159A8CDD-17B1-42BB-BBD6-942614756815} - System32\Tasks\GoogleUpdateTaskMachineCore{F3FF5B0A-275D-4E51-A229-61C9338643D4} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-09-19] (Google LLC -> Google LLC)
Task: {2F0834D9-11A3-424C-9B56-21C17B1E9B9C} - System32\Tasks\GoogleUpdateTaskMachineUA{9CC7007F-42AF-472A-839B-04D28BED366C} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2023-09-19] (Google LLC -> Google LLC)
Task: {A4E97081-C531-4AEF-9C64-3360F4C813A9} - System32\Tasks\HPCustPartic.exe_{5501D8EC-2302-4B9D-9E45-507227E04E5C} => C:\Program Files\HP\HP LaserJet MFP M129-M134\Bin\HPCustPartic.exe [6663328 2022-03-09] (HP Inc. -> HP Inc.)
Task: {1A94340A-C317-40C5-990A-EF23FB001C77} - System32\Tasks\HPCustParticipation HP LaserJet MFP M129-M134 => C:\Program Files\HP\HP LaserJet MFP M129-M134\Bin\HPCustPartic.exe [6663328 2022-03-09] (HP Inc. -> HP Inc.)
Task: {BDFF54D1-E555-4576-9EB7-578AA304D5A2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-09-11] () [File not signed]
Task: {6CE3F7D2-B191-4952-BA6D-64A3EE736FB5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24614400 2023-01-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {D9D70BDB-C3A5-4A66-9753-1FC6668E0808} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24614400 2023-01-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9392FCD8-FFE1-423B-8002-172CC90D19F7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [117144 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {62945215-C5AB-4954-9A5F-859CFD88B99D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [117144 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {72F4E03E-2365-4FDA-B01E-57D43F30D570} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4373984 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {24343C7A-2E45-459A-9088-937BC3F86EE4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4373984 2023-09-19] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{7EF593E1-C3DC-4BE1-BF00-A471F56D971F}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{7EF593E1-C3DC-4BE1-BF00-A471F56D971F}: [DhcpDomain] home
Tcpip\..\Interfaces\{7EF593E1-C3DC-4BE1-BF00-A471F56D971F}\45F6D61637B6F6: [DhcpNameServer] 192.168.3.100

Edge:
=======
Edge Profile: C:\Users\Angel\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-23]

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.391.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.391.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2023-11-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default [2024-01-31]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxps://www.google.sk/
CHR StartupUrls: Default -> "hxxp://www.google.sk/"
CHR Extension: (Adblock pre Youtube™) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2024-01-23]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-19]
CHR Extension: (AdBlock - najlepší blokovač reklám) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-01-30]
CHR Extension: (IE Tab) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2024-01-30]
CHR Extension: (Kontrola pošty Google) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2023-09-19]
CHR Extension: (Tipli do prehliadača) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpijoellhiljjmeeloljbehhhjkpijpb [2023-09-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-19]
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\System Profile [2023-12-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2023-09-19] (Adobe Inc. -> Adobe)
S3 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
S3 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-20] (Atheros Communications Inc. -> Atheros) [File not signed]
S3 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [80032 2011-05-20] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11139576 2023-01-02] (Microsoft Corporation -> Microsoft Corporation)
S3 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [305152 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme\kerneld.x64 [68376 2023-12-04] (FinalWire Kft. -> )
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2727424 2011-04-21] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [80384 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [181248 2010-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [535040 2011-09-08] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-31 09:52 - 2024-01-31 09:54 - 000012101 _____ C:\Users\Angel\Desktop\FRST.txt
2024-01-31 09:52 - 2024-01-31 09:53 - 000000000 ____D C:\FRST
2024-01-31 09:51 - 2024-01-31 09:51 - 002389504 _____ (Farbar) C:\Users\Angel\Desktop\FRST64.exe
2024-01-31 08:58 - 2024-01-31 08:58 - 000000000 ____D C:\Program Files\chrome_BITS_3288_96770304
2024-01-31 08:33 - 2024-01-31 08:33 - 000000000 ___RD C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2024-01-30 20:02 - 2024-01-30 20:02 - 000000000 ____D C:\Users\Angel\AppData\Roaming\AcGenral
2024-01-30 19:24 - 2024-01-30 19:24 - 000000000 ____D C:\Users\Angel\AppData\Roaming\WinRAR
2024-01-30 19:24 - 2024-01-30 19:24 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-01-30 19:24 - 2024-01-30 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-01-30 19:24 - 2024-01-30 19:24 - 000000000 ____D C:\Program Files\WinRAR
2024-01-30 19:14 - 2024-01-30 19:14 - 000001179 _____ C:\Users\Angel\Desktop\AIDA64 Extreme.lnk
2024-01-30 19:14 - 2024-01-30 19:14 - 000000000 ____D C:\Users\Angel\AppData\Roaming\Microsoft\HTML Help
2024-01-30 19:14 - 2024-01-30 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
2024-01-30 19:14 - 2024-01-30 19:14 - 000000000 ____D C:\Program Files (x86)\FinalWire

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-01-31 09:48 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2024-01-31 09:48 - 2009-07-14 05:45 - 000028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2024-01-31 08:42 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2024-01-31 08:42 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2024-01-31 08:33 - 2023-09-19 10:18 - 000000000 ____D C:\Users\Angel\Documents\Bluetooth Folder
2024-01-31 08:32 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-01-30 17:25 - 2009-07-14 04:20 - 000000000 __RHD C:\Users\Public\Libraries
2024-01-11 21:39 - 2010-11-21 04:27 - 000918944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2023-12-27 18:19
==================== End of FRST.txt ========================


Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27.01.2024 01
Ran by Angel (31-01-2024 09:54:17)
Running from C:\Users\Angel\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X64) (2023-09-19 09:01:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1401635152-1715574892-2262208522-500 - Administrator - Disabled)
Angel (S-1-5-21-1401635152-1715574892-2262208522-1000 - Administrator - Enabled) => C:\Users\Angel
Guest (S-1-5-21-1401635152-1715574892-2262208522-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1401635152-1715574892-2262208522-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 23.006.20380 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AIDA64 Extreme v7.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 7.00 - FinalWire Ltd.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.78.1094 - AB Team, d.o.o.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.8 on Visual Studio 2017 (HKLM-x32\...\{7556B2FA-6364-47EE-901D-12B23F78F382}) (Version: 4.8.04162 - Microsoft Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HP Dropbox Plugin (HKLM-x32\...\{71175310-91E7-49E9-A714-15151F839268}) (Version: 44.5.501.81934 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{1DE1A510-1B9F-409E-A586-34C6DB1EDF1F}) (Version: 44.5.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{8202C130-5331-4FA4-9B94-CD5B7D595971}) (Version: 44.5.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{C7242B1F-50CF-4C88-92C0-6012281B0E72}) (Version: 44.5.501.81934 - HP)
HP LaserJet MFP M129-M134 Basic Device Software (HKLM\...\{4E0832D5-6728-41B4-9D62-4B237F5C1A08}) (Version: 44.11.2775.2268 - HP Inc.)
HP OneDrive Plugin (HKLM-x32\...\{88B06412-906E-473D-B69B-71EB040F15F5}) (Version: 44.5.0.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{C3547CAA-C272-4A32-9A53-358892E9026B}) (Version: 44.5.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 391 (HKLM-x32\...\{71324AE4-039E-4CA4-87B4-2F32180391F0}) (Version: 8.0.3910.13 - Oracle Corporation)
K-Lite Mega Codec Pack 17.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.8.0 - KLCP)
KMPlayer 64X (remove only) (HKLM\...\KMPlayer 64X) (Version: 2023.8.25.12 - PandoraTV)
LM129 (HKLM-x32\...\{A2D25501-6F44-4CE2-9EFA-C9E5A0658FA9}) (Version: 0.00.0005 - HP)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 Developer Pack (HKLM-x32\...\{5d6d678e-102a-469e-9c8f-6161a7de2666}) (Version: 4.8.3928 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 SDK (HKLM-x32\...\{949C0535-171C-480F-9CF4-D25C9E60FE88}) (Version: 4.8.03928 - Microsoft Corporation)
Microsoft .NET Framework 4.8 Targeting Pack (ENU) (HKLM-x32\...\{A4EA9EE5-7CFF-4C5F-B159-B9B4E5D2BDE2}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32\...\{BAAF5851-0759-422D-A1E9-90061B597188}) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.50 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.12527.22286 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1401635152-1715574892-2262208522-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24123 (HKLM\...\{21134089-9B59-34C8-BE11-929D26AD5207}) (Version: 14.0.24123 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24123 (HKLM\...\{FDBE9DB4-7A91-3A28-B27E-705EF7CFAE57}) (Version: 14.0.24123 - Microsoft Corporation) Hidden
MPC-HC 1.9.24 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.9.24 - MPC-HC Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.22270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.22270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.22270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.12527.22270 - Microsoft Corporation) Hidden
Product Improvement Study for HP LaserJet MFP M129-M134 (HKLM\...\{00087596-A1AA-49A6-9743-0DF787B8F2CC}) (Version: 44.11.2775.2268 - HP Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Smart View (HKLM-x32\...\{1800D8A5-F7B2-4C20-868E-1CF55CBBDF21}) (Version: 1.0.0.0 - Samsung )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
WinRAR 6.24 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.24.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1401635152-1715574892-2262208522-1000\...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Atheros] -> [CC]{B8952421-0E55-400B-94A6-FA858FC0A39F} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [FTShellContext] -> [CC]{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-10-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-07-17] () [File not signed]
HKLM\...\Drivers32: [msacm.avis] => C:\Windows\SysWOW64\ff_acm.acm [47616 2014-07-17] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2011-05-20 10:15 - 2011-05-20 10:15 - 000061088 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthCopyHook.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 000044704 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BPP.DLL
2011-05-20 10:15 - 2011-05-20 10:15 - 000043680 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BTBIP.DLL
2011-05-20 10:15 - 2011-05-20 10:15 - 000029856 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtFileStore.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 000030368 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtFileStoreOpp.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 000207520 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtObexFt.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 000208544 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BTOBEXOP.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 000305824 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\filetransfer.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 000072864 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\goep.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 000079520 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\GOEP_bpp.DLL
2011-05-20 10:15 - 2011-05-20 10:15 - 000073888 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\GOEP_SINGLE.DLL
2011-05-20 10:15 - 2011-05-20 10:15 - 000079008 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Handsfree.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 000119456 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\L2capLib.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 000118944 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ObjPush.dll
2011-05-20 10:15 - 2011-05-20 10:15 - 002234016 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\OutLookLib.dll
2011-05-20 10:16 - 2011-05-20 10:16 - 000081056 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\RfcommLib.dll
2011-05-20 10:16 - 2011-05-20 10:16 - 000140448 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\skypeagent.dll
2011-05-20 10:16 - 2011-05-20 10:16 - 000066720 _____ (Atheros Communications Inc. -> Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Sync.dll
2023-09-19 10:18 - 2023-09-19 10:18 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_8a1e1b372ed7b012\ATL80.DLL
2023-09-19 10:18 - 2023-09-19 10:18 - 001658368 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_8448f49f328da8c3\MFC80.DLL
2023-09-19 10:18 - 2023-09-19 10:18 - 001654784 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_8448f49f328da8c3\MFC80U.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-05-20] (Atheros Communications Inc. -> Atheros Commnucations) [File not signed]
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll [2023-10-04] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2024-01-30 19:55 - 000001347 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 license.piriform.com
127.0.0.1 www.license.piriform.com
127.0.0.1 speccy.piriform.com
127.0.0.1 www.speccy.piriform.com
127.0.0.1 recuva.piriform.com
127.0.0.1 www.recuva.piriform.com
127.0.0.1 defraggler.piriform.com
127.0.0.1 www.defraggler.piriform.com
127.0.0.1 ccleaner.piriform.com
127.0.0.1 www.ccleaner.piriform.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
HKU\S-1-5-21-1401635152-1715574892-2262208522-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^Users^Angel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Poslat do aplikace OneNote.lnk => C:\Windows\pss\Poslat do aplikace OneNote.lnk.Startup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -update pepperplugin
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C7CE78A5-135A-4D23-BEC0-D4EAC966998F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8C8B68CB-FB75-4897-908D-64C0D8E5C3EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{53D77B2A-272B-492B-8380-1B5BB6509667}] => (Allow) C:\Users\Angel\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E6E50AA-0A1A-4A96-80DB-CC0CB7BC6DC3}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{930BF972-4D83-4BE8-A516-8372C2293843}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78920618-98F4-4CB4-80D7-5D8F87F6C330}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BAB577C-3FDC-4773-BEFF-6E840B353C36}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FD68C47C-5D1B-456A-855B-901724514003}] => (Allow) C:\Users\Angel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{E83A81DE-1DE4-4A41-97EB-50DEE64254A8}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [UDP Query User{2457B10F-7269-4C35-905E-D45C741F4391}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [File not signed]
FirewallRules: [{4765229C-F987-4C37-940D-FA7661977EEF}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M129-M134\bin\EWSProxy.exe (HP Inc. -> HP Inc.)
FirewallRules: [{E0E0BAF8-29B4-4480-905E-CDD91A5EF5CD}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M129-M134\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{5E143E90-1870-45DB-ACC7-76AF7CAB6EFF}] => (Allow) LPort=5357
FirewallRules: [{1F6A4FC7-939D-457B-97A0-98708E54D67A}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M129-M134\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{05ED408F-BFD1-4A27-95DD-824D0230183B}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M129-M134\bin\DigitalWizards.exe (HP Inc. -> HP Inc.)
FirewallRules: [{4EF5583A-5249-40C7-8FCF-B50F141370E0}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M129-M134\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.)

==================== Restore Points =========================

27-10-2023 17:08:56 Inštalácia balíka ovládačov zariadenia: TAP Provider V9 for Private Tunnel Sieťové adaptéry
27-10-2023 17:34:31 Windows Update
19-11-2023 19:52:37 Windows Update
29-11-2023 14:08:13 Plánovaný kontrolný bod
03-12-2023 17:43:05 Windows Update
27-12-2023 19:46:55 Plánovaný kontrolný bod
30-01-2024 20:05:56 Windows Update
30-01-2024 21:30:52 Windows Defender Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/31/2024 08:42:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/31/2024 08:42:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/31/2024 08:34:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/30/2024 09:30:51 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Prístup je odmietnutý..This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9b33ab40-8782-41cc-959a-979fa748c2be}

Error: (01/30/2024 08:34:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/30/2024 08:34:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/30/2024 08:28:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (01/30/2024 08:28:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.


System errors:
=============
Error: (01/31/2024 09:57:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (01/31/2024 08:37:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Windows Update sa pri spustení zablokovala.

Error: (01/31/2024 08:32:28 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Miestny adaptér Bluetooth zlyhal bližšie neurčeným spôsobom a nebude sa používať. Ovládač bol odstránený z pamäte.

Error: (01/30/2024 08:15:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CCleaner Performance Optimizer Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/03/2024 05:09:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 2 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/03/2024 05:09:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/03/2024 05:09:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Media Player - služba zdieľania v sieti sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/03/2024 05:09:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 0 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


Windows Defender:
================
Date: 2024-01-30 21:25:37.905
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=410516
Name:Spyware:PowerShell/Keylogger!pz
Severity:Vysoká
Category:Spyware
Path Found:containerfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{0D904DF0-5427-4290-8C47-0C340CF57F59}-CCleaner_Patch-XoRaX.rar;containerfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{2C4A1F1C-3771-4FAE-B9A4-0350F385D118}-CCleaner_Patch-XoRaX.rar;containerfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{B3F0EF98-2C7E-483D-AF7A-E360F077D588}-CCleaner_Patch-XoRaX.rar;file:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{0D904DF0-5427-4290-8C47-0C340CF57F59}-CCleaner_Patch-XoRaX.rar->CCleaner_Patch22.exe;file:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{2C4A1F1C-3771-4FAE-B9A4-0350F385D118}-CCleaner_Patch-XoRaX.rar->CCleaner_Patch22.exe;file:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{B3F0EF98-2C7E-483D-AF7A-E360F077D588}-CCleaner_Patch-XoRaX.rar->CCleaner_Patch22.exe
Detection Type:Concrete
Detection Source:User
Status:Unknown
Process Name:C:\Program Files\Windows Defender\MSASCui.exe

Date: 2024-01-30 20:19:54.094
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Full Scan

Date: 2024-01-30 20:19:47.448
Description:
Windows Defender scan has been stopped before completion.
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2024-01-30 19:38:37.309
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=410516
Name:Spyware:PowerShell/Keylogger!pz
Severity:Vysoká
Category:Spyware
Path Found:containerfile:C:\Users\Angel\Downloads\CCleaner_Patch-XoRaX.rar;file:C:\Users\Angel\Downloads\CCleaner_Patch-XoRaX.rar->CCleaner_Patch22.exe;filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{0D904DF0-5427-4290-8C47-0C340CF57F59}-CCleaner_Patch-XoRaX.rar;filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{B3F0EF98-2C7E-483D-AF7A-E360F077D588}-CCleaner_Patch-XoRaX.rar;webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{0D904DF0-5427-4290-8C47-0C340CF57F59}-CCleaner_Patch-XoRaX.rar|https://www.upload.ee/download/14000201 ... ft\Windows Defender\LocalCopy\{B3F0EF98-2C7E-483D-AF7A-E360F077D588}-CCleaner_Patch-XoRaX.rar|https://www.upload.ee/download/14000201 ... -XoRaX.rar|
Detection Type:Concrete
Detection Source:Downloads and attachments
Status:Unknown
Process Name:C:\Program Files\Google\Chrome\Application\chrome.exe

Date: 2024-01-30 19:37:17.429
Description:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid= ... tid=410516
Name:Spyware:PowerShell/Keylogger!pz
Severity:Vysoká
Category:Spyware
Path Found:containerfile:C:\Users\Angel\Downloads\CCleaner_Patch-XoRaX.rar;file:C:\Users\Angel\Downloads\CCleaner_Patch-XoRaX.rar->CCleaner_Patch22.exe;filelocalcopy:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{0D904DF0-5427-4290-8C47-0C340CF57F59}-CCleaner_Patch-XoRaX.rar;webfile:C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{0D904DF0-5427-4290-8C47-0C340CF57F59}-CCleaner_Patch-XoRaX.rar|https://www.upload.ee/download/14000201 ... -XoRaX.rar
Detection Type:Concrete
Detection Source:Downloads and attachments
Status:Unknown
Process Name:C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Memory info ===========================

BIOS: Dell Inc. A05 04/18/2011
Motherboard: Dell Inc. 034W60
Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz
Percentage of memory in use: 86%
Total physical RAM: 4003.18 MB
Available physical RAM: 551.41 MB
Total Virtual: 8004.5 MB
Available Virtual: 2135.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:146.92 GB) (Model: HGST HTS545050A7E380 ATA Device) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:242.68 GB) (Model: HGST HTS545050A7E380 ATA Device) NTFS

\\?\Volume{52fea778-56c9-11ee-8a7f-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 3189D448)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

[JaRon]

Ahoj,
doporucujem odinstalovat Ccleaner
prescanovat PC s MBAM - log sem
nainstalovat Ccleaner s doveryhodneho uloziska

[frenky335]

ccleaner som hned odinstaloval


log:
Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 31.01.24
Čas skenování: 11:49
Logovací soubor: 63eef680-c026-11ee-9867-ccaf783b6086.json

-Informace o softwaru-
Verze: 4.6.8.311
Verze komponentů: 1.0.2242
Aktualizovat verzi balíku komponent: 1.0.80334
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Eunika\Angel

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 250545
Zjištěné hrozby: 9
Hrozby umístěné do karantény: 9
Uplynulý čas: 3 hod, 52 min, 42 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 9
Keygen.CrackTool.RiskWare.DDS, D:\MOJE DOKUMENTY\OVLADACE\AIDA64 EXTREME EDITION V6.32.5600\CRD\KG.EXE, Smazání při restartu, 1000002, 0, 1.0.80334, B46C4CD18204EA24FE5B0802, dds, 02673184, A1FB5F50BD529A1FF4A05DD244D9C515, E0A88A77F3395359A70689BED9457326E5F672E9C306CDD32941E607665656D7
CrackTool.Agent.Keygen, D:\MOJE DOKUMENTY\OVLADACE\AIDA64.6\KEYGEN\KEYGEN.EXE, Smazání při restartu, 256, 767883, 1.0.80334, 58A100CECA5B0000E5DDB9CB, dds, 02673184, 1BF1F132BFC730F3CFE92F3A35532482, 4B8909AD23772907CB5E8BCFB32E96C360F56FCF7DCD064AA93A1882EE0A0F9B
CrackTool.Agent.Keygen, D:\MOJE DOKUMENTY\OVLADACE\AIDA64.6\KEYGEN.ZIP, Smazání při restartu, 256, 767883, 1.0.80334, 58A100CECA5B0000E5DDB9CB, dds, 02673184, 0F0999798D8ADE72ADB99CB1C8E9C5A0, 6E20C404A163C1A29A67AD11CB505DD66D46B2AC929DEF31A2B1D003F47BB79E
Generic.Trojan.Malicious.DDS, D:\MOJE DOKUMENTY\OVLADACE\KMSPICO INSTALL\KMSPICO_SETUP.EXE, Smazání při restartu, 1000002, 0, 1.0.80334, EAD161B364D7B4B10729A66A, dds, 02673184, 4B59F3AFF8D8505180172247D5343BDD, 508A09EFBAD41B19FAA239C50B099898164269237D41D976EBBB081F860BD557
Generic.Malware.AI.DDS, D:\MOJE DOKUMENTY\OVLADACE\MICROSOFT OFFICE 2016\AKTIVáCIA\KMSAUTO.EXE, Smazání při restartu, 1000002, 0, 1.0.80334, 3B8CB6335DCF126E351063D6, dds, 02673184, 4FB4CAECAB9B7C3FAE2AFFAE8DD38409, 3EB9879FF87E42654BAFB2AE0F3C6D9703AB9E67216822775268751E7166B8E2
Floxif.Virus.FileInfector.DDS, D:\MOJE DOKUMENTY\OVLADACE\MICROSOFT OFFICE 2016\MICROSOFT OFFICE 2016\SETUP OFFICE 2016.EXE, Smazání při restartu, 1000002, 0, 1.0.80334, DEB51A388B5446A3F4B3F68D, dds, 02673184, 39187DA04B3FA0A78C9F09B7468974A0, A98995A2DCD323A8D5EBC1C6E4C831631EC3E80FFBE99E21262DEF517A904565
HackKMS.HackTool.RiskWare.DDS, D:\MOJE DOKUMENTY\OVLADACE\MICROSOFT OFFICE PROFESSIONAL PLUS 2016\KMSAUTO NET 2015 V1.3.9 PORTABLE\KMSAUTO NET.EXE, Smazání při restartu, 1000002, 0, 1.0.80334, A7F7D889BE9B4346E469661C, dds, 02673184, B98A20223553CE6DD45F608289FF83D1, BB1B065FA1D69188E57B711CCAC8E32BE7F2C15B1C785762C57C4853D847D4EF
Generic.Malware.AI.DDS, D:\MOJE DOKUMENTY\OVLADACE\MICROSOFT OFFICE 2016\AKTIVáCIA.RAR, Smazání při restartu, 1000002, 0, 1.0.80334, 3B8CB6335DCF126E351063D6, dds, 02673184, A5A4F280FB2CF089AD6639E464AF90D2, BF17EEE51CA29361DEBAB83D2AA80D17EA9FED2E0D495192D930E0B00DDA3DC7
Keygen.CrackTool.RiskWare.DDS, D:\WEB\A64EE.RAR, Smazání při restartu, 1000002, 0, 1.0.80334, 609903B9EB89CB11EE2B57F1, dds, 02673184, 5ABFF45A6C13E9E81A5A5012F238DF76, 9B16155F8784D267A9D69F6AA5A66A56E29DD00876208E5FF5085EDA7C206174

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)






tie hrozby co naslo to su cracky a keygen co som pouzival davnejsie a stale to vypisuje ako hrozbu, su to veci stahnute z overeneho zdroja, kedze sa jedna o starse verzie programov ktore som pouzival niekedy davnejsie.
to je len moj nazor ked to ma byt hrozba pre mna tak to vymaze.
dakujem

[JaRon]

Najdene nechaj zmazat, nebudeme riesit co je viac alebo menej nebezpecne
Potom nainstaluj CCleaner a cycisti nim PC vcetne registrov a napis, ci su este nejake problemy?

[frenky335]

Vyčistil som to ako si písal.
Žiadne problémy zatiaľ niesu.
Je všetko teraz v poriadku, čo sa tyká toho čo našiel Defender? nehrozí mi nič?

[JaRon]

Malo by to byt OK
Ak by nieco, kludne sa zasa ozvi

[frenky335]

Dakujem za pomoc

[JaRon]

Rado sa stalo