Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.02.2024
Ran by vaclavdura (administrator) on DESKTOP-8JGI3AO (LENOVO 80T7) (25-02-2024 20:17:08)
Running from C:\Users\vaclavdura\Desktop\FRST64.exe
Loaded Profiles: vaclavdura
Platform: Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.147\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.147\BraveCrashHandler64.exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe ->) (MUSARUBRA US LLC -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(C:\Program Files\Elantech\ETDCtrl.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(C:\Program Files\Elantech\ETDService.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <8>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(services.exe ->) (LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\5.5.107.0\McCSPServiceHost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_22_12\mcapexe.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (MUSARUBRA US LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(services.exe ->) (Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(svchost.exe ->) (Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(svchost.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(svchost.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-02-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [BraveVpnWireguardService] => C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.162\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10868248 2024-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp. -> CyberLink Corp.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3383752800-3110023305-580978815-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\vaclavdura\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-3383752800-3110023305-580978815-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\vaclavdura\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-3383752800-3110023305-580978815-1001\...\Run: [MicrosoftEdgeAutoLaunch_B94319531039E58F98E543241952B1AD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3383752800-3110023305-580978815-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2848280 2024-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-3383752800-3110023305-580978815-1001\...\MountPoints2: {f06d41ed-158a-11ec-842b-784561eb90f0} - "F:\HiSuiteDownLoader.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\91.1.10672.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\121.0.6167.189\Installer\chrmstp.exe [2024-02-23] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.162\Installer\chrmstp.exe [2024-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6960.198\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {4A4D891D-99DB-4D07-8E40-3FD9E196E8E9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F97EE32E-A812-46A2-8FCB-4391F073CD33} - System32\Tasks\App Explorer => C:\Users\vaclavdura\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7890976 2022-05-23] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
Task: {BB1F1C46-E10F-408C-AF4B-6511F35EA432} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {5FC6DCD8-7498-4632-87F6-FC8DE39AB242} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{64437D57-262B-4DED-8600-EE60F7CF7000} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {59143D72-1BFF-4BD1-AD39-BB75C9A1F3EE} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{4DF1BA37-8B69-41CB-9E6D-6F69B8AECCFA} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {49D80DBB-016B-461A-9846-1A150DD9CB9E} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [745240 2016-04-22] (CyberLink Corp. -> CyberLink Corp.)
Task: {B54E051D-1312-46B6-BD21-C6F0990286FA} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{EFA39F3D-9B6D-4491-B835-B77F95824ACE} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
Task: {FC4617FB-3163-481C-9940-AE2353249ADE} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {B968E164-5D32-478C-B6BD-5F6B7C8AF2CF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {0F928BC1-CBAD-4933-80BA-1443F6C668C5} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {AA418731-8A8C-4D72-8A2A-81C622C0FE93} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\044a29fa-a73a-470b-9a60-9e440778f8d2 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {BA3A74A3-5396-4B9B-A211-B660648FFB64} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2d23e269-6cba-44e4-81b7-bcf9b81d749c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {A3491427-3E01-41AD-9E6B-70AE739BCF26} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\94b2e2ea-b52c-4edf-b440-10b560467110 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {57FE7515-DA4C-4D25-A0EE-010F16E05610} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b2ab5a1a-cf43-4793-a10e-61acb2ecb528 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {FD881B5D-1D66-4BC6-930D-A3E50E4502B5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eef48809-c0f0-4dcf-b333-b54975c3e09e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {C91AEEBC-C783-40CF-969F-17960212B897} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {D5FAC529-5080-456F-835E-DB8B8EB11B51} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {A42DA79C-43F2-4358-916D-6B039EE166B2} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {E7DF9F3B-3965-4A61-B472-27243F6733C7} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {C61DB6A5-3E4B-4332-8AE0-06E49C66D7E7} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {19135651-6611-414F-A727-DDE98F7DBB57} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {47735924-EC6B-4E23-B9D7-0CD0DD784F42} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {34013881-6245-4B50-AA18-D13072086C70} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {762953D3-0547-4D5E-B809-BC70843041D3} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {3C57BDCC-E091-4F36-8788-EA2F81B31F4E} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {75C57C9D-C98B-4DC3-8EBE-A50279F1CE63} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)
Task: {F750814F-3B54-4785-98BC-6DDA4B9C2060} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {516CDF10-A1FF-4655-8A80-5A075C0DC29C} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {9C22E9FC-7BFE-42A3-B900-566180FBAC98} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\ScheduleEventAction.exe [30176 2023-12-15] (Lenovo -> Lenovo)
Task: {2E7D4444-11A4-4BEC-837D-CD5EFF1F3E0D} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {3AE82E57-C35D-42C9-83CD-F17212B05874} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\uninstall.exe [311776 2023-12-15] (Lenovo -> Lenovo)
Task: {F84A25CA-2DC2-4318-8D35-714405E3C7A9} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4564016 2023-03-27] (McAfee, LLC -> McAfee, LLC)
Task: {942DA0C7-7EEF-4964-B459-BC2419ABDA75} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [931056 2023-02-20] (McAfee, LLC -> McAfee, LLC)
Task: {215F136B-FA45-4F62-9EA3-4195791A4FA1} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [931056 2023-02-20] (McAfee, LLC -> McAfee, LLC)
Task: {A0A8625B-8E2C-45CA-8409-9F1910A66243} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {1CF3137E-431C-4DE7-AD7C-7F14AB7FBA81} - System32\Tasks\McAfee\WPS\AntiTrackerTask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {D9D126D2-71C0-45BD-AF9F-A02DAD200F1B} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {D42AE8DB-6AD1-4D6C-811F-59CFDC17B96E} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {05D14C13-8FB8-4775-9EF0-2661ACF04B4D} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {180DD785-8237-4842-8903-9EB4F1C3CFA4} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {27182C15-5F91-4712-9AC1-C66725DF458D} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {9831F374-CF53-4EF0-99FC-F14159C56C68} - System32\Tasks\McAfee\WPS\tracker_remover => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {43986789-5F6E-4809-A1DD-C1450EE1B612} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [768288 2022-03-24] (McAfee, LLC -> McAfee, LLC)
Task: {F154993B-2A14-42BA-9514-4CC08693FCEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B61AFC88-BF95-4EC1-BB1D-3A3156FE7B67} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {65D7ADB3-01BB-4A8A-B776-5214F0EC3BA8} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B99CD503-7711-4712-8CB9-5FA8CE92FB4E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E91E168-A974-42CF-AE4F-92CB31AC3580} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5320861D-D78D-4F15-8D95-2C2C930629F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F8937283-FAF1-4A17-95D9-1C0380D58AFD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {380CE57D-18B3-4B29-A8DD-CAE7066AB5D6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4E2A1FBC-2508-4007-95AF-E67E17FE1600} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-09-11] (CyberLink Corp. -> CyberLink Corp.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d405ed12-3401-4a05-94f2-f5383d0c0d5f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d405ed12-3401-4a05-94f2-f5383d0c0d5f}\0556475627B6F66796: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{d405ed12-3401-4a05-94f2-f5383d0c0d5f}\35451425E45445F56457279637: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d405ed12-3401-4a05-94f2-f5383d0c0d5f}\94E6475627E65647F544731313: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d405ed12-3401-4a05-94f2-f5383d0c0d5f}\94E6475627E65647F544731313: [DhcpDomain] home
Tcpip\..\Interfaces\{de183c81-405c-489c-8316-acfd7e253e14}: [DhcpNameServer] 10.255.255.10 10.255.255.20 192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\vaclavdura\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-25]
Edge Notifications: Default -> hxxps://captchafine.lm.r.appspot.com
Edge StartupUrls: Default -> "hxxps://seznam.cz/"
Edge Extension: (Dokumenty Google offline) - C:\Users\vaclavdura\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-28]
Edge Extension: (Edge relevant text changes) - C:\Users\vaclavdura\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-28]
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2023-04-24] (McAfee, LLC -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2023-04-24] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\vaclavdura\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-01-30]
CHR StartupUrls: Profile 1 -> "hxxps://www.bing.com/?PC=FT01"
CHR DefaultSearchURL: Profile 1 -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E211CZ550G0&p={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> mcafee
CHR Extension: (Seznam doplněk - Email) - C:\Users\vaclavdura\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2023-01-25]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\vaclavdura\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-08-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\vaclavdura\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-30]
CHR Extension: (Avast Online Security & Privacy) - C:\Users\vaclavdura\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-01-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\vaclavdura\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-15]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\vaclavdura\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2021-02-15]
CHR Profile: C:\Users\vaclavdura\AppData\Local\Google\Chrome\User Data\System Profile [2021-02-15]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-3383752800-3110023305-580978815-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-3383752800-3110023305-580978815-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmojkbhnkkphngknkmgccmlenfaelkd]
CHR HKU\S-1-5-21-3383752800-3110023305-580978815-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
Brave:
=======
BRA Profile: C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-02-25]
BRA StartupUrls: Default -> "hxxp://google.com/"
BRA DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}&sourceid=62744&thru=quicksearch
BRA DefaultSearchKeyword: Default -> seznam
BRA DefaultSuggestURL: Default -> hxxps://suggest.seznam.cz/fulltext_ff?phrase={searchTerms}
BRA Extension: (Seznam Doplněk – Email) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2023-10-17]
BRA Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-04-24]
BRA Extension: (Avast Online Security & Privacy) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2023-01-13]
BRA Extension: (Seznam.cz) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2023-08-09]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-02-24]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-02-25]
BRA Extension: (Brave NTP background images) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-02]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-02-25]
BRA Extension: (Wallet Data Files Updater) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-23]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-02-25]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-10-22]
BRA Extension: (Brave NTP sponsored images) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\efkihffiamafhbhefjaljejgdpkelpal [2024-02-25]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-02-24]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2022-10-19]
BRA Extension: (Brave Ads Resources) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\iejekkikpddbbockoldagmfcdbffomfc [2024-02-24]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-02-25]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-10-19]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-01-28]
BRA Extension: (Brave Ad Block Updater (EasyList Czech and Slovak (plaintext))) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\oegebjahecghlckbhkmojgnpcgdeajdi [2024-01-28]
BRA Extension: (Brave Ad Block Updater (CZE, SVK: EasyList Czech and Slovak)) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\omkkefoeihpbpebhhbhmjekpnegokpbj [2022-10-22]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\vaclavdura\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-27]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-10-19] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.162\brave_vpn_helper.exe [2727448 2024-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.162\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10868248 2024-02-23] (Brave Software, Inc. -> Brave Software, Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [666608 2016-03-22] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1210352 2016-03-23] (LENOVO -> Lenovo)
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.0.52.0\LenovoVantageService.exe [34272 2023-12-15] (Lenovo -> Lenovo)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [889400 2024-02-14] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_22_12\McApExe.exe [815376 2023-06-20] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\5.5.107.0\McCSPServiceHost.exe [3384472 2023-02-28] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1226192 2023-04-05] (MUSARUBRA US LLC -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1226192 2023-04-05] (MUSARUBRA US LLC -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1226192 2023-04-05] (MUSARUBRA US LLC -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1571008 2023-04-03] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4248712 2022-10-14] (McAfee, LLC -> McAfee, LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-02-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.162\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [280064 2022-10-12] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-04-14] (Microsoft Corporation) [File not signed]
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [70880 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Trellix US LLC.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [491232 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Trellix US LLC.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [354016 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Trellix US LLC.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85456 2023-04-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Trellix US LLC.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [464080 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Trellix US LLC.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [949472 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Trellix US LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [106720 2022-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Trellix US LLC.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [233176 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Trellix US LLC.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2024-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2024-02-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2024-02-25] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-25 20:17 - 2024-02-25 20:21 - 000037291 _____ C:\Users\vaclavdura\Desktop\FRST.txt
2024-02-25 20:14 - 2024-02-25 20:19 - 000000000 ____D C:\FRST
2024-02-25 20:12 - 2024-02-25 20:11 - 002386944 _____ (Farbar) C:\Users\vaclavdura\Desktop\FRST64.exe
2024-02-25 20:09 - 2024-02-25 20:11 - 002386944 _____ (Farbar) C:\Users\vaclavdura\Downloads\FRST64.exe
2024-02-15 18:36 - 2024-02-15 18:36 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-15 18:34 - 2024-02-15 18:34 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-15 17:27 - 2024-02-15 17:27 - 000000000 ___HD C:\$WinREAgent
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-25 20:29 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-25 19:47 - 2017-02-17 06:46 - 000000000 __SHD C:\Users\vaclavdura\IntelGraphicsProfiles
2024-02-25 19:47 - 2017-02-17 06:43 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-02-25 18:23 - 2022-10-18 20:03 - 000000000 ____D C:\Program Files\McAfee
2024-02-25 18:23 - 2021-03-31 23:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-25 18:23 - 2021-03-31 23:12 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-25 18:23 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-02-25 18:23 - 2016-09-20 01:16 - 000000000 ____D C:\ProgramData\McAfee
2024-02-25 18:22 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-02-25 18:21 - 2021-03-31 23:22 - 000000000 ____D C:\Users\vaclavdura
2024-02-25 18:18 - 2020-11-02 04:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-02-25 18:12 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-25 18:08 - 2018-01-25 00:33 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-02-25 18:07 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-25 18:06 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-25 18:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-25 18:06 - 2018-01-26 18:51 - 000000000 ____D C:\Users\vaclavdura\AppData\Local\Packages
2024-02-25 18:01 - 2022-05-12 22:02 - 000000000 ____D C:\Users\vaclavdura\AppData\Local\D3DSCache
2024-02-25 17:57 - 2016-09-23 10:58 - 000000000 ____D C:\Program Files (x86)\Cisco
2024-02-25 17:53 - 2017-06-14 20:32 - 000000000 ____D C:\Program Files\CDBurnerXP
2024-02-25 17:32 - 2021-03-31 23:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-25 11:16 - 2020-11-16 00:05 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-24 21:54 - 2021-03-31 23:58 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-24 21:54 - 2021-03-31 23:58 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-24 00:41 - 2021-12-28 19:30 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-23 19:46 - 2022-10-19 10:03 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-02-23 19:46 - 2022-10-19 10:03 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2024-02-23 19:40 - 2017-03-02 16:00 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-19 19:10 - 2018-10-23 16:53 - 000000000 ____D C:\Users\vaclavdura\AppData\Local\CrashDumps
2024-02-18 11:54 - 2021-03-31 23:36 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-18 11:54 - 2019-12-07 15:41 - 000717850 _____ C:\WINDOWS\system32\perfh005.dat
2024-02-18 11:54 - 2019-12-07 15:41 - 000144992 _____ C:\WINDOWS\system32\perfc005.dat
2024-02-18 11:54 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-18 11:18 - 2016-09-20 01:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-02-17 13:14 - 2021-12-11 05:35 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3383752800-3110023305-580978815-1001
2024-02-17 13:14 - 2021-06-07 02:04 - 000002399 _____ C:\Users\vaclavdura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-17 13:14 - 2021-03-31 23:58 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3383752800-3110023305-580978815-1001
2024-02-16 03:54 - 2021-03-31 23:13 - 000432440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-16 03:49 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-15 18:57 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-15 18:34 - 2021-03-31 23:18 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-14 23:56 - 2017-02-18 16:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-14 23:27 - 2017-02-18 16:18 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
preventivka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
preventivka
- Přílohy
-
- Addition.rar
- (10.74 KiB) Staženo 17 x
Re: preventivka
ahoj,
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>
Kód: Vybrat vše
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3383752800-3110023305-580978815-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\vaclavdura\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-3383752800-3110023305-580978815-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\vaclavdura\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {4A4D891D-99DB-4D07-8E40-3FD9E196E8E9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F97EE32E-A812-46A2-8FCB-4391F073CD33} - System32\Tasks\App Explorer => C:\Users\vaclavdura\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7890976 2022-05-23] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
Task: {BB1F1C46-E10F-408C-AF4B-6511F35EA432} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {B54E051D-1312-46B6-BD21-C6F0990286FA} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem124.0.6315.0{EFA39F3D-9B6D-4491-B835-B77F95824ACE} => C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
Task: {FC4617FB-3163-481C-9940-AE2353249ADE} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {B968E164-5D32-478C-B6BD-5F6B7C8AF2CF} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {0F928BC1-CBAD-4933-80BA-1443F6C668C5} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {AA418731-8A8C-4D72-8A2A-81C622C0FE93} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\044a29fa-a73a-470b-9a60-9e440778f8d2 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {BA3A74A3-5396-4B9B-A211-B660648FFB64} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2d23e269-6cba-44e4-81b7-bcf9b81d749c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {A3491427-3E01-41AD-9E6B-70AE739BCF26} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\94b2e2ea-b52c-4edf-b440-10b560467110 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {57FE7515-DA4C-4D25-A0EE-010F16E05610} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b2ab5a1a-cf43-4793-a10e-61acb2ecb528 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {FD881B5D-1D66-4BC6-930D-A3E50E4502B5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\eef48809-c0f0-4dcf-b333-b54975c3e09e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {75C57C9D-C98B-4DC3-8EBE-A50279F1CE63} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)
Task: {2E7D4444-11A4-4BEC-837D-CD5EFF1F3E0D} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
S2 GoogleUpdaterInternalService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService124.0.6315.0; C:\Program Files (x86)\Google\GoogleUpdater\124.0.6315.0\updater.exe [4698400 2024-02-22] (Google LLC -> Google LLC) <==== ATTENTION
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.162\elevation_service.exe" [X]
EmptyTemp:
Reboot:
End
•Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txtFRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?