Dobrý den, poslední dobou se mi při přihlášení do počítače spouští podezželá skrytá aplikace. Po kliknutí zmizí, ale našel jsem její lokaci a onlineskcerey hlásí možný trojan. Zasílám log a prosím o kontrolu.
Díky
Marek
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by Parek (administrator) on PAREK-X360 (HP HP Spectre x360 Convertible 15-eb0xxx) (04-01-2025 14:15:37)
Running from C:\tmp\frst\FRST64.exe
Loaded Profiles: Parek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\EaseUS\ENS\ensserver.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrapExe.exe
(C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe <6>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> com.logitech) C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEM.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Parek\AppData\Local\Google\Chrome\Application\chrome.exe <41>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Broadcom Inc -> ) C:\Windows\System32\bcmUshUpgradeService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostControlService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostStorageService.exe
(services.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952720 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2024-04-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [com.messenger] => "C:\Users\Parek\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [GoogleUpdaterTaskUser132.0.6833.0] => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-02] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\RunOnce: [fghfbbc] => C:\hcghfce\AutoIt3.exe [943784 2025-01-01] (AutoIt Consulting Ltd -> AutoIt Team) <==== ATTENTION
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\RunOnce: [hcegbgh] => C:\hbeaegc\AutoIt3.exe [943784 2024-12-18] (AutoIt Consulting Ltd -> AutoIt Team) <==== ATTENTION
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [1829376 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1879552 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-02] (pdfforge GmbH) [File not signed]
Startup: C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-12-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7D108C1A-E51E-4A67-B337-339A2BC0F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Task: {F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846} - System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {4D8A0455-E1FD-41E6-AD7A-E04FE99B81ED} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Users\Parek\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {BA9DC40E-7CA2-48EB-9706-358A2FF4AFBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {833EEEBE-1ABD-4D6F-B1C8-A37D31A6F13E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70279CCA-5CEF-4B0B-B0D7-4725EC155553} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B87A016-3F33-4624-98A7-3DC97FB16301} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB9976A5-C8FC-4DE8-91FC-A58C9018ACEE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [186992 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DEE9340-7628-4F3D-AB71-6927A2B485C5} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe [7885824 2024-10-31] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {BEF3B4AD-35C1-4954-97E4-BF89EF19E975} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6C6130B-A6F8-4BC6-9D55-6F7DBFDB31AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CD9905F-5A6C-4D6E-BB4F-79512D2F28D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56F94A1C-C40E-438E-88FA-B626623D768F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1781271-B23F-4A85-A2CA-0E59B1B84CB4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8105478-0A37-45EC-8D69-35DF0BF2FC5B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\368616368616: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\84F64756C6F564275656: [DhcpNameServer] 185.75.138.254 185.75.138.253
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{9cc330eb-c712-4df8-a8a7-ad3bb867bef7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpDomain] home
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\5436F6665756C6: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\B6271626963656: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Profile 3
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2025-01-02]
Edge Notifications: Profile 3 -> hxxps://calendar.google.com; hxxps://www.messenger.com
Edge HomePage: Profile 3 -> hxxp://www.google.com
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
Edge Session Restore: Profile 3 -> is enabled.
Edge Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-10-23]
Edge Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cllnohpbfenopiakdcjmjcbaeapmkcdl [2024-09-11]
Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2024-09-11]
Edge Extension: (Popup View for Google™ Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cpogidebfcfffnbjlmoknfpemngaijdj [2024-09-11]
Edge Extension: (change-language) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fancfknaplihpclbhbpclnmmjcjanbaf [2024-12-18]
Edge Extension: (Google Translate in Right Click) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fcoongackakfdmiincikmjgkedcgjkdp [2024-09-11]
Edge Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-09-11]
Edge Extension: (Microsoft S/MIME) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gamjhjfeblghkihfjdpmbpajhlpmobbp [2024-09-11]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-02]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-18]
Edge Extension: (Coinbase Wallet extension) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2024-12-21]
Edge Extension: (OneTab) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2024-09-11]
Edge Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-09-11]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2025-01-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-11]
Edge Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\pnfonnnmfjnpfgagnklfaccicnnjcdkm [2024-12-04]
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2024-12-29]
Edge Session Restore: Profile 4 -> is enabled.
Edge Extension: (lock) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-12-27]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-27]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-12-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-03]
FireFox:
========
FF HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2024-09-13] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default [2025-01-04]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Entanglement Web App) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2024-12-18]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2024-12-18]
CHR Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-12-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-18]
CHR Extension: (OneTab) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-12-18]
CHR Extension: (Google Tips) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2024-12-18]
CHR Extension: (change-language) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2024-12-18]
CHR Extension: (Enhancer for Telegram™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafiggkhlbbhfcpgggcfeeoliillkabn [2024-12-18]
CHR Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-18]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2024-12-27]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2024-12-18]
CHR Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2024-12-18]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-12-18]
CHR Extension: (Dropbox) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2024-12-18]
CHR Extension: (Grepolis) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2024-12-18]
CHR Extension: (OneDrive) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2024-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-18]
CHR Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-12-31]
CHR Extension: (Drive Files to OneDrive™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcagpleiioillikneeillgemaanajfae [2024-12-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-03-30] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-08-16] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 EPMVssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{932D84CE-BAED-40E7-9D8C-43419DE47389} [22384 2023-12-04] (Microsoft Windows -> Microsoft Corporation)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [110098 2016-06-23] (Fortinet Inc.) [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 hostcontrolsvc; C:\Windows\System32\bcmHostControlService.exe [840416 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 hoststoragesvc; C:\Windows\System32\bcmHostStorageService.exe [176864 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [19903384 2024-12-18] (Logitech Inc -> Logitech, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [256856 2024-03-15] (Intel Corporation -> Intel Corporation)
R2 ushupgradesvc; C:\Windows\System32\bcmUshUpgradeService.exe [333064 2023-07-05] (Broadcom Inc -> )
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ddmdrv; C:\Windows\SysWOW64\ddmdrv.sys [34216 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm660.sys [150336 2023-10-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 DPMDriver; C:\Windows\System32\drivers\DPMDriver.sys [139680 2022-12-08] (IndiLogic LLC -> Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_7e337195b92a35b6\e1d.sys [611936 2023-08-31] (Intel Corporation -> Intel Corporation)
S3 epmdkdrv; C:\Windows\system32\epmdkdrv.sys [27728 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\Windows\System32\drivers\EUDCPEPM.sys [76344 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [24656 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [40016 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 MpKsl2b646de8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90D97141-EBF4-444F-9315-129685159F02}\MpKslDrv.sys [267552 2025-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 pppop; C:\Windows\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1169096 2023-06-15] (Realtek Semiconductor Corp. -> Realtek Corporation)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_fd307d9242e9056e\WiManH\WiManH.sys [182864 2023-11-09] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 14:15 - 2025-01-04 14:15 - 000000000 ____D C:\FRST
2025-01-04 14:05 - 2025-01-04 14:05 - 002833136 _____ (Malwarebytes) C:\Users\Parek\Downloads\MBSetup.exe
2025-01-02 20:18 - 2025-01-02 20:18 - 000000389 _____ C:\Users\Parek\OneDrive\Desktop\Kingdom Come Deliverance.url
2025-01-02 19:24 - 2025-01-02 19:24 - 000000000 ____D C:\Program Files\Epic Games
2025-01-02 19:22 - 2025-01-03 23:40 - 000000000 ____D C:\Users\Parek\AppData\Local\Epic Games
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngineLauncher
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\EpicGamesLauncher
2025-01-02 19:21 - 2025-01-02 19:23 - 000000000 ____D C:\ProgramData\Epic
2025-01-02 19:21 - 2025-01-02 19:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-02 19:21 - 2025-01-02 19:21 - 203468800 _____ C:\Users\Parek\Downloads\EpicInstaller-17.2.0.msi
2025-01-02 19:21 - 2025-01-02 19:21 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-02 17:48 - 2025-01-02 17:48 - 000150411 _____ C:\Users\Parek\Downloads\zakazane_zasilky_obecne_CZ.pdf
2025-01-01 19:38 - 2025-01-01 19:38 - 070486104 _____ C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00.exe
2025-01-01 19:38 - 2025-01-01 19:38 - 000000000 ____D C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00
2024-12-31 00:19 - 2024-12-31 00:19 - 000002410 _____ C:\Users\Parek\OneDrive\Desktop\Quake 4.lnk
2024-12-30 23:52 - 2025-01-02 19:23 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA Corporation
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\AppData\Roaming\NVIDIA
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\ansel
2024-12-30 16:53 - 2024-12-30 16:53 - 000000802 _____ C:\Users\Parek\OneDrive\Desktop\Manor Lords.lnk
2024-12-30 11:18 - 2024-12-30 11:18 - 000000000 ____D C:\Users\Parek\AppData\Local\ManorLords
2024-12-30 00:12 - 2024-12-30 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[K-Repack]
2024-12-29 18:10 - 2024-12-29 18:10 - 000000852 _____ C:\Users\Parek\OneDrive\Desktop\Warcraft I Remastered.lnk
2024-12-28 00:18 - 2024-12-28 13:53 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Mount and Blade II Bannerlord
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2024-12-27 23:29 - 2024-12-27 23:29 - 000000000 ____D C:\ProgramData\GOG.com
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-27 10:45 - 2024-12-27 10:45 - 003243852 _____ C:\Windows\Minidump\122724-12703-01.dmp
2024-12-25 11:25 - 2024-12-25 11:25 - 000000000 ____D C:\Users\Parek\AppData\Local\CrashDumps
2024-12-23 08:30 - 2024-12-23 08:31 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\CnCRemastered
2024-12-23 08:30 - 2024-12-23 08:30 - 000000000 ____D C:\Users\Parek\AppData\Roaming\CnCRemastered
2024-12-23 08:26 - 2024-12-23 08:26 - 000000000 ___HD C:\temp
2024-12-23 08:21 - 2024-12-23 08:21 - 000001045 _____ C:\Users\Parek\OneDrive\Desktop\Command and Conquer Remastered Collection.lnk
2024-12-23 08:21 - 2024-12-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2024-12-23 08:18 - 2024-12-24 11:09 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Notepad++
2024-12-23 08:18 - 2024-12-23 08:18 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-12-23 08:18 - 2024-12-23 08:18 - 000000000 ____D C:\Program Files\Notepad++
2024-12-23 08:17 - 2024-12-23 08:17 - 006652296 _____ (Don HO don.h@free.fr) C:\Users\Parek\Downloads\npp.8.7.4.Installer.x64.exe
2024-12-22 09:43 - 2024-12-22 09:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\FileZilla
2024-12-22 09:43 - 2024-12-22 09:46 - 000000000 ____D C:\Users\Parek\AppData\Local\FileZilla
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-12-22 09:11 - 2024-12-22 09:13 - 000000000 ____D C:\VMs
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Roaming\VMware
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Local\VMware
2024-12-22 09:09 - 2025-01-04 06:14 - 000000000 ____D C:\ProgramData\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000817478 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files (x86)\VMware
2024-12-22 09:09 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2024-12-22 09:09 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-12-22 09:09 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2024-12-22 09:02 - 2024-12-24 12:09 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Zero Hour Data
2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-22 08:38 - 2024-12-22 08:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\SpellForce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-20 17:23 - 2024-12-20 17:23 - 000000000 ___HD C:\$WinREAgent
2024-12-20 17:07 - 2024-12-20 17:07 - 000099732 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ARGENTINSKÁ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-20 17:06 - 2024-12-20 17:06 - 000084202 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ŽELEZNIČÁŘŮ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-12-19 07:49 - 2024-12-19 07:49 - 000000000 ____D C:\Program Files\Logi
2024-12-19 07:47 - 2024-12-19 07:48 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-12-19 07:47 - 2024-12-19 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 22:00 - 2024-12-18 22:01 - 000000000 ____D C:\Users\Parek\AppData\Local\keraP
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-20 17:00 - 000002502 _____ C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-20 17:00 - 000002471 _____ C:\Users\Parek\OneDrive\Desktop\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:57 - 2024-12-18 21:57 - 164068399 _____ (Wpf) C:\Users\Parek\Downloads\GoogleChrome.exe
2024-12-18 21:53 - 2024-12-18 00:13 - 000000717 _____ C:\Users\Parek\OneDrive\Desktop\Age of Empires IV.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 14:15 - 2024-09-09 20:13 - 000000000 ____D C:\tmp
2025-01-04 14:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2025-01-04 14:15 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-01-04 13:48 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-04 13:34 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Local\LogiOptionsPlus
2025-01-04 13:34 - 2024-09-09 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-04 13:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-04 06:22 - 2024-09-09 18:38 - 000799974 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-04 06:15 - 2024-09-09 18:51 - 000000000 __SHD C:\Users\Parek\IntelGraphicsProfiles
2025-01-04 06:15 - 2024-09-09 18:40 - 000000000 ___RD C:\Users\Parek\OneDrive
2025-01-04 06:14 - 2024-10-27 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-04 06:14 - 2024-09-09 18:51 - 000000000 ____D C:\Intel
2025-01-04 06:14 - 2024-09-09 18:30 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-04 06:14 - 2024-09-09 18:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-04 06:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-01-04 00:17 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-01-03 20:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-01-03 20:09 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Záruční listy
2025-01-02 19:23 - 2024-09-14 11:32 - 000000000 ____D C:\GOG Games
2025-01-02 19:23 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-02 19:22 - 2024-09-15 13:09 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngine
2025-01-02 17:58 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\Packages
2025-01-01 19:44 - 2024-09-26 16:22 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Word
2025-01-01 19:39 - 2024-09-18 17:55 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Excel
2024-12-31 15:55 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Rodina
2024-12-31 00:22 - 2024-09-13 20:08 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Free Download Manager
2024-12-30 23:51 - 2024-09-09 18:37 - 000000000 ____D C:\Users\Parek
2024-12-30 11:18 - 2024-09-09 18:48 - 000000000 ____D C:\Users\Parek\AppData\Local\D3DSCache
2024-12-30 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 00:05 - 2024-09-14 18:30 - 000000000 ____D C:\Games
2024-12-29 23:06 - 2024-11-11 18:36 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2024-12-29 23:05 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\My Games
2024-12-29 13:58 - 2024-11-02 19:58 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-12-27 10:45 - 2024-10-11 16:42 - 1482165546 _____ C:\Windows\MEMORY.DMP
2024-12-27 10:45 - 2024-10-11 16:42 - 000000000 ____D C:\Windows\Minidump
2024-12-23 08:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-23 06:08 - 2024-09-09 18:30 - 000479088 _____ C:\Windows\system32\FNTCACHE.DAT
2024-12-22 16:31 - 2024-09-28 20:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-12-22 16:06 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Data
2024-12-22 09:25 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Roaming\logioptionsplus
2024-12-22 08:46 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\VirtualStore
2024-12-22 08:35 - 2023-12-04 03:56 - 000000000 ____D C:\Windows\SystemTemp
2024-12-21 11:58 - 2024-09-09 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-21 11:57 - 2024-09-09 18:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 11:57 - 2024-09-09 18:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-12-20 17:36 - 2024-09-09 18:44 - 000000000 ____D C:\Users\Parek\AppData\Local\PlaceholderTileLogoFolder
2024-12-20 17:34 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2024-12-20 17:33 - 2024-09-09 18:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-12-20 17:26 - 2024-09-13 19:55 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-12-20 17:25 - 2024-09-09 19:17 - 000000000 ____D C:\Windows\system32\compatrel
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2024-12-18 22:05 - 2024-09-11 19:49 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-18 22:01 - 2024-09-13 20:29 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-12-18 22:01 - 2024-09-13 20:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-18 21:53 - 2024-09-09 19:40 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Jízdenky
2024-12-18 21:52 - 2024-09-11 19:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-12-18 21:52 - 2024-09-11 19:59 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-18 21:52 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Vstupenky
2024-12-18 21:52 - 2024-09-09 19:22 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001
2024-12-14 20:34 - 2024-09-09 19:39 - 000002424 _____ C:\Users\Parek\OneDrive\Dokumenty\Default.rdp
==================== Files in the root of some directories ========
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-11-21 21:24 - 2024-11-21 21:24 - 000000024 _____ () C:\Users\Parek\AppData\Roaming\epm_user.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (04-01-2025 14:17:32)
Running from C:\tmp\frst
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2024-09-09 17:32:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3391527302-3298552988-2452015091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3391527302-3298552988-2452015091-503 - Limited - Disabled)
Guest (S-1-5-21-3391527302-3298552988-2452015091-501 - Limited - Disabled)
Parek (S-1-5-21-3391527302-3298552988-2452015091-1001 - Administrator - Enabled) => C:\Users\Parek
WDAGUtilityAccount (S-1-5-21-3391527302-3298552988-2452015091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.08 (x64) (HKLM\...\7-Zip) (Version: 24.08 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.6.1 (HKLM-x32\...\AOMEI Partition Assistant_is1) (Version: 9.6.1 - RePack 9649)
Apple Mobile Device Support (HKLM\...\{336D80E8-E773-4B6F-BCAB-D291F34A6685}) (Version: 17.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2024.11.1 - Bitwarden Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command and Conquer Remastered Collection (HKLM-x32\...\Command and Conquer Remastered Collection_is1) (Version: - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
DisplayLink Graphics (HKLM\...\{FF7B0409-B387-4215-B575-7971A6B57F5D}) (Version: 11.2.3146.0 - DisplayLink Corp.)
EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
FileZilla 3.68.1 (HKLM-x32\...\FileZilla Client) (Version: 3.68.1 - Tim Kosse)
FortiClient (HKLM\...\{B611B858-9363-42FC-AE47-3430D54CCE1B}) (Version: 5.4.1.0840 - Fortinet Inc)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeTube 0.21.3 (HKLM\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.21.3 - PrestonN)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
iTunes (HKLM\...\{DA2C65E7-7091-46AD-A10F-AC34207C33B9}) (Version: 12.13.2.3 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.85.655119 - Logitech)
Logi Plugin Service (HKLM\...\{2751BCA2-7FA8-4CDF-A240-A53F46183755}) (Version: 6.0.2.21145 - Logitech)
Manor Lords [K] (HKLM\...\Manor Lords [K]_is1) (Version: 0.8.004 - K-Repack)
Messenger (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft S/MIME Control for Outlook on the web for Edge/Chrome (HKLM-x32\...\{80C59609-6400-4E37-A0F4-BAF6D3725E60}) (Version: 15.21.18833 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (HKLM-x32\...\{3D6AD258-61EA-35F5-812C-B7A02152996E}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (HKLM-x32\...\{E7D4E834-93EB-351F-B8FB-82CDAE623003}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
MiniTool Partition Wizard v12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited (RePack by Dodakaedr))
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.4 - Notepad++ Team)
NVIDIA Graphics Driver 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Název spolecnosti:)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roblox Player for Parek (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-07] (HP Inc.)
Bitwarden -> C:\Program Files\WindowsApps\bitwarden.com-8AD4A5AF_1.0.0.1_neutral__cm1p359qmnrhw [2024-11-17] (bitwarden.com)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16001.0_x64__8wekyb3d8bbwe [2024-11-14] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-28] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2024-09-09] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Parek\AppData\Local\Google\Chrome\Application\131.0.6778.205\notification_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53b77523eaecddc1\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39a55e8d68262d97\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2024-11-21 21:14 - 2021-09-26 08:58 - 000194048 _____ () [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssh2.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000552978 _____ () [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-06-23 14:25 - 2016-06-23 14:25 - 000145426 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiSkin.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000291346 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiTrayResc.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000061458 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\libcfg.dll
2016-06-23 14:24 - 2016-06-23 14:24 - 000408082 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sslvpnlib.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000716818 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\utilsdll.dll
2024-11-21 21:14 - 2022-08-16 13:11 - 000509064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrap.DLL
2024-11-21 21:14 - 2022-08-16 13:12 - 000141448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\EnsHelper.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000098440 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\register.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000461448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\wpnr.dll
2024-11-21 21:14 - 2022-08-16 13:10 - 000066696 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master\DC\bin\x64\VssEaseusProvider.dll
2024-09-12 08:22 - 2024-08-11 14:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2024-11-02 15:49 - 2024-11-02 15:49 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000428544 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcurl.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 002523136 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcrypto-1_1.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000531456 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssl-1_1.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-12-03] (Softdeluxe Ltd. -> FreeDownloadManager.ORG)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\sharepoint.com -> hxxps://cgiitczech-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2024-11-21 21:12 - 000001013 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 track.easeus.com
127.0.0.1 66.39.112.91
127.0.0.1 216.92.151.227
127.0.0.1 216.92.61.7
127.0.0.1 update.easeus.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parek\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5628546655569156232\133804189297507593.jpg
DNS Servers: 192.168.1.99 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: PPPoP WAN Adapter -> pppop64.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
Ethernet 5: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Bluetooth Network Connection 2: Bluetooth Device (Personal Area Network) #2 -> bthpan.sys
Wi-Fi 2: Intel(R) Wi-Fi 6 AX201 160MHz #2 -> Netwtw10.sys
vmware_bridge: VMware Bridge Protocol
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4564D46C-8D38-48BA-A007-A5A5BE88242B}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{41E1167F-3364-43BA-8FD4-CD4286495171}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{B605F3CE-F421-4095-AAD9-6D20C57681DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4B000B3-904A-42CF-9005-45CC68DD1420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70B53AB0-0A4B-4F73-85F4-BDBC6792DC96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65B472B7-0627-4046-B1A0-F83EE5E4D876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB474E93-F508-4AA5-9A92-AE6023993BF1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{0FF19C45-E2FF-4F3C-B64A-66DE5FB73C85}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [{A8DA1959-2F69-4F6F-8A4A-33AF116C36DD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{5C4EE56C-14B3-42BD-929F-32B8003C0185}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{D84EE90D-1170-404F-BE48-A33DFF713D0E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{94DF1953-2C5D-4E9F-8E79-735582A4AD95}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [{AA429FCB-F2DE-4C4D-B278-29D9839A93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61FE3BD0-CC98-4AE6-9D2B-DA7E50239E8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC288BE1-A23B-4AE8-9047-909B0A709F1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{817A5C39-085D-4904-8DBF-EB7D37B3F37A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{525CCC00-F7A1-40AE-A563-DA8B9887D8C7}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1646C64-12E6-4B1E-B9D1-1C56DE874437}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA882022-3AD7-4409-BE01-6EABF84C292B}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{2FF10A1E-FF78-41BB-BAFE-B104E1D8AF6F}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [TCP Query User{267035D8-1E6C-40E0-9568-1AEF128DABBE}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A4118F8-9177-4F9D-95FD-2EA08149BEF1}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{070347D7-6B2A-4EEE-8F81-9213C3BB149E}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{93674AC2-0603-4D1A-B42D-A26F2D7C2AC0}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [{78CEA249-073D-4BD4-BDFD-29892C9082BA}] => (Block) %SystemDrive%\Games\A Year Of Rain\AYearOfRain.exe => No File
FirewallRules: [TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [{9B8B03A9-E587-4334-8DB8-3F7939DD9373}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{601241F7-DFD0-4897-88F1-31B659D95982}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{EEB4A53F-1E83-4326-A5AD-AA8D67782882}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{081C13DE-EC20-470B-8D04-843D4614AB13}] => (Allow) C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe (LoupeDeck Oy -> Logitech)
FirewallRules: [{E68DA63B-55DD-4BC1-831A-0C3A7C66C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34917D7B-78AB-4E05-9754-E5C791C5B7FD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{03ECE3F8-8C0E-4F9A-9384-A83BEB323DCE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2BEBBB9B-FF0A-49C6-B7A1-A38E515331D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A25797-8C46-4DC1-9FFA-609ADFFCFAC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{533199E0-ECCE-4AF1-A37F-1C5F0E346838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{257C9E53-0817-460B-8F96-A3FB08031119}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{78C4BA2D-3FFD-4F66-97AD-3E446D4F6F58}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{3E0F1D1E-41FB-4213-88E7-1435BE3ECE71}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:607.6 GB) (Free:93.46 GB) (15%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Parek-x360.local already in use; will try Parek-x360-2.local instead
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 16 Parek-x360.local. AAAA FE80:0000:0000:0000:35F5:766E:A520:38EF
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:35F5:766E:A520:38EF:5353 4 Parek-x360.local. Addr 169.254.190.111
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (12/26/2024 11:41:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
System errors:
=============
Error: (01/04/2025 01:34:46 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {56a4f8e4-1b78-48df-9515-e310e95634d6}, had event 74
Error: (01/04/2025 06:14:47 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Error: (01/04/2025 06:14:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/04/2025 06:14:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2025-01-04 13:34:47
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {47FE5F70-936A-4FBB-B4CD-DBCE6F10249B}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-04 00:17:01
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {9FD109FC-AAD0-403F-94CC-35C23A9C6CE9}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:11:43
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {BEBA0D7A-EF75-42EB-A344-F6DB0A603CCE}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-01 01:45:29
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {41A867D5-8F54-4908-AF99-ADC52EE25692}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-30 08:25:50
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {8D4740D1-60F7-4DEB-882D-F790AEBE7A03}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Backup
Kód chyby: 0x80004004
Popis chyby: Operation aborted
Verze bezpečnostních informací: 1.419.377.0;1.419.377.0
Verze modulu: 1.1.24080.9
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Current
Kód chyby: 0x80501102
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Verze bezpečnostních informací: 1.419.387.0;1.419.387.0
Verze modulu: 1.1.24080.9
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80240022
Popis chyby: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2025-01-04 14:18:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2025-01-04 14:03:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.20 04/22/2024
Motherboard: HP 86E7
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 16081.58 MB
Available physical RAM: 6434.54 MB
Total Virtual: 18513.58 MB
Available Virtual: 7815.56 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:607.6 GB) (Free:93.46 GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
\\?\Volume{9025fdea-f346-417e-ab2c-5c0e7875a15c}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{a84bcc09-f93f-421e-aed0-9893fe441ab6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f5916b01-d3c0-46d7-ab8a-bd0b50faedd8}\ () (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{d2562ee7-52f9-49c2-8814-aab90d85c24d}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1788.5 GB) (Disk ID: 0DBB4B75)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Díky za pomoc, zde je log:
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-04-2025
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.5247)
# Cleaned: 6
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted banggood.com
Deleted http://websearch.thesearchpage.info/?pi ... E&unqvl=74
Deleted http://www.mystartsearch.com/?type=hp&t ... SAF780112A
Deleted http://www.mystartsearch.com/?type=hp&t ... SAF780112A
Deleted http://www.mystartsearch.com/?type=hp&t ... SAF780112A
Deleted http://www.mystartsearch.com/?type=hp&t ... SAF780112A
Not Deleted WebSearch
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2574 octets] - [04/01/2025 17:15:17]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-04-2025
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.5247)
# Cleaned: 6
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted banggood.com
Deleted http://websearch.thesearchpage.info/?pi ... E&unqvl=74
Deleted http://www.mystartsearch.com/?type=hp&t ... SAF780112A
Deleted http://www.mystartsearch.com/?type=hp&t ... SAF780112A
Deleted http://www.mystartsearch.com/?type=hp&t ... SAF780112A
Deleted http://www.mystartsearch.com/?type=hp&t ... SAF780112A
Not Deleted WebSearch
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2574 octets] - [04/01/2025 17:15:17]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Zde jsou.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by Parek (administrator) on PAREK-X360 (HP HP Spectre x360 Convertible 15-eb0xxx) (04-01-2025 19:09:48)
Running from C:\tmp\frst\FRST64.exe
Loaded Profiles: Parek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe <6>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> com.logitech) C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\BridgeCommunication.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Parek\AppData\Local\Google\Chrome\Application\chrome.exe <20>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <2>
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952720 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2024-04-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [com.messenger] => "C:\Users\Parek\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [GoogleUpdaterTaskUser132.0.6833.0] => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-02] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [1829376 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1879552 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-02] (pdfforge GmbH) [File not signed]
Startup: C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-12-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7D108C1A-E51E-4A67-B337-339A2BC0F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Task: {0CA436D0-5B09-46E2-96B6-A94B8B79004B} - System32\Tasks\CCleanerCrashReporting => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Users\Parek\Downloads\ccsetup631\LOG" --programpath "C:\Users\Parek\Downloads\ccsetup631" --guid "" --version "6.31.11415" --silent
Task: {F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846} - System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {4D8A0455-E1FD-41E6-AD7A-E04FE99B81ED} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Users\Parek\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {BA9DC40E-7CA2-48EB-9706-358A2FF4AFBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {833EEEBE-1ABD-4D6F-B1C8-A37D31A6F13E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70279CCA-5CEF-4B0B-B0D7-4725EC155553} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B87A016-3F33-4624-98A7-3DC97FB16301} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB9976A5-C8FC-4DE8-91FC-A58C9018ACEE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [186992 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DEE9340-7628-4F3D-AB71-6927A2B485C5} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe [7885824 2024-10-31] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {BEF3B4AD-35C1-4954-97E4-BF89EF19E975} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6C6130B-A6F8-4BC6-9D55-6F7DBFDB31AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CD9905F-5A6C-4D6E-BB4F-79512D2F28D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56F94A1C-C40E-438E-88FA-B626623D768F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1781271-B23F-4A85-A2CA-0E59B1B84CB4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8105478-0A37-45EC-8D69-35DF0BF2FC5B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\368616368616: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\84F64756C6F564275656: [DhcpNameServer] 185.75.138.254 185.75.138.253
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{9cc330eb-c712-4df8-a8a7-ad3bb867bef7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpDomain] home
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\5436F6665756C6: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\B6271626963656: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Profile 3
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2025-01-04]
Edge HomePage: Profile 3 -> hxxp://www.google.com
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
Edge Session Restore: Profile 3 -> is enabled.
Edge Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-10-23]
Edge Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cllnohpbfenopiakdcjmjcbaeapmkcdl [2024-09-11]
Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2024-09-11]
Edge Extension: (Popup View for Google™ Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cpogidebfcfffnbjlmoknfpemngaijdj [2024-09-11]
Edge Extension: (change-language) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fancfknaplihpclbhbpclnmmjcjanbaf [2024-12-18]
Edge Extension: (Google Translate in Right Click) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fcoongackakfdmiincikmjgkedcgjkdp [2024-09-11]
Edge Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-09-11]
Edge Extension: (Microsoft S/MIME) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gamjhjfeblghkihfjdpmbpajhlpmobbp [2024-09-11]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-02]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-18]
Edge Extension: (Coinbase Wallet extension) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2024-12-21]
Edge Extension: (OneTab) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2024-09-11]
Edge Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-09-11]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2025-01-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-11]
Edge Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\pnfonnnmfjnpfgagnklfaccicnnjcdkm [2024-12-04]
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2025-01-04]
Edge Session Restore: Profile 4 -> is enabled.
Edge Extension: (lock) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-12-27]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-27]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-12-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-03]
FireFox:
========
FF HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2024-09-13] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default [2025-01-04]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Entanglement Web App) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2024-12-18]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2024-12-18]
CHR Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-12-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-18]
CHR Extension: (OneTab) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-12-18]
CHR Extension: (Google Tips) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2024-12-18]
CHR Extension: (change-language) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2024-12-18]
CHR Extension: (Enhancer for Telegram™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafiggkhlbbhfcpgggcfeeoliillkabn [2024-12-18]
CHR Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-18]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2024-12-27]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2024-12-18]
CHR Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2024-12-18]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-12-18]
CHR Extension: (Dropbox) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2024-12-18]
CHR Extension: (Grepolis) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2024-12-18]
CHR Extension: (OneDrive) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2024-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-18]
CHR Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-12-31]
CHR Extension: (Drive Files to OneDrive™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcagpleiioillikneeillgemaanajfae [2024-12-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-03-30] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
S2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-08-16] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 EPMVssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{932D84CE-BAED-40E7-9D8C-43419DE47389} [22384 2023-12-04] (Microsoft Windows -> Microsoft Corporation)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [110098 2016-06-23] (Fortinet Inc.) [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
S2 hostcontrolsvc; C:\Windows\System32\bcmHostControlService.exe [840416 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
S2 hoststoragesvc; C:\Windows\System32\bcmHostStorageService.exe [176864 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [19903384 2024-12-18] (Logitech Inc -> Logitech, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [256856 2024-03-15] (Intel Corporation -> Intel Corporation)
S2 ushupgradesvc; C:\Windows\System32\bcmUshUpgradeService.exe [333064 2023-07-05] (Broadcom Inc -> )
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
S2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ddmdrv; C:\Windows\SysWOW64\ddmdrv.sys [34216 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm660.sys [150336 2023-10-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 DPMDriver; C:\Windows\System32\drivers\DPMDriver.sys [139680 2022-12-08] (IndiLogic LLC -> Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_7e337195b92a35b6\e1d.sys [611936 2023-08-31] (Intel Corporation -> Intel Corporation)
S3 epmdkdrv; C:\Windows\system32\epmdkdrv.sys [27728 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\Windows\System32\drivers\EUDCPEPM.sys [76344 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [24656 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [40016 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 MpKsl2b646de8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90D97141-EBF4-444F-9315-129685159F02}\MpKslDrv.sys [267552 2025-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 pppop; C:\Windows\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1169096 2023-06-15] (Realtek Semiconductor Corp. -> Realtek Corporation)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_fd307d9242e9056e\WiManH\WiManH.sys [182864 2023-11-09] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 17:36 - 2025-01-04 17:39 - 000000000 ____D C:\Users\Parek\Downloads\ccsetup631
2025-01-04 17:36 - 2025-01-04 17:36 - 000003378 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2025-01-04 17:36 - 2025-01-04 17:36 - 000000662 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2025-01-04 17:35 - 2025-01-04 17:35 - 079982561 _____ C:\Users\Parek\Downloads\ccsetup631.zip
2025-01-04 17:14 - 2025-01-04 17:16 - 000000000 ____D C:\AdwCleaner
2025-01-04 17:14 - 2025-01-04 17:14 - 008790880 _____ (Malwarebytes) C:\Users\Parek\Downloads\adwcleaner.exe
2025-01-04 14:15 - 2025-01-04 19:10 - 000000000 ____D C:\FRST
2025-01-04 14:05 - 2025-01-04 14:05 - 002833136 _____ (Malwarebytes) C:\Users\Parek\Downloads\MBSetup.exe
2025-01-02 20:18 - 2025-01-02 20:18 - 000000389 _____ C:\Users\Parek\OneDrive\Desktop\Kingdom Come Deliverance.url
2025-01-02 19:24 - 2025-01-02 19:24 - 000000000 ____D C:\Program Files\Epic Games
2025-01-02 19:22 - 2025-01-04 15:46 - 000000000 ____D C:\Users\Parek\AppData\Local\EpicGamesLauncher
2025-01-02 19:22 - 2025-01-03 23:40 - 000000000 ____D C:\Users\Parek\AppData\Local\Epic Games
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngineLauncher
2025-01-02 19:21 - 2025-01-02 19:23 - 000000000 ____D C:\ProgramData\Epic
2025-01-02 19:21 - 2025-01-02 19:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-02 19:21 - 2025-01-02 19:21 - 203468800 _____ C:\Users\Parek\Downloads\EpicInstaller-17.2.0.msi
2025-01-02 19:21 - 2025-01-02 19:21 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-02 17:48 - 2025-01-02 17:48 - 000150411 _____ C:\Users\Parek\Downloads\zakazane_zasilky_obecne_CZ.pdf
2025-01-01 19:38 - 2025-01-01 19:38 - 070486104 _____ C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00.exe
2025-01-01 19:38 - 2025-01-01 19:38 - 000000000 ____D C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00
2024-12-31 00:19 - 2024-12-31 00:19 - 000002410 _____ C:\Users\Parek\OneDrive\Desktop\Quake 4.lnk
2024-12-30 23:52 - 2025-01-02 19:23 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA Corporation
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\AppData\Roaming\NVIDIA
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\ansel
2024-12-30 16:53 - 2024-12-30 16:53 - 000000802 _____ C:\Users\Parek\OneDrive\Desktop\Manor Lords.lnk
2024-12-30 11:18 - 2024-12-30 11:18 - 000000000 ____D C:\Users\Parek\AppData\Local\ManorLords
2024-12-30 00:12 - 2024-12-30 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[K-Repack]
2024-12-29 18:10 - 2024-12-29 18:10 - 000000852 _____ C:\Users\Parek\OneDrive\Desktop\Warcraft I Remastered.lnk
2024-12-28 00:18 - 2024-12-28 13:53 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Mount and Blade II Bannerlord
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2024-12-27 23:29 - 2024-12-27 23:29 - 000000000 ____D C:\ProgramData\GOG.com
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-27 10:45 - 2024-12-27 10:45 - 003243852 _____ C:\Windows\Minidump\122724-12703-01.dmp
2024-12-25 11:25 - 2024-12-25 11:25 - 000000000 ____D C:\Users\Parek\AppData\Local\CrashDumps
2024-12-23 08:30 - 2024-12-23 08:31 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\CnCRemastered
2024-12-23 08:30 - 2024-12-23 08:30 - 000000000 ____D C:\Users\Parek\AppData\Roaming\CnCRemastered
2024-12-23 08:26 - 2024-12-23 08:26 - 000000000 ___HD C:\temp
2024-12-23 08:21 - 2024-12-23 08:21 - 000001045 _____ C:\Users\Parek\OneDrive\Desktop\Command and Conquer Remastered Collection.lnk
2024-12-23 08:21 - 2024-12-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2024-12-23 08:18 - 2024-12-24 11:09 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Notepad++
2024-12-23 08:18 - 2024-12-23 08:18 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-12-23 08:18 - 2024-12-23 08:18 - 000000000 ____D C:\Program Files\Notepad++
2024-12-23 08:17 - 2024-12-23 08:17 - 006652296 _____ (Don HO don.h@free.fr) C:\Users\Parek\Downloads\npp.8.7.4.Installer.x64.exe
2024-12-22 09:43 - 2024-12-22 09:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\FileZilla
2024-12-22 09:43 - 2024-12-22 09:46 - 000000000 ____D C:\Users\Parek\AppData\Local\FileZilla
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-12-22 09:11 - 2024-12-22 09:13 - 000000000 ____D C:\VMs
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Roaming\VMware
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Local\VMware
2024-12-22 09:09 - 2025-01-04 06:14 - 000000000 ____D C:\ProgramData\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000817478 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files (x86)\VMware
2024-12-22 09:09 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2024-12-22 09:09 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-12-22 09:09 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2024-12-22 09:02 - 2024-12-24 12:09 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Zero Hour Data
2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-22 08:38 - 2024-12-22 08:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\SpellForce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-20 17:23 - 2024-12-20 17:23 - 000000000 ___HD C:\$WinREAgent
2024-12-20 17:07 - 2024-12-20 17:07 - 000099732 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ARGENTINSKÁ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-20 17:06 - 2024-12-20 17:06 - 000084202 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ŽELEZNIČÁŘŮ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-12-19 07:49 - 2024-12-19 07:49 - 000000000 ____D C:\Program Files\Logi
2024-12-19 07:47 - 2024-12-19 07:48 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-12-19 07:47 - 2024-12-19 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 22:00 - 2024-12-18 22:01 - 000000000 ____D C:\Users\Parek\AppData\Local\keraP
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-20 17:00 - 000002502 _____ C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-20 17:00 - 000002471 _____ C:\Users\Parek\OneDrive\Desktop\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:57 - 2024-12-18 21:57 - 164068399 _____ (Wpf) C:\Users\Parek\Downloads\GoogleChrome.exe
2024-12-18 21:53 - 2024-12-18 00:13 - 000000717 _____ C:\Users\Parek\OneDrive\Desktop\Age of Empires IV.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 19:01 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Local\LogiOptionsPlus
2025-01-04 19:01 - 2024-09-09 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-04 19:01 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-04 17:36 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-01-04 17:16 - 2024-10-27 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-04 15:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-04 14:15 - 2024-09-09 20:13 - 000000000 ____D C:\tmp
2025-01-04 14:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2025-01-04 06:22 - 2024-09-09 18:38 - 000799974 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-04 06:15 - 2024-09-09 18:51 - 000000000 __SHD C:\Users\Parek\IntelGraphicsProfiles
2025-01-04 06:15 - 2024-09-09 18:40 - 000000000 ___RD C:\Users\Parek\OneDrive
2025-01-04 06:14 - 2024-09-09 18:51 - 000000000 ____D C:\Intel
2025-01-04 06:14 - 2024-09-09 18:30 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-04 06:14 - 2024-09-09 18:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-04 06:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-01-04 00:17 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-01-03 20:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-01-03 20:09 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Záruční listy
2025-01-02 19:23 - 2024-09-14 11:32 - 000000000 ____D C:\GOG Games
2025-01-02 19:23 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-02 19:22 - 2024-09-15 13:09 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngine
2025-01-02 17:58 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\Packages
2025-01-01 19:44 - 2024-09-26 16:22 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Word
2025-01-01 19:39 - 2024-09-18 17:55 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Excel
2024-12-31 15:55 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Rodina
2024-12-31 00:22 - 2024-09-13 20:08 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Free Download Manager
2024-12-30 23:51 - 2024-09-09 18:37 - 000000000 ____D C:\Users\Parek
2024-12-30 11:18 - 2024-09-09 18:48 - 000000000 ____D C:\Users\Parek\AppData\Local\D3DSCache
2024-12-30 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 00:05 - 2024-09-14 18:30 - 000000000 ____D C:\Games
2024-12-29 23:06 - 2024-11-11 18:36 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2024-12-29 23:05 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\My Games
2024-12-29 13:58 - 2024-11-02 19:58 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-12-27 10:45 - 2024-10-11 16:42 - 1482165546 _____ C:\Windows\MEMORY.DMP
2024-12-27 10:45 - 2024-10-11 16:42 - 000000000 ____D C:\Windows\Minidump
2024-12-23 08:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-23 06:08 - 2024-09-09 18:30 - 000479088 _____ C:\Windows\system32\FNTCACHE.DAT
2024-12-22 16:31 - 2024-09-28 20:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-12-22 16:06 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Data
2024-12-22 09:25 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Roaming\logioptionsplus
2024-12-22 08:46 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\VirtualStore
2024-12-22 08:35 - 2023-12-04 03:56 - 000000000 ____D C:\Windows\SystemTemp
2024-12-21 11:58 - 2024-09-09 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-21 11:57 - 2024-09-09 18:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 11:57 - 2024-09-09 18:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-12-20 17:36 - 2024-09-09 18:44 - 000000000 ____D C:\Users\Parek\AppData\Local\PlaceholderTileLogoFolder
2024-12-20 17:34 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2024-12-20 17:33 - 2024-09-09 18:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-12-20 17:26 - 2024-09-13 19:55 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-12-20 17:25 - 2024-09-09 19:17 - 000000000 ____D C:\Windows\system32\compatrel
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2024-12-18 22:05 - 2024-09-11 19:49 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-18 22:01 - 2024-09-13 20:29 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-12-18 22:01 - 2024-09-13 20:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-18 21:53 - 2024-09-09 19:40 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Jízdenky
2024-12-18 21:52 - 2024-09-11 19:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-12-18 21:52 - 2024-09-11 19:59 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-18 21:52 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Vstupenky
2024-12-18 21:52 - 2024-09-09 19:22 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001
2024-12-14 20:34 - 2024-09-09 19:39 - 000002424 _____ C:\Users\Parek\OneDrive\Dokumenty\Default.rdp
==================== Files in the root of some directories ========
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-11-21 21:24 - 2024-11-21 21:24 - 000000024 _____ () C:\Users\Parek\AppData\Roaming\epm_user.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (04-01-2025 19:10:54)
Running from C:\tmp\frst
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2024-09-09 17:32:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3391527302-3298552988-2452015091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3391527302-3298552988-2452015091-503 - Limited - Disabled)
Guest (S-1-5-21-3391527302-3298552988-2452015091-501 - Limited - Disabled)
Parek (S-1-5-21-3391527302-3298552988-2452015091-1001 - Administrator - Enabled) => C:\Users\Parek
WDAGUtilityAccount (S-1-5-21-3391527302-3298552988-2452015091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.08 (x64) (HKLM\...\7-Zip) (Version: 24.08 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.6.1 (HKLM-x32\...\AOMEI Partition Assistant_is1) (Version: 9.6.1 - RePack 9649)
Apple Mobile Device Support (HKLM\...\{336D80E8-E773-4B6F-BCAB-D291F34A6685}) (Version: 17.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2024.11.1 - Bitwarden Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command and Conquer Remastered Collection (HKLM-x32\...\Command and Conquer Remastered Collection_is1) (Version: - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
DisplayLink Graphics (HKLM\...\{FF7B0409-B387-4215-B575-7971A6B57F5D}) (Version: 11.2.3146.0 - DisplayLink Corp.)
EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
FileZilla 3.68.1 (HKLM-x32\...\FileZilla Client) (Version: 3.68.1 - Tim Kosse)
FortiClient (HKLM\...\{B611B858-9363-42FC-AE47-3430D54CCE1B}) (Version: 5.4.1.0840 - Fortinet Inc)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeTube 0.21.3 (HKLM\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.21.3 - PrestonN)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
iTunes (HKLM\...\{DA2C65E7-7091-46AD-A10F-AC34207C33B9}) (Version: 12.13.2.3 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.85.655119 - Logitech)
Logi Plugin Service (HKLM\...\{2751BCA2-7FA8-4CDF-A240-A53F46183755}) (Version: 6.0.2.21145 - Logitech)
Manor Lords [K] (HKLM\...\Manor Lords [K]_is1) (Version: 0.8.004 - K-Repack)
Messenger (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft S/MIME Control for Outlook on the web for Edge/Chrome (HKLM-x32\...\{80C59609-6400-4E37-A0F4-BAF6D3725E60}) (Version: 15.21.18833 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (HKLM-x32\...\{3D6AD258-61EA-35F5-812C-B7A02152996E}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (HKLM-x32\...\{E7D4E834-93EB-351F-B8FB-82CDAE623003}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
MiniTool Partition Wizard v12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited (RePack by Dodakaedr))
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.4 - Notepad++ Team)
NVIDIA Graphics Driver 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Název spolecnosti:)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roblox Player for Parek (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-07] (HP Inc.)
Bitwarden -> C:\Program Files\WindowsApps\bitwarden.com-8AD4A5AF_1.0.0.1_neutral__cm1p359qmnrhw [2024-11-17] (bitwarden.com)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16001.0_x64__8wekyb3d8bbwe [2024-11-14] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-28] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2024-09-09] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Parek\AppData\Local\Google\Chrome\Application\131.0.6778.205\notification_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53b77523eaecddc1\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39a55e8d68262d97\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2016-06-23 14:23 - 2016-06-23 14:23 - 000552978 _____ () [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-06-23 14:25 - 2016-06-23 14:25 - 000145426 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiSkin.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000291346 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiTrayResc.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000061458 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\libcfg.dll
2016-06-23 14:24 - 2016-06-23 14:24 - 000408082 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sslvpnlib.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000716818 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\utilsdll.dll
2024-11-21 21:14 - 2022-08-16 13:10 - 000066696 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master\DC\bin\x64\VssEaseusProvider.dll
2023-12-04 03:47 - 2024-11-02 15:49 - 001286144 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\PS5UI.DLL
2024-11-02 15:49 - 2024-11-02 15:49 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-12-03] (Softdeluxe Ltd. -> FreeDownloadManager.ORG)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\sharepoint.com -> hxxps://cgiitczech-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2024-11-21 21:12 - 000001013 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 track.easeus.com
127.0.0.1 66.39.112.91
127.0.0.1 216.92.151.227
127.0.0.1 216.92.61.7
127.0.0.1 update.easeus.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parek\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5628546655569156232\133804189297507593.jpg
DNS Servers: 192.168.1.99 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: PPPoP WAN Adapter -> pppop64.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
Ethernet 5: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Bluetooth Network Connection 2: Bluetooth Device (Personal Area Network) #2 -> bthpan.sys
Wi-Fi 2: Intel(R) Wi-Fi 6 AX201 160MHz #2 -> Netwtw10.sys
vmware_bridge: VMware Bridge Protocol
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4564D46C-8D38-48BA-A007-A5A5BE88242B}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{41E1167F-3364-43BA-8FD4-CD4286495171}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{B605F3CE-F421-4095-AAD9-6D20C57681DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4B000B3-904A-42CF-9005-45CC68DD1420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70B53AB0-0A4B-4F73-85F4-BDBC6792DC96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65B472B7-0627-4046-B1A0-F83EE5E4D876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB474E93-F508-4AA5-9A92-AE6023993BF1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{0FF19C45-E2FF-4F3C-B64A-66DE5FB73C85}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [{A8DA1959-2F69-4F6F-8A4A-33AF116C36DD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{5C4EE56C-14B3-42BD-929F-32B8003C0185}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{D84EE90D-1170-404F-BE48-A33DFF713D0E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{94DF1953-2C5D-4E9F-8E79-735582A4AD95}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [{AA429FCB-F2DE-4C4D-B278-29D9839A93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61FE3BD0-CC98-4AE6-9D2B-DA7E50239E8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC288BE1-A23B-4AE8-9047-909B0A709F1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{817A5C39-085D-4904-8DBF-EB7D37B3F37A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{525CCC00-F7A1-40AE-A563-DA8B9887D8C7}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1646C64-12E6-4B1E-B9D1-1C56DE874437}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA882022-3AD7-4409-BE01-6EABF84C292B}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{2FF10A1E-FF78-41BB-BAFE-B104E1D8AF6F}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [TCP Query User{267035D8-1E6C-40E0-9568-1AEF128DABBE}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A4118F8-9177-4F9D-95FD-2EA08149BEF1}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{070347D7-6B2A-4EEE-8F81-9213C3BB149E}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{93674AC2-0603-4D1A-B42D-A26F2D7C2AC0}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [{78CEA249-073D-4BD4-BDFD-29892C9082BA}] => (Block) %SystemDrive%\Games\A Year Of Rain\AYearOfRain.exe => No File
FirewallRules: [TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [{9B8B03A9-E587-4334-8DB8-3F7939DD9373}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{601241F7-DFD0-4897-88F1-31B659D95982}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{EEB4A53F-1E83-4326-A5AD-AA8D67782882}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{081C13DE-EC20-470B-8D04-843D4614AB13}] => (Allow) C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe (LoupeDeck Oy -> Logitech)
FirewallRules: [{E68DA63B-55DD-4BC1-831A-0C3A7C66C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34917D7B-78AB-4E05-9754-E5C791C5B7FD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{03ECE3F8-8C0E-4F9A-9384-A83BEB323DCE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2BEBBB9B-FF0A-49C6-B7A1-A38E515331D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A25797-8C46-4DC1-9FFA-609ADFFCFAC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{533199E0-ECCE-4AF1-A37F-1C5F0E346838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{257C9E53-0817-460B-8F96-A3FB08031119}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{78C4BA2D-3FFD-4F66-97AD-3E446D4F6F58}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{3E0F1D1E-41FB-4213-88E7-1435BE3ECE71}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:607.6 GB) (Free:95.56 GB) (16%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Parek-x360.local already in use; will try Parek-x360-2.local instead
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 16 Parek-x360.local. AAAA FE80:0000:0000:0000:35F5:766E:A520:38EF
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:35F5:766E:A520:38EF:5353 4 Parek-x360.local. Addr 169.254.190.111
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (12/26/2024 11:41:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
System errors:
=============
Error: (01/04/2025 07:01:12 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {56a4f8e4-1b78-48df-9515-e310e95634d6}, had event 74
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Logi Options+ service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Waves Audio Services service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management Engine WMI Provider Registration service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Thunderbolt(TM) Application Launcher service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
================
Date: 2025-01-04 13:34:47
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {47FE5F70-936A-4FBB-B4CD-DBCE6F10249B}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-04 00:17:01
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {9FD109FC-AAD0-403F-94CC-35C23A9C6CE9}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:11:43
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {BEBA0D7A-EF75-42EB-A344-F6DB0A603CCE}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-01 01:45:29
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {41A867D5-8F54-4908-AF99-ADC52EE25692}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-30 08:25:50
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {8D4740D1-60F7-4DEB-882D-F790AEBE7A03}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Backup
Kód chyby: 0x80004004
Popis chyby: Operation aborted
Verze bezpečnostních informací: 1.419.377.0;1.419.377.0
Verze modulu: 1.1.24080.9
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Current
Kód chyby: 0x80501102
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Verze bezpečnostních informací: 1.419.387.0;1.419.387.0
Verze modulu: 1.1.24080.9
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80240022
Popis chyby: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2025-01-04 19:02:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2025-01-04 19:01:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.20 04/22/2024
Motherboard: HP 86E7
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 46%
Total physical RAM: 16081.58 MB
Available physical RAM: 8641.14 MB
Total Virtual: 18513.58 MB
Available Virtual: 9312.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:607.6 GB) (Free:95.55 GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
\\?\Volume{9025fdea-f346-417e-ab2c-5c0e7875a15c}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{a84bcc09-f93f-421e-aed0-9893fe441ab6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f5916b01-d3c0-46d7-ab8a-bd0b50faedd8}\ () (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{d2562ee7-52f9-49c2-8814-aab90d85c24d}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1788.5 GB) (Disk ID: 0DBB4B75)
Partition: GPT.
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by Parek (administrator) on PAREK-X360 (HP HP Spectre x360 Convertible 15-eb0xxx) (04-01-2025 19:09:48)
Running from C:\tmp\frst\FRST64.exe
Loaded Profiles: Parek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe <6>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> com.logitech) C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\BridgeCommunication.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Parek\AppData\Local\Google\Chrome\Application\chrome.exe <20>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <2>
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952720 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2024-04-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [com.messenger] => "C:\Users\Parek\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [GoogleUpdaterTaskUser132.0.6833.0] => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-02] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [1829376 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1879552 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-02] (pdfforge GmbH) [File not signed]
Startup: C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-12-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7D108C1A-E51E-4A67-B337-339A2BC0F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Task: {0CA436D0-5B09-46E2-96B6-A94B8B79004B} - System32\Tasks\CCleanerCrashReporting => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Users\Parek\Downloads\ccsetup631\LOG" --programpath "C:\Users\Parek\Downloads\ccsetup631" --guid "" --version "6.31.11415" --silent
Task: {F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846} - System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {4D8A0455-E1FD-41E6-AD7A-E04FE99B81ED} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Users\Parek\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {BA9DC40E-7CA2-48EB-9706-358A2FF4AFBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {833EEEBE-1ABD-4D6F-B1C8-A37D31A6F13E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70279CCA-5CEF-4B0B-B0D7-4725EC155553} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B87A016-3F33-4624-98A7-3DC97FB16301} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB9976A5-C8FC-4DE8-91FC-A58C9018ACEE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [186992 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DEE9340-7628-4F3D-AB71-6927A2B485C5} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe [7885824 2024-10-31] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {BEF3B4AD-35C1-4954-97E4-BF89EF19E975} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6C6130B-A6F8-4BC6-9D55-6F7DBFDB31AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CD9905F-5A6C-4D6E-BB4F-79512D2F28D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56F94A1C-C40E-438E-88FA-B626623D768F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1781271-B23F-4A85-A2CA-0E59B1B84CB4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8105478-0A37-45EC-8D69-35DF0BF2FC5B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\368616368616: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\84F64756C6F564275656: [DhcpNameServer] 185.75.138.254 185.75.138.253
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{9cc330eb-c712-4df8-a8a7-ad3bb867bef7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpDomain] home
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\5436F6665756C6: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\B6271626963656: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Profile 3
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2025-01-04]
Edge HomePage: Profile 3 -> hxxp://www.google.com
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
Edge Session Restore: Profile 3 -> is enabled.
Edge Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-10-23]
Edge Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cllnohpbfenopiakdcjmjcbaeapmkcdl [2024-09-11]
Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2024-09-11]
Edge Extension: (Popup View for Google™ Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cpogidebfcfffnbjlmoknfpemngaijdj [2024-09-11]
Edge Extension: (change-language) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fancfknaplihpclbhbpclnmmjcjanbaf [2024-12-18]
Edge Extension: (Google Translate in Right Click) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fcoongackakfdmiincikmjgkedcgjkdp [2024-09-11]
Edge Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-09-11]
Edge Extension: (Microsoft S/MIME) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gamjhjfeblghkihfjdpmbpajhlpmobbp [2024-09-11]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-02]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-18]
Edge Extension: (Coinbase Wallet extension) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2024-12-21]
Edge Extension: (OneTab) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2024-09-11]
Edge Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-09-11]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2025-01-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-11]
Edge Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\pnfonnnmfjnpfgagnklfaccicnnjcdkm [2024-12-04]
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2025-01-04]
Edge Session Restore: Profile 4 -> is enabled.
Edge Extension: (lock) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-12-27]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-27]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-12-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-03]
FireFox:
========
FF HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2024-09-13] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default [2025-01-04]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Entanglement Web App) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2024-12-18]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2024-12-18]
CHR Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-12-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-18]
CHR Extension: (OneTab) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-12-18]
CHR Extension: (Google Tips) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2024-12-18]
CHR Extension: (change-language) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2024-12-18]
CHR Extension: (Enhancer for Telegram™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafiggkhlbbhfcpgggcfeeoliillkabn [2024-12-18]
CHR Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-18]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2024-12-27]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2024-12-18]
CHR Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2024-12-18]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-12-18]
CHR Extension: (Dropbox) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2024-12-18]
CHR Extension: (Grepolis) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2024-12-18]
CHR Extension: (OneDrive) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2024-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-18]
CHR Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-12-31]
CHR Extension: (Drive Files to OneDrive™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcagpleiioillikneeillgemaanajfae [2024-12-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-03-30] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
S2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-08-16] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 EPMVssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{932D84CE-BAED-40E7-9D8C-43419DE47389} [22384 2023-12-04] (Microsoft Windows -> Microsoft Corporation)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [110098 2016-06-23] (Fortinet Inc.) [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
S2 hostcontrolsvc; C:\Windows\System32\bcmHostControlService.exe [840416 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
S2 hoststoragesvc; C:\Windows\System32\bcmHostStorageService.exe [176864 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [19903384 2024-12-18] (Logitech Inc -> Logitech, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [256856 2024-03-15] (Intel Corporation -> Intel Corporation)
S2 ushupgradesvc; C:\Windows\System32\bcmUshUpgradeService.exe [333064 2023-07-05] (Broadcom Inc -> )
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
S2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ddmdrv; C:\Windows\SysWOW64\ddmdrv.sys [34216 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm660.sys [150336 2023-10-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 DPMDriver; C:\Windows\System32\drivers\DPMDriver.sys [139680 2022-12-08] (IndiLogic LLC -> Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_7e337195b92a35b6\e1d.sys [611936 2023-08-31] (Intel Corporation -> Intel Corporation)
S3 epmdkdrv; C:\Windows\system32\epmdkdrv.sys [27728 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\Windows\System32\drivers\EUDCPEPM.sys [76344 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [24656 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [40016 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 MpKsl2b646de8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90D97141-EBF4-444F-9315-129685159F02}\MpKslDrv.sys [267552 2025-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 pppop; C:\Windows\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1169096 2023-06-15] (Realtek Semiconductor Corp. -> Realtek Corporation)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_fd307d9242e9056e\WiManH\WiManH.sys [182864 2023-11-09] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 17:36 - 2025-01-04 17:39 - 000000000 ____D C:\Users\Parek\Downloads\ccsetup631
2025-01-04 17:36 - 2025-01-04 17:36 - 000003378 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2025-01-04 17:36 - 2025-01-04 17:36 - 000000662 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2025-01-04 17:35 - 2025-01-04 17:35 - 079982561 _____ C:\Users\Parek\Downloads\ccsetup631.zip
2025-01-04 17:14 - 2025-01-04 17:16 - 000000000 ____D C:\AdwCleaner
2025-01-04 17:14 - 2025-01-04 17:14 - 008790880 _____ (Malwarebytes) C:\Users\Parek\Downloads\adwcleaner.exe
2025-01-04 14:15 - 2025-01-04 19:10 - 000000000 ____D C:\FRST
2025-01-04 14:05 - 2025-01-04 14:05 - 002833136 _____ (Malwarebytes) C:\Users\Parek\Downloads\MBSetup.exe
2025-01-02 20:18 - 2025-01-02 20:18 - 000000389 _____ C:\Users\Parek\OneDrive\Desktop\Kingdom Come Deliverance.url
2025-01-02 19:24 - 2025-01-02 19:24 - 000000000 ____D C:\Program Files\Epic Games
2025-01-02 19:22 - 2025-01-04 15:46 - 000000000 ____D C:\Users\Parek\AppData\Local\EpicGamesLauncher
2025-01-02 19:22 - 2025-01-03 23:40 - 000000000 ____D C:\Users\Parek\AppData\Local\Epic Games
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngineLauncher
2025-01-02 19:21 - 2025-01-02 19:23 - 000000000 ____D C:\ProgramData\Epic
2025-01-02 19:21 - 2025-01-02 19:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-02 19:21 - 2025-01-02 19:21 - 203468800 _____ C:\Users\Parek\Downloads\EpicInstaller-17.2.0.msi
2025-01-02 19:21 - 2025-01-02 19:21 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-02 17:48 - 2025-01-02 17:48 - 000150411 _____ C:\Users\Parek\Downloads\zakazane_zasilky_obecne_CZ.pdf
2025-01-01 19:38 - 2025-01-01 19:38 - 070486104 _____ C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00.exe
2025-01-01 19:38 - 2025-01-01 19:38 - 000000000 ____D C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00
2024-12-31 00:19 - 2024-12-31 00:19 - 000002410 _____ C:\Users\Parek\OneDrive\Desktop\Quake 4.lnk
2024-12-30 23:52 - 2025-01-02 19:23 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA Corporation
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\AppData\Roaming\NVIDIA
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\ansel
2024-12-30 16:53 - 2024-12-30 16:53 - 000000802 _____ C:\Users\Parek\OneDrive\Desktop\Manor Lords.lnk
2024-12-30 11:18 - 2024-12-30 11:18 - 000000000 ____D C:\Users\Parek\AppData\Local\ManorLords
2024-12-30 00:12 - 2024-12-30 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[K-Repack]
2024-12-29 18:10 - 2024-12-29 18:10 - 000000852 _____ C:\Users\Parek\OneDrive\Desktop\Warcraft I Remastered.lnk
2024-12-28 00:18 - 2024-12-28 13:53 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Mount and Blade II Bannerlord
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2024-12-27 23:29 - 2024-12-27 23:29 - 000000000 ____D C:\ProgramData\GOG.com
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-27 10:45 - 2024-12-27 10:45 - 003243852 _____ C:\Windows\Minidump\122724-12703-01.dmp
2024-12-25 11:25 - 2024-12-25 11:25 - 000000000 ____D C:\Users\Parek\AppData\Local\CrashDumps
2024-12-23 08:30 - 2024-12-23 08:31 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\CnCRemastered
2024-12-23 08:30 - 2024-12-23 08:30 - 000000000 ____D C:\Users\Parek\AppData\Roaming\CnCRemastered
2024-12-23 08:26 - 2024-12-23 08:26 - 000000000 ___HD C:\temp
2024-12-23 08:21 - 2024-12-23 08:21 - 000001045 _____ C:\Users\Parek\OneDrive\Desktop\Command and Conquer Remastered Collection.lnk
2024-12-23 08:21 - 2024-12-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2024-12-23 08:18 - 2024-12-24 11:09 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Notepad++
2024-12-23 08:18 - 2024-12-23 08:18 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-12-23 08:18 - 2024-12-23 08:18 - 000000000 ____D C:\Program Files\Notepad++
2024-12-23 08:17 - 2024-12-23 08:17 - 006652296 _____ (Don HO don.h@free.fr) C:\Users\Parek\Downloads\npp.8.7.4.Installer.x64.exe
2024-12-22 09:43 - 2024-12-22 09:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\FileZilla
2024-12-22 09:43 - 2024-12-22 09:46 - 000000000 ____D C:\Users\Parek\AppData\Local\FileZilla
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-12-22 09:11 - 2024-12-22 09:13 - 000000000 ____D C:\VMs
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Roaming\VMware
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Local\VMware
2024-12-22 09:09 - 2025-01-04 06:14 - 000000000 ____D C:\ProgramData\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000817478 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files (x86)\VMware
2024-12-22 09:09 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2024-12-22 09:09 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-12-22 09:09 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2024-12-22 09:02 - 2024-12-24 12:09 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Zero Hour Data
2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-22 08:38 - 2024-12-22 08:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\SpellForce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-20 17:23 - 2024-12-20 17:23 - 000000000 ___HD C:\$WinREAgent
2024-12-20 17:07 - 2024-12-20 17:07 - 000099732 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ARGENTINSKÁ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-20 17:06 - 2024-12-20 17:06 - 000084202 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ŽELEZNIČÁŘŮ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-12-19 07:49 - 2024-12-19 07:49 - 000000000 ____D C:\Program Files\Logi
2024-12-19 07:47 - 2024-12-19 07:48 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-12-19 07:47 - 2024-12-19 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 22:00 - 2024-12-18 22:01 - 000000000 ____D C:\Users\Parek\AppData\Local\keraP
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-20 17:00 - 000002502 _____ C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-20 17:00 - 000002471 _____ C:\Users\Parek\OneDrive\Desktop\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:57 - 2024-12-18 21:57 - 164068399 _____ (Wpf) C:\Users\Parek\Downloads\GoogleChrome.exe
2024-12-18 21:53 - 2024-12-18 00:13 - 000000717 _____ C:\Users\Parek\OneDrive\Desktop\Age of Empires IV.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 19:01 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Local\LogiOptionsPlus
2025-01-04 19:01 - 2024-09-09 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-04 19:01 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-04 17:36 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-01-04 17:16 - 2024-10-27 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-04 15:51 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-04 14:15 - 2024-09-09 20:13 - 000000000 ____D C:\tmp
2025-01-04 14:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2025-01-04 06:22 - 2024-09-09 18:38 - 000799974 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-04 06:15 - 2024-09-09 18:51 - 000000000 __SHD C:\Users\Parek\IntelGraphicsProfiles
2025-01-04 06:15 - 2024-09-09 18:40 - 000000000 ___RD C:\Users\Parek\OneDrive
2025-01-04 06:14 - 2024-09-09 18:51 - 000000000 ____D C:\Intel
2025-01-04 06:14 - 2024-09-09 18:30 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-04 06:14 - 2024-09-09 18:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-04 06:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-01-04 00:17 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-01-03 20:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-01-03 20:09 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Záruční listy
2025-01-02 19:23 - 2024-09-14 11:32 - 000000000 ____D C:\GOG Games
2025-01-02 19:23 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-02 19:22 - 2024-09-15 13:09 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngine
2025-01-02 17:58 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\Packages
2025-01-01 19:44 - 2024-09-26 16:22 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Word
2025-01-01 19:39 - 2024-09-18 17:55 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Excel
2024-12-31 15:55 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Rodina
2024-12-31 00:22 - 2024-09-13 20:08 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Free Download Manager
2024-12-30 23:51 - 2024-09-09 18:37 - 000000000 ____D C:\Users\Parek
2024-12-30 11:18 - 2024-09-09 18:48 - 000000000 ____D C:\Users\Parek\AppData\Local\D3DSCache
2024-12-30 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 00:05 - 2024-09-14 18:30 - 000000000 ____D C:\Games
2024-12-29 23:06 - 2024-11-11 18:36 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2024-12-29 23:05 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\My Games
2024-12-29 13:58 - 2024-11-02 19:58 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-12-27 10:45 - 2024-10-11 16:42 - 1482165546 _____ C:\Windows\MEMORY.DMP
2024-12-27 10:45 - 2024-10-11 16:42 - 000000000 ____D C:\Windows\Minidump
2024-12-23 08:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-23 06:08 - 2024-09-09 18:30 - 000479088 _____ C:\Windows\system32\FNTCACHE.DAT
2024-12-22 16:31 - 2024-09-28 20:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-12-22 16:06 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Data
2024-12-22 09:25 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Roaming\logioptionsplus
2024-12-22 08:46 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\VirtualStore
2024-12-22 08:35 - 2023-12-04 03:56 - 000000000 ____D C:\Windows\SystemTemp
2024-12-21 11:58 - 2024-09-09 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-21 11:57 - 2024-09-09 18:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 11:57 - 2024-09-09 18:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-12-20 17:36 - 2024-09-09 18:44 - 000000000 ____D C:\Users\Parek\AppData\Local\PlaceholderTileLogoFolder
2024-12-20 17:34 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2024-12-20 17:33 - 2024-09-09 18:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-12-20 17:26 - 2024-09-13 19:55 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-12-20 17:25 - 2024-09-09 19:17 - 000000000 ____D C:\Windows\system32\compatrel
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2024-12-18 22:05 - 2024-09-11 19:49 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-18 22:01 - 2024-09-13 20:29 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-12-18 22:01 - 2024-09-13 20:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-18 21:53 - 2024-09-09 19:40 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Jízdenky
2024-12-18 21:52 - 2024-09-11 19:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-12-18 21:52 - 2024-09-11 19:59 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-18 21:52 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Vstupenky
2024-12-18 21:52 - 2024-09-09 19:22 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001
2024-12-14 20:34 - 2024-09-09 19:39 - 000002424 _____ C:\Users\Parek\OneDrive\Dokumenty\Default.rdp
==================== Files in the root of some directories ========
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-11-21 21:24 - 2024-11-21 21:24 - 000000024 _____ () C:\Users\Parek\AppData\Roaming\epm_user.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (04-01-2025 19:10:54)
Running from C:\tmp\frst
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2024-09-09 17:32:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3391527302-3298552988-2452015091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3391527302-3298552988-2452015091-503 - Limited - Disabled)
Guest (S-1-5-21-3391527302-3298552988-2452015091-501 - Limited - Disabled)
Parek (S-1-5-21-3391527302-3298552988-2452015091-1001 - Administrator - Enabled) => C:\Users\Parek
WDAGUtilityAccount (S-1-5-21-3391527302-3298552988-2452015091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.08 (x64) (HKLM\...\7-Zip) (Version: 24.08 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.6.1 (HKLM-x32\...\AOMEI Partition Assistant_is1) (Version: 9.6.1 - RePack 9649)
Apple Mobile Device Support (HKLM\...\{336D80E8-E773-4B6F-BCAB-D291F34A6685}) (Version: 17.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2024.11.1 - Bitwarden Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command and Conquer Remastered Collection (HKLM-x32\...\Command and Conquer Remastered Collection_is1) (Version: - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
DisplayLink Graphics (HKLM\...\{FF7B0409-B387-4215-B575-7971A6B57F5D}) (Version: 11.2.3146.0 - DisplayLink Corp.)
EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
FileZilla 3.68.1 (HKLM-x32\...\FileZilla Client) (Version: 3.68.1 - Tim Kosse)
FortiClient (HKLM\...\{B611B858-9363-42FC-AE47-3430D54CCE1B}) (Version: 5.4.1.0840 - Fortinet Inc)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeTube 0.21.3 (HKLM\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.21.3 - PrestonN)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
iTunes (HKLM\...\{DA2C65E7-7091-46AD-A10F-AC34207C33B9}) (Version: 12.13.2.3 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.85.655119 - Logitech)
Logi Plugin Service (HKLM\...\{2751BCA2-7FA8-4CDF-A240-A53F46183755}) (Version: 6.0.2.21145 - Logitech)
Manor Lords [K] (HKLM\...\Manor Lords [K]_is1) (Version: 0.8.004 - K-Repack)
Messenger (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft S/MIME Control for Outlook on the web for Edge/Chrome (HKLM-x32\...\{80C59609-6400-4E37-A0F4-BAF6D3725E60}) (Version: 15.21.18833 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (HKLM-x32\...\{3D6AD258-61EA-35F5-812C-B7A02152996E}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (HKLM-x32\...\{E7D4E834-93EB-351F-B8FB-82CDAE623003}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
MiniTool Partition Wizard v12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited (RePack by Dodakaedr))
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.4 - Notepad++ Team)
NVIDIA Graphics Driver 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Název spolecnosti:)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roblox Player for Parek (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-07] (HP Inc.)
Bitwarden -> C:\Program Files\WindowsApps\bitwarden.com-8AD4A5AF_1.0.0.1_neutral__cm1p359qmnrhw [2024-11-17] (bitwarden.com)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16001.0_x64__8wekyb3d8bbwe [2024-11-14] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-28] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2024-09-09] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Parek\AppData\Local\Google\Chrome\Application\131.0.6778.205\notification_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53b77523eaecddc1\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39a55e8d68262d97\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2016-06-23 14:23 - 2016-06-23 14:23 - 000552978 _____ () [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-06-23 14:25 - 2016-06-23 14:25 - 000145426 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiSkin.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000291346 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiTrayResc.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000061458 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\libcfg.dll
2016-06-23 14:24 - 2016-06-23 14:24 - 000408082 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sslvpnlib.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000716818 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\utilsdll.dll
2024-11-21 21:14 - 2022-08-16 13:10 - 000066696 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master\DC\bin\x64\VssEaseusProvider.dll
2023-12-04 03:47 - 2024-11-02 15:49 - 001286144 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\PS5UI.DLL
2024-11-02 15:49 - 2024-11-02 15:49 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-12-03] (Softdeluxe Ltd. -> FreeDownloadManager.ORG)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\sharepoint.com -> hxxps://cgiitczech-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2024-11-21 21:12 - 000001013 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 track.easeus.com
127.0.0.1 66.39.112.91
127.0.0.1 216.92.151.227
127.0.0.1 216.92.61.7
127.0.0.1 update.easeus.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parek\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5628546655569156232\133804189297507593.jpg
DNS Servers: 192.168.1.99 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: PPPoP WAN Adapter -> pppop64.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
Ethernet 5: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Bluetooth Network Connection 2: Bluetooth Device (Personal Area Network) #2 -> bthpan.sys
Wi-Fi 2: Intel(R) Wi-Fi 6 AX201 160MHz #2 -> Netwtw10.sys
vmware_bridge: VMware Bridge Protocol
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4564D46C-8D38-48BA-A007-A5A5BE88242B}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{41E1167F-3364-43BA-8FD4-CD4286495171}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{B605F3CE-F421-4095-AAD9-6D20C57681DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4B000B3-904A-42CF-9005-45CC68DD1420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70B53AB0-0A4B-4F73-85F4-BDBC6792DC96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65B472B7-0627-4046-B1A0-F83EE5E4D876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB474E93-F508-4AA5-9A92-AE6023993BF1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{0FF19C45-E2FF-4F3C-B64A-66DE5FB73C85}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [{A8DA1959-2F69-4F6F-8A4A-33AF116C36DD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{5C4EE56C-14B3-42BD-929F-32B8003C0185}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{D84EE90D-1170-404F-BE48-A33DFF713D0E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{94DF1953-2C5D-4E9F-8E79-735582A4AD95}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [{AA429FCB-F2DE-4C4D-B278-29D9839A93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61FE3BD0-CC98-4AE6-9D2B-DA7E50239E8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC288BE1-A23B-4AE8-9047-909B0A709F1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{817A5C39-085D-4904-8DBF-EB7D37B3F37A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{525CCC00-F7A1-40AE-A563-DA8B9887D8C7}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1646C64-12E6-4B1E-B9D1-1C56DE874437}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA882022-3AD7-4409-BE01-6EABF84C292B}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{2FF10A1E-FF78-41BB-BAFE-B104E1D8AF6F}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [TCP Query User{267035D8-1E6C-40E0-9568-1AEF128DABBE}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A4118F8-9177-4F9D-95FD-2EA08149BEF1}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{070347D7-6B2A-4EEE-8F81-9213C3BB149E}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{93674AC2-0603-4D1A-B42D-A26F2D7C2AC0}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [{78CEA249-073D-4BD4-BDFD-29892C9082BA}] => (Block) %SystemDrive%\Games\A Year Of Rain\AYearOfRain.exe => No File
FirewallRules: [TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [{9B8B03A9-E587-4334-8DB8-3F7939DD9373}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{601241F7-DFD0-4897-88F1-31B659D95982}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{EEB4A53F-1E83-4326-A5AD-AA8D67782882}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{081C13DE-EC20-470B-8D04-843D4614AB13}] => (Allow) C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe (LoupeDeck Oy -> Logitech)
FirewallRules: [{E68DA63B-55DD-4BC1-831A-0C3A7C66C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34917D7B-78AB-4E05-9754-E5C791C5B7FD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{03ECE3F8-8C0E-4F9A-9384-A83BEB323DCE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2BEBBB9B-FF0A-49C6-B7A1-A38E515331D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A25797-8C46-4DC1-9FFA-609ADFFCFAC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{533199E0-ECCE-4AF1-A37F-1C5F0E346838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{257C9E53-0817-460B-8F96-A3FB08031119}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{78C4BA2D-3FFD-4F66-97AD-3E446D4F6F58}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{3E0F1D1E-41FB-4213-88E7-1435BE3ECE71}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:607.6 GB) (Free:95.56 GB) (16%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Parek-x360.local already in use; will try Parek-x360-2.local instead
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 16 Parek-x360.local. AAAA FE80:0000:0000:0000:35F5:766E:A520:38EF
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:35F5:766E:A520:38EF:5353 4 Parek-x360.local. Addr 169.254.190.111
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (12/26/2024 11:41:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
System errors:
=============
Error: (01/04/2025 07:01:12 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {56a4f8e4-1b78-48df-9515-e310e95634d6}, had event 74
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Logi Options+ service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP System Info HSA Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Waves Audio Services service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management Engine WMI Provider Registration service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2025 05:16:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Thunderbolt(TM) Application Launcher service terminated unexpectedly. It has done this 1 time(s).
Windows Defender:
================
Date: 2025-01-04 13:34:47
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {47FE5F70-936A-4FBB-B4CD-DBCE6F10249B}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-04 00:17:01
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {9FD109FC-AAD0-403F-94CC-35C23A9C6CE9}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:11:43
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {BEBA0D7A-EF75-42EB-A344-F6DB0A603CCE}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-01 01:45:29
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {41A867D5-8F54-4908-AF99-ADC52EE25692}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-30 08:25:50
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {8D4740D1-60F7-4DEB-882D-F790AEBE7A03}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Backup
Kód chyby: 0x80004004
Popis chyby: Operation aborted
Verze bezpečnostních informací: 1.419.377.0;1.419.377.0
Verze modulu: 1.1.24080.9
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Current
Kód chyby: 0x80501102
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Verze bezpečnostních informací: 1.419.387.0;1.419.387.0
Verze modulu: 1.1.24080.9
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80240022
Popis chyby: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2025-01-04 19:02:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2025-01-04 19:01:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.20 04/22/2024
Motherboard: HP 86E7
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 46%
Total physical RAM: 16081.58 MB
Available physical RAM: 8641.14 MB
Total Virtual: 18513.58 MB
Available Virtual: 9312.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:607.6 GB) (Free:95.55 GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
\\?\Volume{9025fdea-f346-417e-ab2c-5c0e7875a15c}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{a84bcc09-f93f-421e-aed0-9893fe441ab6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f5916b01-d3c0-46d7-ab8a-bd0b50faedd8}\ () (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{d2562ee7-52f9-49c2-8814-aab90d85c24d}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1788.5 GB) (Disk ID: 0DBB4B75)
Partition: GPT.
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\tmp\frst jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [com.messenger] => "C:\Users\Parek\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846} - System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {2DEE9340-7628-4F3D-AB71-6927A2B485C5} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe [7885824 2024-10-31] (Microsoft Corporation) [File not signed] <==== ATTENTION
FirewallRules: [{41E1167F-3364-43BA-8FD4-CD4286495171}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [{78CEA249-073D-4BD4-BDFD-29892C9082BA}] => (Block) %SystemDrive%\Games\A Year Of Rain\AYearOfRain.exe => No File
FirewallRules: [TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
EmptyTemp:
Hosts:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Zde je:
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (04-01-2025 21:25:09) Run:1
Running from C:\tmp\frst
Loaded Profiles: Parek
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [com.messenger] => "C:\Users\Parek\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846} - System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {2DEE9340-7628-4F3D-AB71-6927A2B485C5} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe [7885824 2024-10-31] (Microsoft Corporation) [File not signed] <==== ATTENTION
FirewallRules: [{41E1167F-3364-43BA-8FD4-CD4286495171}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [{78CEA249-073D-4BD4-BDFD-29892C9082BA}] => (Block) %SystemDrive%\Games\A Year Of Rain\AYearOfRain.exe => No File
FirewallRules: [TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Software\Microsoft\Windows\CurrentVersion\Run\\com.messenger" => removed successfully
"C:\Windows\system32\GroupPolicy\Machine" Folder move:
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846}" => removed successfully
C:\Windows\System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DEE9340-7628-4F3D-AB71-6927A2B485C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DEE9340-7628-4F3D-AB71-6927A2B485C5}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetFramework\Microsoft .NET Framework" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41E1167F-3364-43BA-8FD4-CD4286495171}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78CEA249-073D-4BD4-BDFD-29892C9082BA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 124258075 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 48193387 B
Windows/system/drivers => 57119155 B
Edge => 0 B
Chrome => 196024567 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 83175534 B
systemprofile32 => 83175966 B
LocalService => 83175966 B
NetworkService => 83263532 B
Parek => 594361527 B
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:25:54 ====
Díky moc.
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (04-01-2025 21:25:09) Run:1
Running from C:\tmp\frst
Loaded Profiles: Parek
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [com.messenger] => "C:\Users\Parek\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846} - System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {2DEE9340-7628-4F3D-AB71-6927A2B485C5} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe [7885824 2024-10-31] (Microsoft Corporation) [File not signed] <==== ATTENTION
FirewallRules: [{41E1167F-3364-43BA-8FD4-CD4286495171}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [{78CEA249-073D-4BD4-BDFD-29892C9082BA}] => (Block) %SystemDrive%\Games\A Year Of Rain\AYearOfRain.exe => No File
FirewallRules: [TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Software\Microsoft\Windows\CurrentVersion\Run\\com.messenger" => removed successfully
"C:\Windows\system32\GroupPolicy\Machine" Folder move:
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846}" => removed successfully
C:\Windows\System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DEE9340-7628-4F3D-AB71-6927A2B485C5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DEE9340-7628-4F3D-AB71-6927A2B485C5}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetFramework\Microsoft .NET Framework" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41E1167F-3364-43BA-8FD4-CD4286495171}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78CEA249-073D-4BD4-BDFD-29892C9082BA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 124258075 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 48193387 B
Windows/system/drivers => 57119155 B
Edge => 0 B
Chrome => 196024567 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 83175534 B
systemprofile32 => 83175966 B
LocalService => 83175966 B
NetworkService => 83263532 B
Parek => 594361527 B
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:25:54 ====
Díky moc.
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Vše smazáno. Hlíáška zmizela?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Bohužel se stále objevuje. Složka "C:\Users\Parek\AppData\Roaming\BackupWin" stále existuje a soubory jsou tam:
decrypted.exe
GoogleChrome.exe
ChromeSetup.exe
install.flag
Není mi jasné, zda se jedná o startup update check Chromu, či něčeho jiného.
decrypted.exe
GoogleChrome.exe
ChromeSetup.exe
install.flag
Není mi jasné, zda se jedná o startup update check Chromu, či něčeho jiného.
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Ahoj, soubory otestuj na virustotal.com a posli nam sem odkazy s vysledky analyz. Ty soubory nevypadaji hezky.
Dej jeste prosim te nove FRST logy.
Dej jeste prosim te nove FRST logy.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Ahoj, zde jsou výsledky:
decrypted.exe - https://www.virustotal.com/gui/file/d5b ... 3e402d429f
ChromeSetup.exe - https://www.virustotal.com/gui/file/e97 ... 519fa2dd40
To nejlepší nakonec: GoogleChrome.exe - https://www.virustotal.com/gui/file/e31 ... 3298cc1563
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by Parek (administrator) on PAREK-X360 (HP HP Spectre x360 Convertible 15-eb0xxx) (04-01-2025 23:09:49)
Running from C:\tmp\frst\FRST64.exe
Loaded Profiles: Parek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\EaseUS\ENS\ensserver.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrapExe.exe
(C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe <6>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> com.logitech) C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEM.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\BridgeCommunication.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Parek\AppData\Local\Google\Chrome\Application\chrome.exe <25>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Broadcom Inc -> ) C:\Windows\System32\bcmUshUpgradeService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostControlService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostStorageService.exe
(services.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952720 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2024-04-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [GoogleUpdaterTaskUser132.0.6833.0] => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-02] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [1829376 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1879552 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-02] (pdfforge GmbH) [File not signed]
Startup: C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-12-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7D108C1A-E51E-4A67-B337-339A2BC0F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Task: {0CA436D0-5B09-46E2-96B6-A94B8B79004B} - System32\Tasks\CCleanerCrashReporting => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Users\Parek\Downloads\ccsetup631\LOG" --programpath "C:\Users\Parek\Downloads\ccsetup631" --guid "" --version "6.31.11415" --silent
Task: {4D8A0455-E1FD-41E6-AD7A-E04FE99B81ED} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Users\Parek\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {BA9DC40E-7CA2-48EB-9706-358A2FF4AFBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {833EEEBE-1ABD-4D6F-B1C8-A37D31A6F13E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70279CCA-5CEF-4B0B-B0D7-4725EC155553} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B87A016-3F33-4624-98A7-3DC97FB16301} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB9976A5-C8FC-4DE8-91FC-A58C9018ACEE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [186992 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BEF3B4AD-35C1-4954-97E4-BF89EF19E975} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6C6130B-A6F8-4BC6-9D55-6F7DBFDB31AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CD9905F-5A6C-4D6E-BB4F-79512D2F28D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56F94A1C-C40E-438E-88FA-B626623D768F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1781271-B23F-4A85-A2CA-0E59B1B84CB4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8105478-0A37-45EC-8D69-35DF0BF2FC5B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\368616368616: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\84F64756C6F564275656: [DhcpNameServer] 185.75.138.254 185.75.138.253
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{9cc330eb-c712-4df8-a8a7-ad3bb867bef7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpDomain] home
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\5436F6665756C6: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\B6271626963656: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Profile 3
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2025-01-04]
Edge HomePage: Profile 3 -> hxxp://www.google.com
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
Edge Session Restore: Profile 3 -> is enabled.
Edge Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-10-23]
Edge Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cllnohpbfenopiakdcjmjcbaeapmkcdl [2024-09-11]
Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2024-09-11]
Edge Extension: (Popup View for Google™ Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cpogidebfcfffnbjlmoknfpemngaijdj [2024-09-11]
Edge Extension: (change-language) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fancfknaplihpclbhbpclnmmjcjanbaf [2024-12-18]
Edge Extension: (Google Translate in Right Click) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fcoongackakfdmiincikmjgkedcgjkdp [2024-09-11]
Edge Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-09-11]
Edge Extension: (Microsoft S/MIME) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gamjhjfeblghkihfjdpmbpajhlpmobbp [2024-09-11]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-02]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-18]
Edge Extension: (Coinbase Wallet extension) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2024-12-21]
Edge Extension: (OneTab) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2024-09-11]
Edge Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-09-11]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2025-01-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-11]
Edge Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\pnfonnnmfjnpfgagnklfaccicnnjcdkm [2024-12-04]
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2025-01-04]
Edge Session Restore: Profile 4 -> is enabled.
Edge Extension: (lock) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-12-27]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-27]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-12-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-03]
FireFox:
========
FF HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2024-09-13] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default [2025-01-04]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Entanglement Web App) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2024-12-18]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2024-12-18]
CHR Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-12-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-18]
CHR Extension: (OneTab) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-12-18]
CHR Extension: (Google Tips) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2024-12-18]
CHR Extension: (change-language) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2024-12-18]
CHR Extension: (Enhancer for Telegram™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafiggkhlbbhfcpgggcfeeoliillkabn [2024-12-18]
CHR Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-18]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2024-12-27]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2024-12-18]
CHR Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2024-12-18]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-12-18]
CHR Extension: (Dropbox) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2024-12-18]
CHR Extension: (Grepolis) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2024-12-18]
CHR Extension: (OneDrive) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2024-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-18]
CHR Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-12-31]
CHR Extension: (Drive Files to OneDrive™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcagpleiioillikneeillgemaanajfae [2024-12-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-03-30] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-08-16] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 EPMVssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{932D84CE-BAED-40E7-9D8C-43419DE47389} [22384 2023-12-04] (Microsoft Windows -> Microsoft Corporation)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [110098 2016-06-23] (Fortinet Inc.) [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 hostcontrolsvc; C:\Windows\System32\bcmHostControlService.exe [840416 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 hoststoragesvc; C:\Windows\System32\bcmHostStorageService.exe [176864 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [19903384 2024-12-18] (Logitech Inc -> Logitech, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [256856 2024-03-15] (Intel Corporation -> Intel Corporation)
R2 ushupgradesvc; C:\Windows\System32\bcmUshUpgradeService.exe [333064 2023-07-05] (Broadcom Inc -> )
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ddmdrv; C:\Windows\SysWOW64\ddmdrv.sys [34216 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm660.sys [150336 2023-10-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 DPMDriver; C:\Windows\System32\drivers\DPMDriver.sys [139680 2022-12-08] (IndiLogic LLC -> Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_7e337195b92a35b6\e1d.sys [611936 2023-08-31] (Intel Corporation -> Intel Corporation)
S3 epmdkdrv; C:\Windows\system32\epmdkdrv.sys [27728 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\Windows\System32\drivers\EUDCPEPM.sys [76344 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [24656 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [40016 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 MpKsldfde19de; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20A70B21-9F7B-4196-8955-0E00D6154C73}\MpKslDrv.sys [267552 2025-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 pppop; C:\Windows\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1169096 2023-06-15] (Realtek Semiconductor Corp. -> Realtek Corporation)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_fd307d9242e9056e\WiManH\WiManH.sys [182864 2023-11-09] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 21:26 - 2025-01-04 21:26 - 000000008 _____ C:\ProgramData\ntuser.pol
2025-01-04 17:36 - 2025-01-04 21:26 - 000000662 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2025-01-04 17:36 - 2025-01-04 17:39 - 000000000 ____D C:\Users\Parek\Downloads\ccsetup631
2025-01-04 17:36 - 2025-01-04 17:36 - 000003378 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2025-01-04 17:35 - 2025-01-04 17:35 - 079982561 _____ C:\Users\Parek\Downloads\ccsetup631.zip
2025-01-04 17:14 - 2025-01-04 17:16 - 000000000 ____D C:\AdwCleaner
2025-01-04 17:14 - 2025-01-04 17:14 - 008790880 _____ (Malwarebytes) C:\Users\Parek\Downloads\adwcleaner.exe
2025-01-04 14:15 - 2025-01-04 23:10 - 000000000 ____D C:\FRST
2025-01-04 14:05 - 2025-01-04 14:05 - 002833136 _____ (Malwarebytes) C:\Users\Parek\Downloads\MBSetup.exe
2025-01-02 20:18 - 2025-01-02 20:18 - 000000389 _____ C:\Users\Parek\OneDrive\Desktop\Kingdom Come Deliverance.url
2025-01-02 19:24 - 2025-01-02 19:24 - 000000000 ____D C:\Program Files\Epic Games
2025-01-02 19:22 - 2025-01-04 15:46 - 000000000 ____D C:\Users\Parek\AppData\Local\EpicGamesLauncher
2025-01-02 19:22 - 2025-01-03 23:40 - 000000000 ____D C:\Users\Parek\AppData\Local\Epic Games
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngineLauncher
2025-01-02 19:21 - 2025-01-02 19:23 - 000000000 ____D C:\ProgramData\Epic
2025-01-02 19:21 - 2025-01-02 19:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-02 19:21 - 2025-01-02 19:21 - 203468800 _____ C:\Users\Parek\Downloads\EpicInstaller-17.2.0.msi
2025-01-02 19:21 - 2025-01-02 19:21 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-02 17:48 - 2025-01-02 17:48 - 000150411 _____ C:\Users\Parek\Downloads\zakazane_zasilky_obecne_CZ.pdf
2025-01-01 19:38 - 2025-01-01 19:38 - 070486104 _____ C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00.exe
2025-01-01 19:38 - 2025-01-01 19:38 - 000000000 ____D C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00
2024-12-31 00:19 - 2024-12-31 00:19 - 000002410 _____ C:\Users\Parek\OneDrive\Desktop\Quake 4.lnk
2024-12-30 23:52 - 2025-01-02 19:23 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA Corporation
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\AppData\Roaming\NVIDIA
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\ansel
2024-12-30 16:53 - 2024-12-30 16:53 - 000000802 _____ C:\Users\Parek\OneDrive\Desktop\Manor Lords.lnk
2024-12-30 11:18 - 2024-12-30 11:18 - 000000000 ____D C:\Users\Parek\AppData\Local\ManorLords
2024-12-30 00:12 - 2024-12-30 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[K-Repack]
2024-12-29 18:10 - 2024-12-29 18:10 - 000000852 _____ C:\Users\Parek\OneDrive\Desktop\Warcraft I Remastered.lnk
2024-12-28 00:18 - 2024-12-28 13:53 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Mount and Blade II Bannerlord
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2024-12-27 23:29 - 2024-12-27 23:29 - 000000000 ____D C:\ProgramData\GOG.com
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-27 10:45 - 2024-12-27 10:45 - 003243852 _____ C:\Windows\Minidump\122724-12703-01.dmp
2024-12-25 11:25 - 2024-12-25 11:25 - 000000000 ____D C:\Users\Parek\AppData\Local\CrashDumps
2024-12-23 08:30 - 2024-12-23 08:31 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\CnCRemastered
2024-12-23 08:30 - 2024-12-23 08:30 - 000000000 ____D C:\Users\Parek\AppData\Roaming\CnCRemastered
2024-12-23 08:26 - 2024-12-23 08:26 - 000000000 ___HD C:\temp
2024-12-23 08:21 - 2024-12-23 08:21 - 000001045 _____ C:\Users\Parek\OneDrive\Desktop\Command and Conquer Remastered Collection.lnk
2024-12-23 08:21 - 2024-12-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2024-12-23 08:18 - 2024-12-24 11:09 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Notepad++
2024-12-23 08:18 - 2024-12-23 08:18 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-12-23 08:18 - 2024-12-23 08:18 - 000000000 ____D C:\Program Files\Notepad++
2024-12-23 08:17 - 2024-12-23 08:17 - 006652296 _____ (Don HO don.h@free.fr) C:\Users\Parek\Downloads\npp.8.7.4.Installer.x64.exe
2024-12-22 09:43 - 2024-12-22 09:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\FileZilla
2024-12-22 09:43 - 2024-12-22 09:46 - 000000000 ____D C:\Users\Parek\AppData\Local\FileZilla
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-12-22 09:11 - 2024-12-22 09:13 - 000000000 ____D C:\VMs
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Roaming\VMware
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Local\VMware
2024-12-22 09:09 - 2025-01-04 22:26 - 000000000 ____D C:\ProgramData\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000817478 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files (x86)\VMware
2024-12-22 09:09 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2024-12-22 09:09 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-12-22 09:09 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2024-12-22 09:02 - 2024-12-24 12:09 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Zero Hour Data
2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-22 08:38 - 2024-12-22 08:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\SpellForce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-20 17:23 - 2024-12-20 17:23 - 000000000 ___HD C:\$WinREAgent
2024-12-20 17:07 - 2024-12-20 17:07 - 000099732 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ARGENTINSKÁ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-20 17:06 - 2024-12-20 17:06 - 000084202 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ŽELEZNIČÁŘŮ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-12-19 07:49 - 2024-12-19 07:49 - 000000000 ____D C:\Program Files\Logi
2024-12-19 07:47 - 2024-12-19 07:48 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-12-19 07:47 - 2024-12-19 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 22:00 - 2024-12-18 22:01 - 000000000 ____D C:\Users\Parek\AppData\Local\keraP
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-20 17:00 - 000002502 _____ C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-20 17:00 - 000002471 _____ C:\Users\Parek\OneDrive\Desktop\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:57 - 2024-12-18 21:57 - 164068399 _____ (Wpf) C:\Users\Parek\Downloads\GoogleChrome.exe
2024-12-18 21:53 - 2024-12-18 00:13 - 000000717 _____ C:\Users\Parek\OneDrive\Desktop\Age of Empires IV.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2025-01-04 23:01 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Local\LogiOptionsPlus
2025-01-04 23:01 - 2024-09-09 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-04 23:01 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-04 22:42 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-04 22:39 - 2024-09-09 20:13 - 000000000 ____D C:\tmp
2025-01-04 22:33 - 2024-09-09 18:38 - 000799974 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-04 22:33 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-01-04 22:26 - 2024-10-27 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-04 22:26 - 2024-09-09 18:51 - 000000000 __SHD C:\Users\Parek\IntelGraphicsProfiles
2025-01-04 22:26 - 2024-09-09 18:51 - 000000000 ____D C:\Intel
2025-01-04 22:26 - 2024-09-09 18:40 - 000000000 ___RD C:\Users\Parek\OneDrive
2025-01-04 22:26 - 2024-09-09 18:30 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-04 22:26 - 2024-09-09 18:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-04 22:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-01-04 22:25 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-01-04 21:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-01-04 21:25 - 2024-09-20 06:41 - 000000000 ____D C:\Users\Parek\AppData\LocalLow\Temp
2025-01-04 21:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2025-01-03 20:09 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Záruční listy
2025-01-02 19:23 - 2024-09-14 11:32 - 000000000 ____D C:\GOG Games
2025-01-02 19:23 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-02 19:22 - 2024-09-15 13:09 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngine
2025-01-02 17:58 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\Packages
2025-01-01 19:44 - 2024-09-26 16:22 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Word
2025-01-01 19:39 - 2024-09-18 17:55 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Excel
2024-12-31 15:55 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Rodina
2024-12-31 00:22 - 2024-09-13 20:08 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Free Download Manager
2024-12-30 23:51 - 2024-09-09 18:37 - 000000000 ____D C:\Users\Parek
2024-12-30 11:18 - 2024-09-09 18:48 - 000000000 ____D C:\Users\Parek\AppData\Local\D3DSCache
2024-12-30 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 00:05 - 2024-09-14 18:30 - 000000000 ____D C:\Games
2024-12-29 23:06 - 2024-11-11 18:36 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2024-12-29 23:05 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\My Games
2024-12-29 13:58 - 2024-11-02 19:58 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-12-27 10:45 - 2024-10-11 16:42 - 1482165546 _____ C:\Windows\MEMORY.DMP
2024-12-27 10:45 - 2024-10-11 16:42 - 000000000 ____D C:\Windows\Minidump
2024-12-23 08:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-23 06:08 - 2024-09-09 18:30 - 000479088 _____ C:\Windows\system32\FNTCACHE.DAT
2024-12-22 16:31 - 2024-09-28 20:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-12-22 16:06 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Data
2024-12-22 09:25 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Roaming\logioptionsplus
2024-12-22 08:46 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\VirtualStore
2024-12-22 08:35 - 2023-12-04 03:56 - 000000000 ____D C:\Windows\SystemTemp
2024-12-21 11:58 - 2024-09-09 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-21 11:57 - 2024-09-09 18:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 11:57 - 2024-09-09 18:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-12-20 17:36 - 2024-09-09 18:44 - 000000000 ____D C:\Users\Parek\AppData\Local\PlaceholderTileLogoFolder
2024-12-20 17:34 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2024-12-20 17:33 - 2024-09-09 18:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-12-20 17:26 - 2024-09-13 19:55 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-12-20 17:25 - 2024-09-09 19:17 - 000000000 ____D C:\Windows\system32\compatrel
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2024-12-18 22:05 - 2024-09-11 19:49 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-18 22:01 - 2024-09-13 20:29 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-12-18 22:01 - 2024-09-13 20:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-18 21:53 - 2024-09-09 19:40 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Jízdenky
2024-12-18 21:52 - 2024-09-11 19:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-12-18 21:52 - 2024-09-11 19:59 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-18 21:52 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Vstupenky
2024-12-18 21:52 - 2024-09-09 19:22 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001
2024-12-14 20:34 - 2024-09-09 19:39 - 000002424 _____ C:\Users\Parek\OneDrive\Dokumenty\Default.rdp
==================== Files in the root of some directories ========
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-11-21 21:24 - 2024-11-21 21:24 - 000000024 _____ () C:\Users\Parek\AppData\Roaming\epm_user.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (04-01-2025 23:10:58)
Running from C:\tmp\frst
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2024-09-09 17:32:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3391527302-3298552988-2452015091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3391527302-3298552988-2452015091-503 - Limited - Disabled)
Guest (S-1-5-21-3391527302-3298552988-2452015091-501 - Limited - Disabled)
Parek (S-1-5-21-3391527302-3298552988-2452015091-1001 - Administrator - Enabled) => C:\Users\Parek
WDAGUtilityAccount (S-1-5-21-3391527302-3298552988-2452015091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.08 (x64) (HKLM\...\7-Zip) (Version: 24.08 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.6.1 (HKLM-x32\...\AOMEI Partition Assistant_is1) (Version: 9.6.1 - RePack 9649)
Apple Mobile Device Support (HKLM\...\{336D80E8-E773-4B6F-BCAB-D291F34A6685}) (Version: 17.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2024.11.1 - Bitwarden Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command and Conquer Remastered Collection (HKLM-x32\...\Command and Conquer Remastered Collection_is1) (Version: - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
DisplayLink Graphics (HKLM\...\{FF7B0409-B387-4215-B575-7971A6B57F5D}) (Version: 11.2.3146.0 - DisplayLink Corp.)
EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
FileZilla 3.68.1 (HKLM-x32\...\FileZilla Client) (Version: 3.68.1 - Tim Kosse)
FortiClient (HKLM\...\{B611B858-9363-42FC-AE47-3430D54CCE1B}) (Version: 5.4.1.0840 - Fortinet Inc)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeTube 0.21.3 (HKLM\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.21.3 - PrestonN)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
iTunes (HKLM\...\{DA2C65E7-7091-46AD-A10F-AC34207C33B9}) (Version: 12.13.2.3 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.85.655119 - Logitech)
Logi Plugin Service (HKLM\...\{2751BCA2-7FA8-4CDF-A240-A53F46183755}) (Version: 6.0.2.21145 - Logitech)
Manor Lords [K] (HKLM\...\Manor Lords [K]_is1) (Version: 0.8.004 - K-Repack)
Messenger (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft S/MIME Control for Outlook on the web for Edge/Chrome (HKLM-x32\...\{80C59609-6400-4E37-A0F4-BAF6D3725E60}) (Version: 15.21.18833 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (HKLM-x32\...\{3D6AD258-61EA-35F5-812C-B7A02152996E}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (HKLM-x32\...\{E7D4E834-93EB-351F-B8FB-82CDAE623003}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
MiniTool Partition Wizard v12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited (RePack by Dodakaedr))
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.4 - Notepad++ Team)
NVIDIA Graphics Driver 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Název spolecnosti:)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roblox Player for Parek (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-07] (HP Inc.)
Bitwarden -> C:\Program Files\WindowsApps\bitwarden.com-8AD4A5AF_1.0.0.1_neutral__cm1p359qmnrhw [2024-11-17] (bitwarden.com)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16001.0_x64__8wekyb3d8bbwe [2024-11-14] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-28] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2024-09-09] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Parek\AppData\Local\Google\Chrome\Application\131.0.6778.205\notification_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53b77523eaecddc1\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39a55e8d68262d97\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2024-11-21 21:14 - 2021-09-26 08:58 - 000194048 _____ () [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssh2.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000552978 _____ () [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-06-23 14:25 - 2016-06-23 14:25 - 000145426 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiSkin.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000291346 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiTrayResc.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000061458 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\libcfg.dll
2016-06-23 14:24 - 2016-06-23 14:24 - 000408082 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sslvpnlib.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000716818 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\utilsdll.dll
2024-11-21 21:14 - 2022-08-16 13:11 - 000509064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrap.DLL
2024-11-21 21:14 - 2022-08-16 13:12 - 000141448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\EnsHelper.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000098440 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\register.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000461448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\wpnr.dll
2024-11-21 21:14 - 2022-08-16 13:10 - 000066696 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master\DC\bin\x64\VssEaseusProvider.dll
2024-09-12 08:22 - 2024-08-11 14:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2024-11-02 15:49 - 2024-11-02 15:49 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000428544 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcurl.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 002523136 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcrypto-1_1.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000531456 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssl-1_1.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-12-03] (Softdeluxe Ltd. -> FreeDownloadManager.ORG)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\sharepoint.com -> hxxps://cgiitczech-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2025-01-04 21:25 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parek\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5628546655569156232\133804189297507593.jpg
DNS Servers: 192.168.1.99 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: PPPoP WAN Adapter -> pppop64.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
Ethernet 5: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Bluetooth Network Connection 2: Bluetooth Device (Personal Area Network) #2 -> bthpan.sys
Wi-Fi 2: Intel(R) Wi-Fi 6 AX201 160MHz #2 -> Netwtw10.sys
vmware_bridge: VMware Bridge Protocol
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4564D46C-8D38-48BA-A007-A5A5BE88242B}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{B605F3CE-F421-4095-AAD9-6D20C57681DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4B000B3-904A-42CF-9005-45CC68DD1420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70B53AB0-0A4B-4F73-85F4-BDBC6792DC96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65B472B7-0627-4046-B1A0-F83EE5E4D876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB474E93-F508-4AA5-9A92-AE6023993BF1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FF19C45-E2FF-4F3C-B64A-66DE5FB73C85}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{A8DA1959-2F69-4F6F-8A4A-33AF116C36DD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{5C4EE56C-14B3-42BD-929F-32B8003C0185}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{D84EE90D-1170-404F-BE48-A33DFF713D0E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{94DF1953-2C5D-4E9F-8E79-735582A4AD95}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{AA429FCB-F2DE-4C4D-B278-29D9839A93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61FE3BD0-CC98-4AE6-9D2B-DA7E50239E8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC288BE1-A23B-4AE8-9047-909B0A709F1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{817A5C39-085D-4904-8DBF-EB7D37B3F37A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{525CCC00-F7A1-40AE-A563-DA8B9887D8C7}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1646C64-12E6-4B1E-B9D1-1C56DE874437}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA882022-3AD7-4409-BE01-6EABF84C292B}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{2FF10A1E-FF78-41BB-BAFE-B104E1D8AF6F}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [TCP Query User{267035D8-1E6C-40E0-9568-1AEF128DABBE}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A4118F8-9177-4F9D-95FD-2EA08149BEF1}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{070347D7-6B2A-4EEE-8F81-9213C3BB149E}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{93674AC2-0603-4D1A-B42D-A26F2D7C2AC0}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [{9B8B03A9-E587-4334-8DB8-3F7939DD9373}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{601241F7-DFD0-4897-88F1-31B659D95982}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{EEB4A53F-1E83-4326-A5AD-AA8D67782882}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{081C13DE-EC20-470B-8D04-843D4614AB13}] => (Allow) C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe (LoupeDeck Oy -> Logitech)
FirewallRules: [{E68DA63B-55DD-4BC1-831A-0C3A7C66C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34917D7B-78AB-4E05-9754-E5C791C5B7FD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{03ECE3F8-8C0E-4F9A-9384-A83BEB323DCE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2BEBBB9B-FF0A-49C6-B7A1-A38E515331D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A25797-8C46-4DC1-9FFA-609ADFFCFAC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{533199E0-ECCE-4AF1-A37F-1C5F0E346838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{257C9E53-0817-460B-8F96-A3FB08031119}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{78C4BA2D-3FFD-4F66-97AD-3E446D4F6F58}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{3E0F1D1E-41FB-4213-88E7-1435BE3ECE71}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{519FDCFA-D43B-440B-AE52-0F4BA893E37D}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{93880D41-4FEE-487A-AC4D-17A19236D967}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:607.6 GB) (Free:95.25 GB) (16%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/04/2025 11:09:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 4.1.2025.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 405c
Start Time: 01db5ef47b46347f
Termination Time: 3
Application Path: C:\tmp\frst\FRST64.exe
Report Id: 8cfd1b98-714e-4a19-9e8d-875fadde661c
Faulting package full name:
Faulting package-relative application ID:
Hang type: Cross-process
Error: (01/04/2025 10:25:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (01/04/2025 10:25:44 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Parek-x360.local. AAAA FE80:0000:0000:0000:02C8:CDD2:A288:BB20
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.231.1:5353 4 Parek-x360.local. Addr 192.168.231.1
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Parek-x360.local. Addr 169.254.134.234
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.231.1:5353 4 Parek-x360.local. Addr 192.168.231.1
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Parek-x360.local. AAAA FE80:0000:0000:0000:6C84:571C:4D8D:34F3
System errors:
=============
Error: (01/04/2025 11:01:43 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {56a4f8e4-1b78-48df-9515-e310e95634d6}, had event 74
Error: (01/04/2025 10:26:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/04/2025 10:26:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/04/2025 09:26:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/04/2025 09:26:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/04/2025 09:26:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/04/2025 09:26:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HP Insights Analytics service depends on the User Profile Service service which failed to start because of the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/04/2025 09:26:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The User Profile Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Windows Defender:
================
Date: 2025-01-04 13:34:47
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {47FE5F70-936A-4FBB-B4CD-DBCE6F10249B}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-04 00:17:01
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {9FD109FC-AAD0-403F-94CC-35C23A9C6CE9}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:11:43
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {BEBA0D7A-EF75-42EB-A344-F6DB0A603CCE}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-01 01:45:29
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {41A867D5-8F54-4908-AF99-ADC52EE25692}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-30 08:25:50
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {8D4740D1-60F7-4DEB-882D-F790AEBE7A03}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Backup
Kód chyby: 0x80004004
Popis chyby: Operation aborted
Verze bezpečnostních informací: 1.419.377.0;1.419.377.0
Verze modulu: 1.1.24080.9
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Current
Kód chyby: 0x80501102
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Verze bezpečnostních informací: 1.419.387.0;1.419.387.0
Verze modulu: 1.1.24080.9
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80240022
Popis chyby: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2025-01-04 23:01:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.20 04/22/2024
Motherboard: HP 86E7
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 52%
Total physical RAM: 16081.58 MB
Available physical RAM: 7636.98 MB
Total Virtual: 18513.58 MB
Available Virtual: 9689.54 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:607.6 GB) (Free:95.25 GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
\\?\Volume{9025fdea-f346-417e-ab2c-5c0e7875a15c}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{a84bcc09-f93f-421e-aed0-9893fe441ab6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f5916b01-d3c0-46d7-ab8a-bd0b50faedd8}\ () (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{d2562ee7-52f9-49c2-8814-aab90d85c24d}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1788.5 GB) (Disk ID: 0DBB4B75)
Partition: GPT.
==================== End of Addition.txt =======================
decrypted.exe - https://www.virustotal.com/gui/file/d5b ... 3e402d429f
ChromeSetup.exe - https://www.virustotal.com/gui/file/e97 ... 519fa2dd40
To nejlepší nakonec: GoogleChrome.exe - https://www.virustotal.com/gui/file/e31 ... 3298cc1563
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by Parek (administrator) on PAREK-X360 (HP HP Spectre x360 Convertible 15-eb0xxx) (04-01-2025 23:09:49)
Running from C:\tmp\frst\FRST64.exe
Loaded Profiles: Parek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\EaseUS\ENS\ensserver.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrapExe.exe
(C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe <6>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> com.logitech) C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEM.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\BridgeCommunication.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Parek\AppData\Local\Google\Chrome\Application\chrome.exe <25>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Broadcom Inc -> ) C:\Windows\System32\bcmUshUpgradeService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostControlService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostStorageService.exe
(services.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952720 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2024-04-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [GoogleUpdaterTaskUser132.0.6833.0] => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-02] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [1829376 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1879552 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-02] (pdfforge GmbH) [File not signed]
Startup: C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-12-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7D108C1A-E51E-4A67-B337-339A2BC0F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Task: {0CA436D0-5B09-46E2-96B6-A94B8B79004B} - System32\Tasks\CCleanerCrashReporting => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Users\Parek\Downloads\ccsetup631\LOG" --programpath "C:\Users\Parek\Downloads\ccsetup631" --guid "" --version "6.31.11415" --silent
Task: {4D8A0455-E1FD-41E6-AD7A-E04FE99B81ED} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Users\Parek\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {BA9DC40E-7CA2-48EB-9706-358A2FF4AFBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {833EEEBE-1ABD-4D6F-B1C8-A37D31A6F13E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70279CCA-5CEF-4B0B-B0D7-4725EC155553} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B87A016-3F33-4624-98A7-3DC97FB16301} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB9976A5-C8FC-4DE8-91FC-A58C9018ACEE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [186992 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BEF3B4AD-35C1-4954-97E4-BF89EF19E975} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6C6130B-A6F8-4BC6-9D55-6F7DBFDB31AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CD9905F-5A6C-4D6E-BB4F-79512D2F28D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56F94A1C-C40E-438E-88FA-B626623D768F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1781271-B23F-4A85-A2CA-0E59B1B84CB4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8105478-0A37-45EC-8D69-35DF0BF2FC5B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\368616368616: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\84F64756C6F564275656: [DhcpNameServer] 185.75.138.254 185.75.138.253
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{9cc330eb-c712-4df8-a8a7-ad3bb867bef7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpDomain] home
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\5436F6665756C6: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\B6271626963656: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Profile 3
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2025-01-04]
Edge HomePage: Profile 3 -> hxxp://www.google.com
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
Edge Session Restore: Profile 3 -> is enabled.
Edge Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-10-23]
Edge Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cllnohpbfenopiakdcjmjcbaeapmkcdl [2024-09-11]
Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2024-09-11]
Edge Extension: (Popup View for Google™ Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cpogidebfcfffnbjlmoknfpemngaijdj [2024-09-11]
Edge Extension: (change-language) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fancfknaplihpclbhbpclnmmjcjanbaf [2024-12-18]
Edge Extension: (Google Translate in Right Click) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fcoongackakfdmiincikmjgkedcgjkdp [2024-09-11]
Edge Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-09-11]
Edge Extension: (Microsoft S/MIME) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gamjhjfeblghkihfjdpmbpajhlpmobbp [2024-09-11]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-02]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-18]
Edge Extension: (Coinbase Wallet extension) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2024-12-21]
Edge Extension: (OneTab) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2024-09-11]
Edge Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-09-11]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2025-01-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-11]
Edge Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\pnfonnnmfjnpfgagnklfaccicnnjcdkm [2024-12-04]
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2025-01-04]
Edge Session Restore: Profile 4 -> is enabled.
Edge Extension: (lock) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-12-27]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-27]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-12-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-03]
FireFox:
========
FF HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2024-09-13] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default [2025-01-04]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Entanglement Web App) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2024-12-18]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2024-12-18]
CHR Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-12-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-18]
CHR Extension: (OneTab) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-12-18]
CHR Extension: (Google Tips) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2024-12-18]
CHR Extension: (change-language) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2024-12-18]
CHR Extension: (Enhancer for Telegram™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafiggkhlbbhfcpgggcfeeoliillkabn [2024-12-18]
CHR Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-18]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2024-12-27]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2024-12-18]
CHR Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2024-12-18]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-12-18]
CHR Extension: (Dropbox) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2024-12-18]
CHR Extension: (Grepolis) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2024-12-18]
CHR Extension: (OneDrive) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2024-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-18]
CHR Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-12-31]
CHR Extension: (Drive Files to OneDrive™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcagpleiioillikneeillgemaanajfae [2024-12-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-03-30] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-08-16] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 EPMVssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{932D84CE-BAED-40E7-9D8C-43419DE47389} [22384 2023-12-04] (Microsoft Windows -> Microsoft Corporation)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [110098 2016-06-23] (Fortinet Inc.) [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 hostcontrolsvc; C:\Windows\System32\bcmHostControlService.exe [840416 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 hoststoragesvc; C:\Windows\System32\bcmHostStorageService.exe [176864 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [19903384 2024-12-18] (Logitech Inc -> Logitech, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [256856 2024-03-15] (Intel Corporation -> Intel Corporation)
R2 ushupgradesvc; C:\Windows\System32\bcmUshUpgradeService.exe [333064 2023-07-05] (Broadcom Inc -> )
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ddmdrv; C:\Windows\SysWOW64\ddmdrv.sys [34216 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm660.sys [150336 2023-10-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 DPMDriver; C:\Windows\System32\drivers\DPMDriver.sys [139680 2022-12-08] (IndiLogic LLC -> Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_7e337195b92a35b6\e1d.sys [611936 2023-08-31] (Intel Corporation -> Intel Corporation)
S3 epmdkdrv; C:\Windows\system32\epmdkdrv.sys [27728 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\Windows\System32\drivers\EUDCPEPM.sys [76344 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [24656 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [40016 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 MpKsldfde19de; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{20A70B21-9F7B-4196-8955-0E00D6154C73}\MpKslDrv.sys [267552 2025-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 pppop; C:\Windows\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1169096 2023-06-15] (Realtek Semiconductor Corp. -> Realtek Corporation)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_fd307d9242e9056e\WiManH\WiManH.sys [182864 2023-11-09] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 21:26 - 2025-01-04 21:26 - 000000008 _____ C:\ProgramData\ntuser.pol
2025-01-04 17:36 - 2025-01-04 21:26 - 000000662 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2025-01-04 17:36 - 2025-01-04 17:39 - 000000000 ____D C:\Users\Parek\Downloads\ccsetup631
2025-01-04 17:36 - 2025-01-04 17:36 - 000003378 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2025-01-04 17:35 - 2025-01-04 17:35 - 079982561 _____ C:\Users\Parek\Downloads\ccsetup631.zip
2025-01-04 17:14 - 2025-01-04 17:16 - 000000000 ____D C:\AdwCleaner
2025-01-04 17:14 - 2025-01-04 17:14 - 008790880 _____ (Malwarebytes) C:\Users\Parek\Downloads\adwcleaner.exe
2025-01-04 14:15 - 2025-01-04 23:10 - 000000000 ____D C:\FRST
2025-01-04 14:05 - 2025-01-04 14:05 - 002833136 _____ (Malwarebytes) C:\Users\Parek\Downloads\MBSetup.exe
2025-01-02 20:18 - 2025-01-02 20:18 - 000000389 _____ C:\Users\Parek\OneDrive\Desktop\Kingdom Come Deliverance.url
2025-01-02 19:24 - 2025-01-02 19:24 - 000000000 ____D C:\Program Files\Epic Games
2025-01-02 19:22 - 2025-01-04 15:46 - 000000000 ____D C:\Users\Parek\AppData\Local\EpicGamesLauncher
2025-01-02 19:22 - 2025-01-03 23:40 - 000000000 ____D C:\Users\Parek\AppData\Local\Epic Games
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngineLauncher
2025-01-02 19:21 - 2025-01-02 19:23 - 000000000 ____D C:\ProgramData\Epic
2025-01-02 19:21 - 2025-01-02 19:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-02 19:21 - 2025-01-02 19:21 - 203468800 _____ C:\Users\Parek\Downloads\EpicInstaller-17.2.0.msi
2025-01-02 19:21 - 2025-01-02 19:21 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-02 17:48 - 2025-01-02 17:48 - 000150411 _____ C:\Users\Parek\Downloads\zakazane_zasilky_obecne_CZ.pdf
2025-01-01 19:38 - 2025-01-01 19:38 - 070486104 _____ C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00.exe
2025-01-01 19:38 - 2025-01-01 19:38 - 000000000 ____D C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00
2024-12-31 00:19 - 2024-12-31 00:19 - 000002410 _____ C:\Users\Parek\OneDrive\Desktop\Quake 4.lnk
2024-12-30 23:52 - 2025-01-02 19:23 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA Corporation
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\AppData\Roaming\NVIDIA
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\ansel
2024-12-30 16:53 - 2024-12-30 16:53 - 000000802 _____ C:\Users\Parek\OneDrive\Desktop\Manor Lords.lnk
2024-12-30 11:18 - 2024-12-30 11:18 - 000000000 ____D C:\Users\Parek\AppData\Local\ManorLords
2024-12-30 00:12 - 2024-12-30 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[K-Repack]
2024-12-29 18:10 - 2024-12-29 18:10 - 000000852 _____ C:\Users\Parek\OneDrive\Desktop\Warcraft I Remastered.lnk
2024-12-28 00:18 - 2024-12-28 13:53 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Mount and Blade II Bannerlord
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2024-12-27 23:29 - 2024-12-27 23:29 - 000000000 ____D C:\ProgramData\GOG.com
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-27 10:45 - 2024-12-27 10:45 - 003243852 _____ C:\Windows\Minidump\122724-12703-01.dmp
2024-12-25 11:25 - 2024-12-25 11:25 - 000000000 ____D C:\Users\Parek\AppData\Local\CrashDumps
2024-12-23 08:30 - 2024-12-23 08:31 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\CnCRemastered
2024-12-23 08:30 - 2024-12-23 08:30 - 000000000 ____D C:\Users\Parek\AppData\Roaming\CnCRemastered
2024-12-23 08:26 - 2024-12-23 08:26 - 000000000 ___HD C:\temp
2024-12-23 08:21 - 2024-12-23 08:21 - 000001045 _____ C:\Users\Parek\OneDrive\Desktop\Command and Conquer Remastered Collection.lnk
2024-12-23 08:21 - 2024-12-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2024-12-23 08:18 - 2024-12-24 11:09 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Notepad++
2024-12-23 08:18 - 2024-12-23 08:18 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-12-23 08:18 - 2024-12-23 08:18 - 000000000 ____D C:\Program Files\Notepad++
2024-12-23 08:17 - 2024-12-23 08:17 - 006652296 _____ (Don HO don.h@free.fr) C:\Users\Parek\Downloads\npp.8.7.4.Installer.x64.exe
2024-12-22 09:43 - 2024-12-22 09:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\FileZilla
2024-12-22 09:43 - 2024-12-22 09:46 - 000000000 ____D C:\Users\Parek\AppData\Local\FileZilla
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-12-22 09:11 - 2024-12-22 09:13 - 000000000 ____D C:\VMs
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Roaming\VMware
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Local\VMware
2024-12-22 09:09 - 2025-01-04 22:26 - 000000000 ____D C:\ProgramData\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000817478 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files (x86)\VMware
2024-12-22 09:09 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2024-12-22 09:09 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-12-22 09:09 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2024-12-22 09:02 - 2024-12-24 12:09 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Zero Hour Data
2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-22 08:38 - 2024-12-22 08:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\SpellForce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-20 17:23 - 2024-12-20 17:23 - 000000000 ___HD C:\$WinREAgent
2024-12-20 17:07 - 2024-12-20 17:07 - 000099732 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ARGENTINSKÁ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-20 17:06 - 2024-12-20 17:06 - 000084202 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ŽELEZNIČÁŘŮ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-12-19 07:49 - 2024-12-19 07:49 - 000000000 ____D C:\Program Files\Logi
2024-12-19 07:47 - 2024-12-19 07:48 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-12-19 07:47 - 2024-12-19 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 22:00 - 2024-12-18 22:01 - 000000000 ____D C:\Users\Parek\AppData\Local\keraP
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-20 17:00 - 000002502 _____ C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-20 17:00 - 000002471 _____ C:\Users\Parek\OneDrive\Desktop\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:57 - 2024-12-18 21:57 - 164068399 _____ (Wpf) C:\Users\Parek\Downloads\GoogleChrome.exe
2024-12-18 21:53 - 2024-12-18 00:13 - 000000717 _____ C:\Users\Parek\OneDrive\Desktop\Age of Empires IV.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 23:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2025-01-04 23:01 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Local\LogiOptionsPlus
2025-01-04 23:01 - 2024-09-09 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-04 23:01 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-04 22:42 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-04 22:39 - 2024-09-09 20:13 - 000000000 ____D C:\tmp
2025-01-04 22:33 - 2024-09-09 18:38 - 000799974 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-04 22:33 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-01-04 22:26 - 2024-10-27 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-04 22:26 - 2024-09-09 18:51 - 000000000 __SHD C:\Users\Parek\IntelGraphicsProfiles
2025-01-04 22:26 - 2024-09-09 18:51 - 000000000 ____D C:\Intel
2025-01-04 22:26 - 2024-09-09 18:40 - 000000000 ___RD C:\Users\Parek\OneDrive
2025-01-04 22:26 - 2024-09-09 18:30 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-04 22:26 - 2024-09-09 18:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-04 22:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-01-04 22:25 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-01-04 21:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-01-04 21:25 - 2024-09-20 06:41 - 000000000 ____D C:\Users\Parek\AppData\LocalLow\Temp
2025-01-04 21:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2025-01-03 20:09 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Záruční listy
2025-01-02 19:23 - 2024-09-14 11:32 - 000000000 ____D C:\GOG Games
2025-01-02 19:23 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-02 19:22 - 2024-09-15 13:09 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngine
2025-01-02 17:58 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\Packages
2025-01-01 19:44 - 2024-09-26 16:22 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Word
2025-01-01 19:39 - 2024-09-18 17:55 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Excel
2024-12-31 15:55 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Rodina
2024-12-31 00:22 - 2024-09-13 20:08 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Free Download Manager
2024-12-30 23:51 - 2024-09-09 18:37 - 000000000 ____D C:\Users\Parek
2024-12-30 11:18 - 2024-09-09 18:48 - 000000000 ____D C:\Users\Parek\AppData\Local\D3DSCache
2024-12-30 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 00:05 - 2024-09-14 18:30 - 000000000 ____D C:\Games
2024-12-29 23:06 - 2024-11-11 18:36 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2024-12-29 23:05 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\My Games
2024-12-29 13:58 - 2024-11-02 19:58 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-12-27 10:45 - 2024-10-11 16:42 - 1482165546 _____ C:\Windows\MEMORY.DMP
2024-12-27 10:45 - 2024-10-11 16:42 - 000000000 ____D C:\Windows\Minidump
2024-12-23 08:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-23 06:08 - 2024-09-09 18:30 - 000479088 _____ C:\Windows\system32\FNTCACHE.DAT
2024-12-22 16:31 - 2024-09-28 20:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-12-22 16:06 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Data
2024-12-22 09:25 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Roaming\logioptionsplus
2024-12-22 08:46 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\VirtualStore
2024-12-22 08:35 - 2023-12-04 03:56 - 000000000 ____D C:\Windows\SystemTemp
2024-12-21 11:58 - 2024-09-09 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-21 11:57 - 2024-09-09 18:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 11:57 - 2024-09-09 18:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-12-20 17:36 - 2024-09-09 18:44 - 000000000 ____D C:\Users\Parek\AppData\Local\PlaceholderTileLogoFolder
2024-12-20 17:34 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2024-12-20 17:33 - 2024-09-09 18:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-12-20 17:26 - 2024-09-13 19:55 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-12-20 17:25 - 2024-09-09 19:17 - 000000000 ____D C:\Windows\system32\compatrel
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2024-12-18 22:05 - 2024-09-11 19:49 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-18 22:01 - 2024-09-13 20:29 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-12-18 22:01 - 2024-09-13 20:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-18 21:53 - 2024-09-09 19:40 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Jízdenky
2024-12-18 21:52 - 2024-09-11 19:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-12-18 21:52 - 2024-09-11 19:59 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-18 21:52 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Vstupenky
2024-12-18 21:52 - 2024-09-09 19:22 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001
2024-12-14 20:34 - 2024-09-09 19:39 - 000002424 _____ C:\Users\Parek\OneDrive\Dokumenty\Default.rdp
==================== Files in the root of some directories ========
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-11-21 21:24 - 2024-11-21 21:24 - 000000024 _____ () C:\Users\Parek\AppData\Roaming\epm_user.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (04-01-2025 23:10:58)
Running from C:\tmp\frst
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2024-09-09 17:32:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3391527302-3298552988-2452015091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3391527302-3298552988-2452015091-503 - Limited - Disabled)
Guest (S-1-5-21-3391527302-3298552988-2452015091-501 - Limited - Disabled)
Parek (S-1-5-21-3391527302-3298552988-2452015091-1001 - Administrator - Enabled) => C:\Users\Parek
WDAGUtilityAccount (S-1-5-21-3391527302-3298552988-2452015091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.08 (x64) (HKLM\...\7-Zip) (Version: 24.08 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.6.1 (HKLM-x32\...\AOMEI Partition Assistant_is1) (Version: 9.6.1 - RePack 9649)
Apple Mobile Device Support (HKLM\...\{336D80E8-E773-4B6F-BCAB-D291F34A6685}) (Version: 17.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2024.11.1 - Bitwarden Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command and Conquer Remastered Collection (HKLM-x32\...\Command and Conquer Remastered Collection_is1) (Version: - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
DisplayLink Graphics (HKLM\...\{FF7B0409-B387-4215-B575-7971A6B57F5D}) (Version: 11.2.3146.0 - DisplayLink Corp.)
EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
FileZilla 3.68.1 (HKLM-x32\...\FileZilla Client) (Version: 3.68.1 - Tim Kosse)
FortiClient (HKLM\...\{B611B858-9363-42FC-AE47-3430D54CCE1B}) (Version: 5.4.1.0840 - Fortinet Inc)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeTube 0.21.3 (HKLM\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.21.3 - PrestonN)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
iTunes (HKLM\...\{DA2C65E7-7091-46AD-A10F-AC34207C33B9}) (Version: 12.13.2.3 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.85.655119 - Logitech)
Logi Plugin Service (HKLM\...\{2751BCA2-7FA8-4CDF-A240-A53F46183755}) (Version: 6.0.2.21145 - Logitech)
Manor Lords [K] (HKLM\...\Manor Lords [K]_is1) (Version: 0.8.004 - K-Repack)
Messenger (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft S/MIME Control for Outlook on the web for Edge/Chrome (HKLM-x32\...\{80C59609-6400-4E37-A0F4-BAF6D3725E60}) (Version: 15.21.18833 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (HKLM-x32\...\{3D6AD258-61EA-35F5-812C-B7A02152996E}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (HKLM-x32\...\{E7D4E834-93EB-351F-B8FB-82CDAE623003}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
MiniTool Partition Wizard v12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited (RePack by Dodakaedr))
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.4 - Notepad++ Team)
NVIDIA Graphics Driver 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Název spolecnosti:)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roblox Player for Parek (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-07] (HP Inc.)
Bitwarden -> C:\Program Files\WindowsApps\bitwarden.com-8AD4A5AF_1.0.0.1_neutral__cm1p359qmnrhw [2024-11-17] (bitwarden.com)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16001.0_x64__8wekyb3d8bbwe [2024-11-14] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-28] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2024-09-09] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Parek\AppData\Local\Google\Chrome\Application\131.0.6778.205\notification_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53b77523eaecddc1\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39a55e8d68262d97\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2024-11-21 21:14 - 2021-09-26 08:58 - 000194048 _____ () [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssh2.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000552978 _____ () [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-06-23 14:25 - 2016-06-23 14:25 - 000145426 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiSkin.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000291346 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiTrayResc.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000061458 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\libcfg.dll
2016-06-23 14:24 - 2016-06-23 14:24 - 000408082 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sslvpnlib.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000716818 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\utilsdll.dll
2024-11-21 21:14 - 2022-08-16 13:11 - 000509064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrap.DLL
2024-11-21 21:14 - 2022-08-16 13:12 - 000141448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\EnsHelper.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000098440 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\register.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000461448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\wpnr.dll
2024-11-21 21:14 - 2022-08-16 13:10 - 000066696 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master\DC\bin\x64\VssEaseusProvider.dll
2024-09-12 08:22 - 2024-08-11 14:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2024-11-02 15:49 - 2024-11-02 15:49 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000428544 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcurl.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 002523136 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcrypto-1_1.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000531456 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssl-1_1.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-12-03] (Softdeluxe Ltd. -> FreeDownloadManager.ORG)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\sharepoint.com -> hxxps://cgiitczech-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2025-01-04 21:25 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parek\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5628546655569156232\133804189297507593.jpg
DNS Servers: 192.168.1.99 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: PPPoP WAN Adapter -> pppop64.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
Ethernet 5: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Bluetooth Network Connection 2: Bluetooth Device (Personal Area Network) #2 -> bthpan.sys
Wi-Fi 2: Intel(R) Wi-Fi 6 AX201 160MHz #2 -> Netwtw10.sys
vmware_bridge: VMware Bridge Protocol
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4564D46C-8D38-48BA-A007-A5A5BE88242B}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{B605F3CE-F421-4095-AAD9-6D20C57681DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4B000B3-904A-42CF-9005-45CC68DD1420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70B53AB0-0A4B-4F73-85F4-BDBC6792DC96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65B472B7-0627-4046-B1A0-F83EE5E4D876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB474E93-F508-4AA5-9A92-AE6023993BF1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FF19C45-E2FF-4F3C-B64A-66DE5FB73C85}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{A8DA1959-2F69-4F6F-8A4A-33AF116C36DD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{5C4EE56C-14B3-42BD-929F-32B8003C0185}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{D84EE90D-1170-404F-BE48-A33DFF713D0E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{94DF1953-2C5D-4E9F-8E79-735582A4AD95}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{AA429FCB-F2DE-4C4D-B278-29D9839A93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61FE3BD0-CC98-4AE6-9D2B-DA7E50239E8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC288BE1-A23B-4AE8-9047-909B0A709F1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{817A5C39-085D-4904-8DBF-EB7D37B3F37A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{525CCC00-F7A1-40AE-A563-DA8B9887D8C7}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1646C64-12E6-4B1E-B9D1-1C56DE874437}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA882022-3AD7-4409-BE01-6EABF84C292B}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{2FF10A1E-FF78-41BB-BAFE-B104E1D8AF6F}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [TCP Query User{267035D8-1E6C-40E0-9568-1AEF128DABBE}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A4118F8-9177-4F9D-95FD-2EA08149BEF1}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{070347D7-6B2A-4EEE-8F81-9213C3BB149E}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{93674AC2-0603-4D1A-B42D-A26F2D7C2AC0}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [{9B8B03A9-E587-4334-8DB8-3F7939DD9373}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{601241F7-DFD0-4897-88F1-31B659D95982}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{EEB4A53F-1E83-4326-A5AD-AA8D67782882}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{081C13DE-EC20-470B-8D04-843D4614AB13}] => (Allow) C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe (LoupeDeck Oy -> Logitech)
FirewallRules: [{E68DA63B-55DD-4BC1-831A-0C3A7C66C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34917D7B-78AB-4E05-9754-E5C791C5B7FD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{03ECE3F8-8C0E-4F9A-9384-A83BEB323DCE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2BEBBB9B-FF0A-49C6-B7A1-A38E515331D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A25797-8C46-4DC1-9FFA-609ADFFCFAC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{533199E0-ECCE-4AF1-A37F-1C5F0E346838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{257C9E53-0817-460B-8F96-A3FB08031119}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{78C4BA2D-3FFD-4F66-97AD-3E446D4F6F58}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{3E0F1D1E-41FB-4213-88E7-1435BE3ECE71}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{519FDCFA-D43B-440B-AE52-0F4BA893E37D}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{93880D41-4FEE-487A-AC4D-17A19236D967}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:607.6 GB) (Free:95.25 GB) (16%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/04/2025 11:09:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 4.1.2025.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 405c
Start Time: 01db5ef47b46347f
Termination Time: 3
Application Path: C:\tmp\frst\FRST64.exe
Report Id: 8cfd1b98-714e-4a19-9e8d-875fadde661c
Faulting package full name:
Faulting package-relative application ID:
Hang type: Cross-process
Error: (01/04/2025 10:25:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (01/04/2025 10:25:44 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Parek-x360.local. AAAA FE80:0000:0000:0000:02C8:CDD2:A288:BB20
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.231.1:5353 4 Parek-x360.local. Addr 192.168.231.1
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Parek-x360.local. Addr 169.254.134.234
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.231.1:5353 4 Parek-x360.local. Addr 192.168.231.1
Error: (01/04/2025 09:26:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Parek-x360.local. AAAA FE80:0000:0000:0000:6C84:571C:4D8D:34F3
System errors:
=============
Error: (01/04/2025 11:01:43 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {56a4f8e4-1b78-48df-9515-e310e95634d6}, had event 74
Error: (01/04/2025 10:26:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/04/2025 10:26:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/04/2025 09:26:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/04/2025 09:26:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/04/2025 09:26:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/04/2025 09:26:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HP Insights Analytics service depends on the User Profile Service service which failed to start because of the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/04/2025 09:26:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The User Profile Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Windows Defender:
================
Date: 2025-01-04 13:34:47
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {47FE5F70-936A-4FBB-B4CD-DBCE6F10249B}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-04 00:17:01
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {9FD109FC-AAD0-403F-94CC-35C23A9C6CE9}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:11:43
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {BEBA0D7A-EF75-42EB-A344-F6DB0A603CCE}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-01 01:45:29
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {41A867D5-8F54-4908-AF99-ADC52EE25692}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-30 08:25:50
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {8D4740D1-60F7-4DEB-882D-F790AEBE7A03}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Backup
Kód chyby: 0x80004004
Popis chyby: Operation aborted
Verze bezpečnostních informací: 1.419.377.0;1.419.377.0
Verze modulu: 1.1.24080.9
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Current
Kód chyby: 0x80501102
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Verze bezpečnostních informací: 1.419.387.0;1.419.387.0
Verze modulu: 1.1.24080.9
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80240022
Popis chyby: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2025-01-04 23:01:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.20 04/22/2024
Motherboard: HP 86E7
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 52%
Total physical RAM: 16081.58 MB
Available physical RAM: 7636.98 MB
Total Virtual: 18513.58 MB
Available Virtual: 9689.54 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:607.6 GB) (Free:95.25 GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
\\?\Volume{9025fdea-f346-417e-ab2c-5c0e7875a15c}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{a84bcc09-f93f-421e-aed0-9893fe441ab6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f5916b01-d3c0-46d7-ab8a-bd0b50faedd8}\ () (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{d2562ee7-52f9-49c2-8814-aab90d85c24d}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1788.5 GB) (Disk ID: 0DBB4B75)
Partition: GPT.
==================== End of Addition.txt =======================
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Mám z tvého notebooku rozporuplné pocity. Vypadá to na tvůj osobní endpoint, kterým se ale připojuješ i do práce/korporátní sítě. V takovém případě není vhodné instalovat neověřené aplikace/stahovat je z pochybných zdrojů, protože v případě tohoto Lumma stealeru/RedLine stealera došlo ke kompromitaci tvého stroje (minimálně krádeži hesel), ale mohlo dokonce dojít i ke kompromitaci firemní sítě (VPN přístup, O365 credentials, krádež souborů, ...). Velice doporučuju používat nějaký lepší antivir, protože Defender tě vůbec neochránil - podle logů je rozbitý/neaktualizovaný/nefunkční. Doporučuju si zapnout body obnovení. Několikrát nám v minulosti zachránily OS. EaseUS používás? Jeho binárky jsou nepodepsané, takže předpokládám cracknuté (plus jsou v systému další modifikace, které tomu nasvědčují). Každopádně se zavirováním nemají nic společného. VMware používáš? Co našel a smazal MBAM? Tyto aplikace máš nainstalované záměrně? Nainstaloval sis je totiž v období, kdy měl útočník ke tvému PC plný přístup.Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.85.655119 - Logitech)
Logi Plugin Service (HKLM\...\{2751BCA2-7FA8-4CDF-A240-A53F46183755}) (Version: 6.0.2.21145 - Logitech)
Infikovaný jsi nejméně od 18.12. od cca 21:57. Nelíbí se mi totiž většina z těchto složek, které FRST zmiňuje (o kterých si jsem jistý, že jsou škodlivé, smažeme fixlistem úplně na konci tohoto příspěvku). Odkud jsi stahoval C:\Users\Parek\Downloads\GoogleChrome.exe? Protože vsadím svou pravou botu na to, že je to příčina všeho (není totiž podepsaný Googlem, ale Wpf).2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-22 08:38 - 2024-12-22 08:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\SpellForce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-12-19 07:49 - 2024-12-19 07:49 - 000000000 ____D C:\Program Files\Logi
2024-12-19 07:47 - 2024-12-19 07:48 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-12-19 07:47 - 2024-12-19 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 22:00 - 2024-12-18 22:01 - 000000000 ____D C:\Users\Parek\AppData\Local\keraP
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-20 17:00 - 000002502 _____ C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-20 17:00 - 000002471 _____ C:\Users\Parek\OneDrive\Desktop\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:57 - 2024-12-18 21:57 - 164068399 _____ (Wpf) C:\Users\Parek\Downloads\GoogleChrome.exe
Než použiješ fixlist (úplně dole), kterým PC vyčistíme, doporučil bych ti kontaktovat interní IT oddělení, aby si zajistili artefakty/logy a mohli učinit kroky podle firemních procesů (reset přístupu na VPN, O365 credentials etc.). Udělají si image tvého systému a pak ho nejspíš naformátují. Já jen, abysme za chvíli neviděli leaknuté dokumenty vaší firmy na darknetu ke stažení.
fixlist (mažeme jen to, kde jsem si jistý, že se jedná o malware):
Kód: Vybrat vše
Start
CloseProcesses:
File: C:\Windows\SysWOW64\drivers\SECDRV.SYS
File: C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
File: C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
CMD: dir c:\programdata
Folder: C:\Users\Parek\OneDrive\Dokumenty\SpellForce
Folder: C:\Users\Parek\AppData\Local\keraP
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
FirewallRules: [{519FDCFA-D43B-440B-AE52-0F4BA893E37D}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{93880D41-4FEE-487A-AC4D-17A19236D967}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
EmptyTemp:
EndPokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Ahoj, nejdříve bych Ti chtěl moc poděkovat za pomoc. Zasílám odpovědi / komentáře k Tvému příspěvku:
Každopádně ona skrytá aplikace po startu již nestaruje!!! Hurá.
Spustil jsem fix, zde je výsledek:
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (05-01-2025 20:51:01) Run:2
Running from C:\tmp\frst
Loaded Profiles: Parek
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
File: C:\Windows\SysWOW64\drivers\SECDRV.SYS
File: C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
File: C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
CMD: dir c:\programdata
Folder: C:\Users\Parek\OneDrive\Dokumenty\SpellForce
Folder: C:\Users\Parek\AppData\Local\keraP
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
FirewallRules: [{519FDCFA-D43B-440B-AE52-0F4BA893E37D}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{93880D41-4FEE-487A-AC4D-17A19236D967}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
EmptyTemp:
End
*****************
Processes closed successfully.
========================= File: C:\Windows\SysWOW64\drivers\SECDRV.SYS ========================
C:\Windows\SysWOW64\drivers\SECDRV.SYS
File not signed
MD5: 890CADA2AB7ACF53A5F9CCE7515522A2
Creation and modification date: 2024-12-22 08:45 - 2024-12-22 08:46
Size: 000012464
Attributes: ----A
Company Name: Macrovision Europe Ltd
Internal Name: SECDRV
Original Name: SECDRV.SYS
Product: Security Windows NT
Description: Macrovision SECURITY Driver
File Version: 3.17.000
Product Version: 3.17.000 Windows NT 2002/07/01
Copyright: Copyright (c) 1998-2002 Macrovision Corp.
Virusscan: https://virusscan.jotti.org/filescanjob/qsgyjf5nx5
====== End of File: ======
========================= File: C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe ========================
C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
File not signed
MD5: 4266199CD9AB7C87B566D33A8C6B56FB
Creation and modification date: 2024-12-27 13:50 - 2024-12-27 13:50
Size: 001766414
Attributes: ----A
Company Name: Open Source Developer Masha Novedad
Internal Name:
Original Name: TheFastestMouseClicker.exe
Product: The Fastest Mouse Clicker for Windows
Description: The Fastest Mouse Clicker for Windows compiled by gcc
File Version: 2.6.1.1
Product Version: 2.6.1.1
Copyright: (c) 2016-2024 Open Source Developer Masha Novedad
Virusscan: https://virusscan.jotti.org/filescanjob/fkbero1n62
====== End of File: ======
========================= File: C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe ========================
C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
File not signed
MD5: 8F6EE73664F3AF6E81652690B8FA790F
Creation and modification date: 2024-12-19 08:03 - 2024-12-19 08:03
Size: 003359352
Attributes: ----A
Company Name: Splinterware LTD -> O&O Software GmbH
Internal Name: OOSpeedCheck.exe
Original Name: OOSpeedCheck.exe
Product: O&O SpeedCheck
Description: Analysis Tool for System Performance
File Version: 2.0.45.0
Product Version: 2.0.45
Copyright: (c) O&O Software GmbH, Berlin. All rights reserved.
Virusscan: https://virusscan.jotti.org/filescanjob/d97srl0ibu
====== End of File: ======
========= dir c:\programdata =========
Volume in drive C has no label.
Volume Serial Number is EC7F-8F2B
Directory of c:\programdata
13.09.2024 20:33 <DIR> Adobe
23.10.2024 19:11 <DIR> Age of Mythology Retold
12.09.2024 08:03 <DIR> Apple
12.09.2024 08:04 <DIR> Apple Computer
13.09.2024 19:58 <DIR> Applications
29.12.2024 13:58 <DIR> boost_interprocess
09.09.2024 18:47 <DIR> Broadcom
14.11.2024 08:26 <DIR> Dell
02.01.2025 19:23 <DIR> Epic
13.09.2024 20:08 <DIR> Free Download Manager
13.09.2024 20:08 <DIR> FreeDownloadManager.ORG
27.12.2024 23:29 <DIR> GOG.com
07.10.2024 21:10 <DIR> HP
07.10.2024 21:12 <DIR> Intel
13.10.2024 08:25 <DIR> Logi
11.09.2024 19:27 <DIR> LogiOptionsPlus
12.09.2024 08:01 <DIR> Logishrd
09.09.2024 18:39 <DIR> Microsoft OneDrive
28.12.2024 00:18 <DIR> Mount and Blade II Bannerlord
04.01.2025 21:26 8 ntuser.pol
05.01.2025 08:52 <DIR> NVIDIA
27.10.2024 21:54 <DIR> NVIDIA Corporation
02.01.2025 19:23 <DIR> Package Cache
27.10.2024 14:56 <DIR> Packages
05.01.2025 20:39 <DIR> regid.1991-06.com.microsoft
07.12.2019 10:14 <DIR> SoftwareDistribution
04.12.2023 03:56 <DIR> ssh
21.11.2024 21:14 <DIR> SystemAcCrux
09.09.2024 18:38 <DIR> USOPrivate
07.12.2019 10:14 <DIR> USOShared
05.01.2025 08:52 <DIR> VMware
09.09.2024 18:54 <DIR> Waves
07.12.2019 10:54 <DIR> WindowsHolographicDevices
1 File(s) 8 bytes
32 Dir(s) 102 079 389 696 bytes free
========= End of CMD: =========
========================= Folder: C:\Users\Parek\OneDrive\Dokumenty\SpellForce ========================
2024-12-22 08:38 - 2024-12-22 08:39 - 000033630 ____A [48975AADECD4BC8F5DEC7F856916726F] () C:\Users\Parek\OneDrive\Dokumenty\SpellForce\CrashData.mdmp
2024-12-22 08:38 - 2024-12-22 08:39 - 000001154 ____A [0ECBEE604600B9E20D569C2B25B74602] () C:\Users\Parek\OneDrive\Dokumenty\SpellForce\Log.txt
====== End of Folder: ======
========================= Folder: C:\Users\Parek\AppData\Local\keraP ========================
2024-12-18 22:00 - 2024-12-18 22:00 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Parek\AppData\Local\keraP\llg
2024-12-18 22:00 - 2024-12-18 22:00 - 000000596 ____A [AA0E77EC6B92F58452BB5577B9980E6F] () C:\Users\Parek\AppData\Local\keraP\llg\background.js
2024-12-18 22:00 - 2024-12-18 22:00 - 000001877 ____A [168AEC047CF0AA708599C12E9518FFE5] () C:\Users\Parek\AppData\Local\keraP\llg\content.js
2024-12-18 22:00 - 2024-12-18 22:00 - 000005657 ____A [2C905A6E4A21A3FA14ADC1D99B7CBC03] () C:\Users\Parek\AppData\Local\keraP\llg\icon.png
2024-12-18 22:00 - 2024-12-18 22:00 - 000095785 ____A [3C9137D88A00B1AE0B41FF6A70571615] () C:\Users\Parek\AppData\Local\keraP\llg\jquery.js
2024-12-18 22:00 - 2024-12-18 22:00 - 000000569 ____A [2835DD0A0AEF8405D47AB7F73D82EAA5] () C:\Users\Parek\AppData\Local\keraP\llg\manifest.json
2024-12-18 22:01 - 2024-12-18 22:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Parek\AppData\Local\keraP\met
====== End of Folder: ======
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4}" => removed successfully
C:\Windows\System32\Tasks\BackupWinTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackupWinTask" => removed successfully
"Edge StartupUrls" => removed successfully
"Chrome StartupUrls" => removed successfully
C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe => moved successfully
C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{519FDCFA-D43B-440B-AE52-0F4BA893E37D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93880D41-4FEE-487A-AC4D-17A19236D967}" => removed successfully
"C:\hcghfce" Folder move:
C:\hcghfce => moved successfully
"C:\Users\Parek\AppData\Roaming\Strong" Folder move:
C:\Users\Parek\AppData\Roaming\Strong => moved successfully
"C:\hbeaegc" Folder move:
C:\hbeaegc => moved successfully
"C:\Users\Parek\AppData\Local\Yandex" Folder move:
C:\Users\Parek\AppData\Local\Yandex => moved successfully
"C:\Windows\system32\Tasks\BackupWinTask" => not found
"C:\Users\Parek\AppData\Roaming\Monitoring" Folder move:
C:\Users\Parek\AppData\Roaming\Monitoring => moved successfully
"C:\Users\Parek\AppData\Roaming\BackupWin" Folder move:
C:\Users\Parek\AppData\Roaming\BackupWin => moved successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13733326 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 14802860 B
Edge => 0 B
Chrome => 493651704 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1172 B
Parek => 403255965 B
RecycleBin => 79417 B
EmptyTemp: => 883.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:51:16 ====
Jseš nedaleko pravdy, mám multiboot se kterým se sice připojuji do práce, ale firemní OS i tento OS jsou zamčeny Bitlockerem a nikdy je neodemykám aby na sebe viděly. V tomto OS sice správně vidíš Fortiklienta a O365, ale VPN používám na připojení domů a 365 mám soukromou.
Jsem připraven na změnu, jen si nejsem schopen vybrat. Free verze jsou děsně otravné jak ze mě chtějí vymámit nákup plné verze. Zkusil jsem Trial Avastu, ovšem i ten je neskutečně otravný když do puntíku nesplním jeho představy o povolených / blokovaných notifikací na zamčené orazovce apod. Měl bys pro mě nějaký návrh se kterým jsi spokojen?
Jdu na to, resp. stalo se.
Odinstalováno.
Ano, občas něco testuji v jiném OS.
Nevím, našel bych někde LOG?
Mám novou Logitech myš, tak jsem to možná instaloval ve stejný moment. Pro jistotu jsem to odinstaloval.
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.85.655119 - Logitech)
Logi Plugin Service (HKLM\...\{2751BCA2-7FA8-4CDF-A240-A53F46183755}) (Version: 6.0.2.21145 - Logitech)
Domníval jsem se, že z Googlu, ale když to zmiňuješ, vzpomínám si, že jsem byl překvapen, že se stáhnul celý instalátor (Offline installer) místo malého Online instalátoru. Říkal jsem si však, že konečně přišel Google k rozumu (nemám ty online instalátory moc rád).
Každopádně ona skrytá aplikace po startu již nestaruje!!! Hurá.
Spustil jsem fix, zde je výsledek:
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (05-01-2025 20:51:01) Run:2
Running from C:\tmp\frst
Loaded Profiles: Parek
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
File: C:\Windows\SysWOW64\drivers\SECDRV.SYS
File: C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
File: C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
CMD: dir c:\programdata
Folder: C:\Users\Parek\OneDrive\Dokumenty\SpellForce
Folder: C:\Users\Parek\AppData\Local\keraP
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
FirewallRules: [{519FDCFA-D43B-440B-AE52-0F4BA893E37D}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{93880D41-4FEE-487A-AC4D-17A19236D967}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
EmptyTemp:
End
*****************
Processes closed successfully.
========================= File: C:\Windows\SysWOW64\drivers\SECDRV.SYS ========================
C:\Windows\SysWOW64\drivers\SECDRV.SYS
File not signed
MD5: 890CADA2AB7ACF53A5F9CCE7515522A2
Creation and modification date: 2024-12-22 08:45 - 2024-12-22 08:46
Size: 000012464
Attributes: ----A
Company Name: Macrovision Europe Ltd
Internal Name: SECDRV
Original Name: SECDRV.SYS
Product: Security Windows NT
Description: Macrovision SECURITY Driver
File Version: 3.17.000
Product Version: 3.17.000 Windows NT 2002/07/01
Copyright: Copyright (c) 1998-2002 Macrovision Corp.
Virusscan: https://virusscan.jotti.org/filescanjob/qsgyjf5nx5
====== End of File: ======
========================= File: C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe ========================
C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
File not signed
MD5: 4266199CD9AB7C87B566D33A8C6B56FB
Creation and modification date: 2024-12-27 13:50 - 2024-12-27 13:50
Size: 001766414
Attributes: ----A
Company Name: Open Source Developer Masha Novedad
Internal Name:
Original Name: TheFastestMouseClicker.exe
Product: The Fastest Mouse Clicker for Windows
Description: The Fastest Mouse Clicker for Windows compiled by gcc
File Version: 2.6.1.1
Product Version: 2.6.1.1
Copyright: (c) 2016-2024 Open Source Developer Masha Novedad
Virusscan: https://virusscan.jotti.org/filescanjob/fkbero1n62
====== End of File: ======
========================= File: C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe ========================
C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
File not signed
MD5: 8F6EE73664F3AF6E81652690B8FA790F
Creation and modification date: 2024-12-19 08:03 - 2024-12-19 08:03
Size: 003359352
Attributes: ----A
Company Name: Splinterware LTD -> O&O Software GmbH
Internal Name: OOSpeedCheck.exe
Original Name: OOSpeedCheck.exe
Product: O&O SpeedCheck
Description: Analysis Tool for System Performance
File Version: 2.0.45.0
Product Version: 2.0.45
Copyright: (c) O&O Software GmbH, Berlin. All rights reserved.
Virusscan: https://virusscan.jotti.org/filescanjob/d97srl0ibu
====== End of File: ======
========= dir c:\programdata =========
Volume in drive C has no label.
Volume Serial Number is EC7F-8F2B
Directory of c:\programdata
13.09.2024 20:33 <DIR> Adobe
23.10.2024 19:11 <DIR> Age of Mythology Retold
12.09.2024 08:03 <DIR> Apple
12.09.2024 08:04 <DIR> Apple Computer
13.09.2024 19:58 <DIR> Applications
29.12.2024 13:58 <DIR> boost_interprocess
09.09.2024 18:47 <DIR> Broadcom
14.11.2024 08:26 <DIR> Dell
02.01.2025 19:23 <DIR> Epic
13.09.2024 20:08 <DIR> Free Download Manager
13.09.2024 20:08 <DIR> FreeDownloadManager.ORG
27.12.2024 23:29 <DIR> GOG.com
07.10.2024 21:10 <DIR> HP
07.10.2024 21:12 <DIR> Intel
13.10.2024 08:25 <DIR> Logi
11.09.2024 19:27 <DIR> LogiOptionsPlus
12.09.2024 08:01 <DIR> Logishrd
09.09.2024 18:39 <DIR> Microsoft OneDrive
28.12.2024 00:18 <DIR> Mount and Blade II Bannerlord
04.01.2025 21:26 8 ntuser.pol
05.01.2025 08:52 <DIR> NVIDIA
27.10.2024 21:54 <DIR> NVIDIA Corporation
02.01.2025 19:23 <DIR> Package Cache
27.10.2024 14:56 <DIR> Packages
05.01.2025 20:39 <DIR> regid.1991-06.com.microsoft
07.12.2019 10:14 <DIR> SoftwareDistribution
04.12.2023 03:56 <DIR> ssh
21.11.2024 21:14 <DIR> SystemAcCrux
09.09.2024 18:38 <DIR> USOPrivate
07.12.2019 10:14 <DIR> USOShared
05.01.2025 08:52 <DIR> VMware
09.09.2024 18:54 <DIR> Waves
07.12.2019 10:54 <DIR> WindowsHolographicDevices
1 File(s) 8 bytes
32 Dir(s) 102 079 389 696 bytes free
========= End of CMD: =========
========================= Folder: C:\Users\Parek\OneDrive\Dokumenty\SpellForce ========================
2024-12-22 08:38 - 2024-12-22 08:39 - 000033630 ____A [48975AADECD4BC8F5DEC7F856916726F] () C:\Users\Parek\OneDrive\Dokumenty\SpellForce\CrashData.mdmp
2024-12-22 08:38 - 2024-12-22 08:39 - 000001154 ____A [0ECBEE604600B9E20D569C2B25B74602] () C:\Users\Parek\OneDrive\Dokumenty\SpellForce\Log.txt
====== End of Folder: ======
========================= Folder: C:\Users\Parek\AppData\Local\keraP ========================
2024-12-18 22:00 - 2024-12-18 22:00 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Parek\AppData\Local\keraP\llg
2024-12-18 22:00 - 2024-12-18 22:00 - 000000596 ____A [AA0E77EC6B92F58452BB5577B9980E6F] () C:\Users\Parek\AppData\Local\keraP\llg\background.js
2024-12-18 22:00 - 2024-12-18 22:00 - 000001877 ____A [168AEC047CF0AA708599C12E9518FFE5] () C:\Users\Parek\AppData\Local\keraP\llg\content.js
2024-12-18 22:00 - 2024-12-18 22:00 - 000005657 ____A [2C905A6E4A21A3FA14ADC1D99B7CBC03] () C:\Users\Parek\AppData\Local\keraP\llg\icon.png
2024-12-18 22:00 - 2024-12-18 22:00 - 000095785 ____A [3C9137D88A00B1AE0B41FF6A70571615] () C:\Users\Parek\AppData\Local\keraP\llg\jquery.js
2024-12-18 22:00 - 2024-12-18 22:00 - 000000569 ____A [2835DD0A0AEF8405D47AB7F73D82EAA5] () C:\Users\Parek\AppData\Local\keraP\llg\manifest.json
2024-12-18 22:01 - 2024-12-18 22:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Parek\AppData\Local\keraP\met
====== End of Folder: ======
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4}" => removed successfully
C:\Windows\System32\Tasks\BackupWinTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackupWinTask" => removed successfully
"Edge StartupUrls" => removed successfully
"Chrome StartupUrls" => removed successfully
C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe => moved successfully
C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{519FDCFA-D43B-440B-AE52-0F4BA893E37D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93880D41-4FEE-487A-AC4D-17A19236D967}" => removed successfully
"C:\hcghfce" Folder move:
C:\hcghfce => moved successfully
"C:\Users\Parek\AppData\Roaming\Strong" Folder move:
C:\Users\Parek\AppData\Roaming\Strong => moved successfully
"C:\hbeaegc" Folder move:
C:\hbeaegc => moved successfully
"C:\Users\Parek\AppData\Local\Yandex" Folder move:
C:\Users\Parek\AppData\Local\Yandex => moved successfully
"C:\Windows\system32\Tasks\BackupWinTask" => not found
"C:\Users\Parek\AppData\Roaming\Monitoring" Folder move:
C:\Users\Parek\AppData\Roaming\Monitoring => moved successfully
"C:\Users\Parek\AppData\Roaming\BackupWin" Folder move:
C:\Users\Parek\AppData\Roaming\BackupWin => moved successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13733326 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 14802860 B
Edge => 0 B
Chrome => 493651704 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1172 B
Parek => 403255965 B
RecycleBin => 79417 B
EmptyTemp: => 883.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 20:51:16 ====
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Ok, super. Neznám moc lidí, kteří by doma měli FG, tak jsem s takovou možností ani nepočítal.Jseš nedaleko pravdy, mám multiboot se kterým se sice připojuji do práce, ale firemní OS i tento OS jsou zamčeny Bitlockerem a nikdy je neodemykám aby na sebe viděly. V tomto OS sice správně vidíš Fortiklienta a O365, ale VPN používám na připojení domů a 365 mám soukromou.
Yup, freemium antiviry jsou vykoupené tímto a to bych si tedy raději zkusil opravit Defendera. Konkrétně u Avastu dále platíš svými údaji viz aféra s dceřinkou Jumpshot (osobně to vnímám jako velký šrám a od té doby Avast nikam nedávám). Doma používám ESET v nejzákladnější verzi (vyšší fce nevyužiju, respektive mám zajištěné jinak - správce hesel, VPN, šifrování disku, ochrana složek před zápisem), protože mě při dvouleté licenci vyšel na jednu Plzeň měsíčně. Sleduju srovnávací testy antivirů, kde se dlouhodobě umisťuje v topu a navíc mám v ESETu pár známých... líbí se mi jejich firemní kultura a že ji stále vlastní její původní zakladatelé (třecí plochy se slovenskou vládou můj názor jen potvrzují). Obecně co se antivirů týče - 100 lidí, 100 chutí. Tohle je jen můj subjektivní názor.Jsem připraven na změnu, jen si nejsem schopen vybrat. Free verze jsou děsně otravné jak ze mě chtějí vymámit nákup plné verze. Zkusil jsem Trial Avastu, ovšem i ten je neskutečně otravný když do puntíku nesplním jeho představy o povolených / blokovaných notifikací na zamčené orazovce apod. Měl bys pro mě nějaký návrh se kterým jsi spokojen?
Ok, v pořádku. Objevují se totiž i samply, které svou činnost skrývají tak, že si stáhnou i image, kterou namountují a svou činnost skrývají tím, že běží v odděleném/virtualizovaném prostředí (tím taky velice ztíží následnou forenzní analýzu).VMware...
Ano, občas něco testuji v jiném OS.
Pokud už jsi ho odinstaloval, tak nic. Bývají v C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\LogsMBAM...
Nevím, našel bych někde LOG?
Ok, možná to bylo zbytečné.Mám novou Logitech myš, tak jsem to možná instaloval ve stejný moment. Pro jistotu jsem to odinstaloval.
Schválně mrkni do historie browseru, ze kterého jsi ten Chrome stahoval, kde jsi byl 18.12. ve 21:57. Proto používám blokátor reklam + obezřetnost. I tady (na foru) jsme se totiž setkali s typosquattingem + zaplacenou reklamou tak, aby ti po vygooglení vyskočila jako první podvodná doména. Tvůj případ působí velice podobně.Domníval jsem se, že z Googlu, ale když to zmiňuješ, vzpomínám si, že jsem byl překvapen, že se stáhnul celý instalátor (Offline installer) místo malého Online instalátoru. Říkal jsem si však, že konečně přišel Google k rozumu (nemám ty online instalátory moc rád).
Sympatie k online instalátorům máme podobné.
V Chromu vidím plno rozšíření. Máš je tam vědomě? Buď byly součástí instalačky nebo sis je tam natahl přes nějakou synchronizaci.
Kde si nejsem jistý
C:\Windows\SysWOW64\drivers\SECDRV.SYS - je to starý driver z roku 2002, ale byl vytvořen ve stejný čas jako něco z EA Games, takže možná bude legitimní: 2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
Tento driver se očividně nespouští viz
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
protože není podepsaný?
Kód: Vybrat vše
System errors:
=============
Error: (01/04/2025 10:26:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/04/2025 10:26:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
fixlist bez restartu:
Kód: Vybrat vše
Start
C:\Users\Parek\OneDrive\Dokumenty\SpellForce
C:\Users\Parek\AppData\Local\keraP
Folder: C:\Users\Parek\AppData\Local\GHISLER
Folder: C:\Users\Parek\AppData\Roaming\GHISLER
File: C:\Users\Parek\Downloads\GoogleChrome.exe
EndPokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Ahoj,
děkuju moc! Posílám příspěvek na provoz.
Zde je fixlog a frst logy:
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (06-01-2025 12:26:54) Run:3
Running from C:\tmp\frst
Loaded Profiles: Parek
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Users\Parek\OneDrive\Dokumenty\SpellForce
C:\Users\Parek\AppData\Local\keraP
Folder: C:\Users\Parek\AppData\Local\GHISLER
Folder: C:\Users\Parek\AppData\Roaming\GHISLER
File: C:\Users\Parek\Downloads\GoogleChrome.exe
End
*****************
"C:\Users\Parek\OneDrive\Dokumenty\SpellForce" Folder move:
C:\Users\Parek\OneDrive\Dokumenty\SpellForce => moved successfully
"C:\Users\Parek\AppData\Local\keraP" Folder move:
C:\Users\Parek\AppData\Local\keraP => moved successfully
========================= Folder: C:\Users\Parek\AppData\Local\GHISLER ========================
====== End of Folder: ======
========================= Folder: C:\Users\Parek\AppData\Roaming\GHISLER ========================
2024-12-21 11:57 - 2024-12-28 11:11 - 000001270 ____A [8E86C1316D0B91D9BA7CFBD3E1B9EF31] () C:\Users\Parek\AppData\Roaming\GHISLER\WINCMD.INI
====== End of Folder: ======
========================= File: C:\Users\Parek\Downloads\GoogleChrome.exe ========================
"C:\Users\Parek\Downloads\GoogleChrome.exe" => not found
====== End of File: ======
==== End of Fixlog 12:26:54 ====
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by Parek (administrator) on PAREK-X360 (HP HP Spectre x360 Convertible 15-eb0xxx) (06-01-2025 12:27:53)
Running from C:\tmp\frst\FRST64.exe
Loaded Profiles: Parek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: English (United States)
Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\Norton\Suite\NortonSvc.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\aswEngSrv.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEM.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\BridgeCommunication.exe
(explorer.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Browser\Application\AvastBrowser.exe <23>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <28>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe
(NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonUI.exe <4>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Broadcom Inc -> ) C:\Windows\System32\bcmUshUpgradeService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostControlService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostStorageService.exe
(services.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\afwServ.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\AvDump.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\nllToolsSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\VpnSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Suite\aswidsagent.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Suite\wsc_proxy.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952720 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [NortonUI.exe] => C:\Program Files\Norton\Suite\AvLaunch.exe [429160 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [369488 2024-10-12] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-02] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [1829376 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1879552 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-02] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\131.0.6778.205\Installer\chrmstp.exe [2025-01-06] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\Installer\chrmstp.exe [2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
Startup: C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2025-01-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7D108C1A-E51E-4A67-B337-339A2BC0F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {9D230D84-29BF-49D4-A8DF-348E33614554} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {87A7BB1F-7345-48E7-AD1D-382A15030F33} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {525C0657-9F52-46B6-B511-4D3D68022B10} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {502D412D-984D-4AB8-82A7-7EB3E69CFB4A} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {0CA436D0-5B09-46E2-96B6-A94B8B79004B} - System32\Tasks\CCleanerCrashReporting => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Users\Parek\Downloads\ccsetup631\LOG" --programpath "C:\Users\Parek\Downloads\ccsetup631" --guid "" --version "6.31.11415" --silent
Task: {D53EAE2B-19E9-4A6B-946D-C0A02322D551} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{E847C06D-173E-4D1F-A46A-88BAE79277FC} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {4D8A0455-E1FD-41E6-AD7A-E04FE99B81ED} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Users\Parek\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {BA9DC40E-7CA2-48EB-9706-358A2FF4AFBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {833EEEBE-1ABD-4D6F-B1C8-A37D31A6F13E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70279CCA-5CEF-4B0B-B0D7-4725EC155553} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B87A016-3F33-4624-98A7-3DC97FB16301} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB9976A5-C8FC-4DE8-91FC-A58C9018ACEE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [186992 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {845EBD79-50E0-4734-88FF-485218F7292A} - System32\Tasks\Norton\Norton 360 Patcher => C:\Program Files\Common Files\Norton\Icarus\norton-suite\icarus.exe [8661096 2024-12-16] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {4B1D6E7E-568D-436E-8F76-C5A4FF978D24} - System32\Tasks\Norton\Norton VPN Bug Report => C:\Program Files\Norton\Suite\AvBugReport.exe [5998184 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 187 --programpath "C:\Program Files\Norton\Suite" --configpath "C:\ProgramData\Norton\VPN" --path "C:\ProgramData\Norton\VPN\log" --path "C:\ProgramData\Norton\Icarus\Logs" --logpath "C:\ProgramData\Norton\VPN\log" --guid c8dddca6-f22c-46a9-a2c5-a62adceb43df
Task: {BBDDDE20-D5DC-46C1-9CAF-42CFA959C66D} - System32\Tasks\Norton\Overseer => C:\Program Files\Common Files\Norton\Overseer\overseer.exe [2566760 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {3AFCAE4F-7026-4375-9A8D-220A3CBAA896} - System32\Tasks\Norton\Suite Emergency Update => C:\Program Files\Norton\Suite\AvEmUpdate.exe [5215848 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {A1781271-B23F-4A85-A2CA-0E59B1B84CB4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8105478-0A37-45EC-8D69-35DF0BF2FC5B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\368616368616: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\84F64756C6F564275656: [DhcpNameServer] 185.75.138.254 185.75.138.253
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{9cc330eb-c712-4df8-a8a7-ad3bb867bef7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpDomain] home
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\5436F6665756C6: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\B6271626963656: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Profile 3
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2025-01-05]
Edge Notifications: Profile 3 -> hxxps://calendar.google.com; hxxps://www.messenger.com
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-05]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-01-05]
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2025-01-04]
Edge Session Restore: Profile 4 -> is enabled.
Edge Extension: (lock) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-12-27]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-27]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-12-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-03]
FireFox:
========
FF HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2024-09-13] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
Chrome:
=======
CHR Profile: C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default [2025-01-06]
CHR Notifications: Default -> hxxps://www.messenger.com
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Entanglement Web App) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2025-01-06]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2025-01-06]
CHR Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2025-01-06]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-01-06]
CHR Extension: (OneTab) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2025-01-06]
CHR Extension: (Google Tips) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2025-01-06]
CHR Extension: (change-language) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2025-01-06]
CHR Extension: (Enhancer for Telegram™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafiggkhlbbhfcpgggcfeeoliillkabn [2025-01-06]
CHR Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2025-01-06]
CHR Extension: (Norton Safe Web) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2025-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-06]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2025-01-06]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2025-01-06]
CHR Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2025-01-06]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2025-01-06]
CHR Extension: (Dropbox) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2025-01-06]
CHR Extension: (Grepolis) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2025-01-06]
CHR Extension: (Norton Safe) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2025-01-06]
CHR Extension: (OneDrive) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2025-01-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-06]
CHR Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2025-01-06]
CHR Extension: (Drive Files to OneDrive™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcagpleiioillikneeillgemaanajfae [2025-01-06]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-10-02] (Apple Inc. -> Apple Inc.)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\elevation_service.exe [1910616 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [110098 2016-06-23] (Fortinet Inc.) [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 hostcontrolsvc; C:\Windows\System32\bcmHostControlService.exe [840416 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 hoststoragesvc; C:\Windows\System32\bcmHostStorageService.exe [176864 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 nllbIDSAgent; C:\Program Files\Norton\Suite\aswidsagent.exe [7641704 2025-01-06] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 Norton Antivirus; C:\Program Files\Norton\Suite\NortonSvc.exe [779880 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 Norton Firewall; C:\Program Files\Norton\Suite\afwServ.exe [2376296 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 Norton Tools; C:\Program Files\Norton\Suite\nllToolsSvc.exe [1230952 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 nortonAvDumper64; C:\Program Files\Norton\Suite\AvDump.exe [3498088 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 NortonVpn; C:\Program Files\Norton\Suite\VpnSvc.exe [12924008 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 NortonWscReporter; C:\Program Files\Norton\Suite\wsc_proxy.exe [76552 2025-01-06] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [256856 2024-03-15] (Intel Corporation -> Intel Corporation)
R2 ushupgradesvc; C:\Windows\System32\bcmUshUpgradeService.exe [333064 2023-07-05] (Broadcom Inc -> )
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ddmdrv; C:\Windows\SysWOW64\ddmdrv.sys [34216 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm660.sys [150336 2023-10-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 DPMDriver; C:\Windows\System32\drivers\DPMDriver.sys [139680 2022-12-08] (IndiLogic LLC -> Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_7e337195b92a35b6\e1d.sys [611936 2023-08-31] (Intel Corporation -> Intel Corporation)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [40016 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 nllArDisk; C:\Windows\System32\drivers\nllArDisk.sys [20560 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllArPot; C:\Windows\System32\drivers\nllArPot.sys [235088 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllbidsdriver; C:\Windows\System32\drivers\nllbidsdriver.sys [383056 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllbidsh; C:\Windows\System32\drivers\nllbidsh.sys [296016 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllbuniv; C:\Windows\System32\drivers\nllbuniv.sys [84560 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllElam; C:\Windows\System32\drivers\nllElam.sys [28280 2025-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 nllKbd; C:\Windows\System32\drivers\nllKbd.sys [28728 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllMonFlt; C:\Windows\System32\drivers\nllMonFlt.sys [275024 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllNetHub; C:\Windows\System32\drivers\nllNetHub.sys [550992 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllRdr; C:\Windows\System32\drivers\nllRdr2.sys [98360 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllRvrt; C:\Windows\System32\drivers\nllRvrt.sys [69712 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllSnx; C:\Windows\System32\drivers\nllSnx.sys [955960 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllSP; C:\Windows\System32\drivers\nllSP.sys [1424952 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 nllStm; C:\Windows\System32\drivers\nllStm.sys [204344 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllVmm; C:\Windows\System32\drivers\nllVmm.sys [381488 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 nllVpnRdr; C:\Windows\System32\drivers\nllVpnRdr.sys [80504 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifelock Inc.)
R3 pppop; C:\Windows\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1169096 2023-06-15] (Realtek Semiconductor Corp. -> Realtek Corporation)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_fd307d9242e9056e\WiManH\WiManH.sys [182864 2023-11-09] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
U3 aswArDisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-06 10:15 - 2025-01-06 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2025-01-06 10:14 - 2025-01-06 10:15 - 000000000 ____D C:\Program Files\iTunes
2025-01-06 09:03 - 2025-01-06 09:03 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-01-06 09:03 - 2025-01-06 09:03 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
2025-01-06 09:03 - 2025-01-06 09:03 - 000000000 ____D C:\Program Files\Google
2025-01-06 09:03 - 2025-01-06 09:03 - 000000000 ____D C:\Program Files (x86)\Google
2025-01-06 09:02 - 2025-01-06 09:03 - 126284672 _____ (Google LLC) C:\Users\Parek\Downloads\ChromeStandaloneSetup64.exe
2025-01-06 09:01 - 2025-01-06 11:21 - 000000000 ___HD C:\Norton sandbox
2025-01-06 09:00 - 2025-01-06 09:00 - 010384768 _____ (Google LLC) C:\Users\Parek\Downloads\ChromeSetup.exe
2025-01-06 08:53 - 2025-01-06 08:53 - 000316008 _____ (Gen Digital Inc.) C:\Windows\system32\nllBoot.exe
2025-01-06 08:53 - 2025-01-06 08:53 - 000002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360.lnk
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Windows\system32\Tasks\Norton
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Norton
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Users\Parek\AppData\Local\Norton
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Program Files\Norton
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Program Files\Common Files\Norton
2025-01-06 08:53 - 2025-01-06 08:52 - 000053048 _____ (Gen Digital Inc.) C:\Windows\system32\icarus_rvrt.exe
2025-01-06 08:52 - 2025-01-06 11:22 - 000000000 ____D C:\ProgramData\Norton
2025-01-06 08:48 - 2025-01-06 08:48 - 001917672 _____ (Gen Digital Inc.) C:\Users\Parek\Downloads\norton_360_online_setup.exe
2025-01-05 21:10 - 2025-01-05 21:10 - 000002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2025-01-05 21:04 - 2025-01-06 08:50 - 000000000 ____D C:\Users\Parek\AppData\Local\AVAST Software
2025-01-05 21:04 - 2025-01-05 21:04 - 000003844 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2025-01-05 21:04 - 2025-01-05 21:04 - 000003260 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2025-01-05 21:03 - 2025-01-05 21:03 - 000003456 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA
2025-01-05 21:03 - 2025-01-05 21:03 - 000003332 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore
2025-01-05 21:03 - 2025-01-05 21:03 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2025-01-05 21:02 - 2025-01-06 08:52 - 000000000 ____D C:\ProgramData\Avast Software
2025-01-05 21:02 - 2025-01-06 08:52 - 000000000 ____D C:\Program Files\Avast Software
2025-01-05 21:02 - 2025-01-05 21:02 - 000249072 _____ (Gen Digital Inc.) C:\Users\Parek\Downloads\online_instalační_soubor_aplikace_avast_free_antivirus.exe
2025-01-05 20:53 - 2025-01-05 20:53 - 000000000 ____D C:\Users\Parek\AppData\Local\unali-121625
2025-01-05 20:53 - 2025-01-05 20:53 - 000000000 ____D C:\Users\Parek\AppData\Local\unali-121296
2025-01-05 00:32 - 2025-01-05 08:52 - 000000000 ____D C:\Users\Parek\AppData\Local\Notepad
2025-01-04 21:26 - 2025-01-04 21:26 - 000000008 _____ C:\ProgramData\ntuser.pol
2025-01-04 17:36 - 2025-01-04 21:26 - 000000662 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2025-01-04 17:36 - 2025-01-04 17:39 - 000000000 ____D C:\Users\Parek\Downloads\ccsetup631
2025-01-04 17:36 - 2025-01-04 17:36 - 000003378 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2025-01-04 17:35 - 2025-01-04 17:35 - 079982561 _____ C:\Users\Parek\Downloads\ccsetup631.zip
2025-01-04 17:14 - 2025-01-04 17:16 - 000000000 ____D C:\AdwCleaner
2025-01-04 17:14 - 2025-01-04 17:14 - 008790880 _____ (Malwarebytes) C:\Users\Parek\Downloads\adwcleaner.exe
2025-01-04 14:15 - 2025-01-06 12:28 - 000000000 ____D C:\FRST
2025-01-04 14:05 - 2025-01-04 14:05 - 002833136 _____ (Malwarebytes) C:\Users\Parek\Downloads\MBSetup.exe
2025-01-02 20:18 - 2025-01-02 20:18 - 000000389 _____ C:\Users\Parek\OneDrive\Desktop\Kingdom Come Deliverance.url
2025-01-02 19:24 - 2025-01-02 19:24 - 000000000 ____D C:\Program Files\Epic Games
2025-01-02 19:22 - 2025-01-04 15:46 - 000000000 ____D C:\Users\Parek\AppData\Local\EpicGamesLauncher
2025-01-02 19:22 - 2025-01-03 23:40 - 000000000 ____D C:\Users\Parek\AppData\Local\Epic Games
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngineLauncher
2025-01-02 19:21 - 2025-01-02 19:23 - 000000000 ____D C:\ProgramData\Epic
2025-01-02 19:21 - 2025-01-02 19:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-02 19:21 - 2025-01-02 19:21 - 203468800 _____ C:\Users\Parek\Downloads\EpicInstaller-17.2.0.msi
2025-01-02 19:21 - 2025-01-02 19:21 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-02 17:48 - 2025-01-02 17:48 - 000150411 _____ C:\Users\Parek\Downloads\zakazane_zasilky_obecne_CZ.pdf
2025-01-01 19:38 - 2025-01-01 19:38 - 070486104 _____ C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00.exe
2025-01-01 19:38 - 2025-01-01 19:38 - 000000000 ____D C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00
2024-12-31 00:19 - 2024-12-31 00:19 - 000002410 _____ C:\Users\Parek\OneDrive\Desktop\Quake 4.lnk
2024-12-30 23:52 - 2025-01-02 19:23 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA Corporation
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\AppData\Roaming\NVIDIA
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\ansel
2024-12-30 16:53 - 2024-12-30 16:53 - 000000802 _____ C:\Users\Parek\OneDrive\Desktop\Manor Lords.lnk
2024-12-30 11:18 - 2024-12-30 11:18 - 000000000 ____D C:\Users\Parek\AppData\Local\ManorLords
2024-12-30 00:12 - 2024-12-30 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[K-Repack]
2024-12-29 18:10 - 2024-12-29 18:10 - 000000852 _____ C:\Users\Parek\OneDrive\Desktop\Warcraft I Remastered.lnk
2024-12-28 00:18 - 2024-12-28 13:53 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Mount and Blade II Bannerlord
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2024-12-27 23:29 - 2024-12-27 23:29 - 000000000 ____D C:\ProgramData\GOG.com
2024-12-27 10:45 - 2024-12-27 10:45 - 003243852 _____ C:\Windows\Minidump\122724-12703-01.dmp
2024-12-25 11:25 - 2024-12-25 11:25 - 000000000 ____D C:\Users\Parek\AppData\Local\CrashDumps
2024-12-23 08:30 - 2024-12-23 08:31 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\CnCRemastered
2024-12-23 08:30 - 2024-12-23 08:30 - 000000000 ____D C:\Users\Parek\AppData\Roaming\CnCRemastered
2024-12-23 08:26 - 2024-12-23 08:26 - 000000000 ___HD C:\temp
2024-12-23 08:21 - 2024-12-23 08:21 - 000001045 _____ C:\Users\Parek\OneDrive\Desktop\Command and Conquer Remastered Collection.lnk
2024-12-23 08:21 - 2024-12-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2024-12-23 08:18 - 2025-01-06 10:16 - 000000837 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-12-23 08:18 - 2024-12-24 11:09 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Notepad++
2024-12-23 08:18 - 2024-12-23 08:18 - 000000000 ____D C:\Program Files\Notepad++
2024-12-23 08:17 - 2024-12-23 08:17 - 006652296 _____ (Don HO don.h@free.fr) C:\Users\Parek\Downloads\npp.8.7.4.Installer.x64.exe
2024-12-22 09:43 - 2024-12-22 09:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\FileZilla
2024-12-22 09:43 - 2024-12-22 09:46 - 000000000 ____D C:\Users\Parek\AppData\Local\FileZilla
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-12-22 09:11 - 2024-12-22 09:13 - 000000000 ____D C:\VMs
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Roaming\VMware
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Local\VMware
2024-12-22 09:09 - 2025-01-06 11:21 - 000000000 ____D C:\ProgramData\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000817478 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files (x86)\VMware
2024-12-22 09:09 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2024-12-22 09:09 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-12-22 09:09 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2024-12-22 09:02 - 2024-12-24 12:09 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Zero Hour Data
2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-20 17:23 - 2024-12-20 17:23 - 000000000 ___HD C:\$WinREAgent
2024-12-20 17:07 - 2024-12-20 17:07 - 000099732 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ARGENTINSKÁ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-20 17:06 - 2024-12-20 17:06 - 000084202 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ŽELEZNIČÁŘŮ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 21:58 - 2025-01-06 09:03 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:53 - 2024-12-18 00:13 - 000000717 _____ C:\Users\Parek\OneDrive\Desktop\Age of Empires IV.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-06 11:28 - 2024-09-09 18:38 - 000799974 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-06 11:28 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-01-06 11:23 - 2024-09-09 18:40 - 000000000 ___RD C:\Users\Parek\OneDrive
2025-01-06 11:23 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-06 11:22 - 2024-09-09 18:51 - 000000000 __SHD C:\Users\Parek\IntelGraphicsProfiles
2025-01-06 11:21 - 2024-10-27 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-06 11:21 - 2024-09-09 18:51 - 000000000 ____D C:\Intel
2025-01-06 11:21 - 2024-09-09 18:30 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-06 11:21 - 2024-09-09 18:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-06 11:21 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-06 11:21 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-01-06 10:23 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-01-06 10:16 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-06 10:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2025-01-06 10:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-01-06 10:15 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2025-01-06 10:14 - 2023-12-04 03:56 - 000000000 ____D C:\Windows\SystemTemp
2025-01-06 09:05 - 2024-09-09 18:48 - 000000000 ____D C:\Users\Parek\AppData\Local\D3DSCache
2025-01-06 09:05 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\Packages
2025-01-06 08:53 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-01-05 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2025-01-05 21:02 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Logishrd
2025-01-05 20:59 - 2024-10-07 21:20 - 000000000 ____D C:\Users\Parek\AppData\Local\Logi
2025-01-05 20:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2025-01-05 20:53 - 2024-11-21 21:14 - 000000000 ____D C:\Program Files (x86)\EaseUS
2025-01-05 20:21 - 2024-09-09 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-04 22:39 - 2024-09-09 20:13 - 000000000 ____D C:\tmp
2025-01-04 21:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-01-04 21:25 - 2024-09-20 06:41 - 000000000 ____D C:\Users\Parek\AppData\LocalLow\Temp
2025-01-04 21:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2025-01-03 20:09 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Záruční listy
2025-01-02 19:23 - 2024-09-14 11:32 - 000000000 ____D C:\GOG Games
2025-01-02 19:22 - 2024-09-15 13:09 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngine
2025-01-01 19:44 - 2024-09-26 16:22 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Word
2025-01-01 19:39 - 2024-09-18 17:55 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Excel
2024-12-31 15:55 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Rodina
2024-12-31 00:22 - 2024-09-13 20:08 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Free Download Manager
2024-12-30 23:51 - 2024-09-09 18:37 - 000000000 ____D C:\Users\Parek
2024-12-30 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 00:05 - 2024-09-14 18:30 - 000000000 ____D C:\Games
2024-12-29 23:06 - 2024-11-11 18:36 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2024-12-29 23:05 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\My Games
2024-12-29 13:58 - 2024-11-02 19:58 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-12-27 10:45 - 2024-10-11 16:42 - 1482165546 _____ C:\Windows\MEMORY.DMP
2024-12-27 10:45 - 2024-10-11 16:42 - 000000000 ____D C:\Windows\Minidump
2024-12-23 08:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-23 06:08 - 2024-09-09 18:30 - 000479088 _____ C:\Windows\system32\FNTCACHE.DAT
2024-12-22 16:31 - 2024-09-28 20:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-12-22 16:06 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Data
2024-12-22 08:46 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\VirtualStore
2024-12-21 11:58 - 2024-09-09 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-21 11:57 - 2024-09-09 18:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 11:57 - 2024-09-09 18:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-12-20 17:37 - 2024-09-09 18:38 - 000000000 ____D C:\ProgramData\Packages
2024-12-20 17:36 - 2024-09-09 18:44 - 000000000 ____D C:\Users\Parek\AppData\Local\PlaceholderTileLogoFolder
2024-12-20 17:33 - 2024-09-09 18:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-12-20 17:26 - 2024-09-13 19:55 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-12-20 17:25 - 2024-09-09 19:17 - 000000000 ____D C:\Windows\system32\compatrel
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2024-12-18 22:05 - 2024-09-11 19:49 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-18 22:01 - 2024-09-13 20:29 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-12-18 22:01 - 2024-09-13 20:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-18 21:53 - 2024-09-09 19:40 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Jízdenky
2024-12-18 21:52 - 2024-09-11 19:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-12-18 21:52 - 2024-09-11 19:59 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-18 21:52 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Vstupenky
2024-12-18 21:52 - 2024-09-09 19:22 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001
2024-12-14 20:34 - 2024-09-09 19:39 - 000002424 _____ C:\Users\Parek\OneDrive\Dokumenty\Default.rdp
==================== Files in the root of some directories ========
2024-11-21 21:24 - 2024-11-21 21:24 - 000000024 _____ () C:\Users\Parek\AppData\Roaming\epm_user.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (06-01-2025 12:28:38)
Running from C:\tmp\frst
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2024-09-09 17:32:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3391527302-3298552988-2452015091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3391527302-3298552988-2452015091-503 - Limited - Disabled)
Guest (S-1-5-21-3391527302-3298552988-2452015091-501 - Limited - Disabled)
Parek (S-1-5-21-3391527302-3298552988-2452015091-1001 - Administrator - Enabled) => C:\Users\Parek
WDAGUtilityAccount (S-1-5-21-3391527302-3298552988-2452015091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Enabled - Up to date) {343E1860-FD6F-AB8D-96E4-A5006AA98D2C}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {0C059945-B700-AAD5-BDBB-0C35947ACA57}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.09 (x64) (HKLM\...\7-Zip) (Version: 24.09 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.6.1 (HKLM-x32\...\AOMEI Partition Assistant_is1) (Version: 9.6.1 - RePack 9649)
Apple Mobile Device Support (HKLM\...\{AAFEC555-4154-4A21-9523-30B8CDE94533}) (Version: 18.0.0.33 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 131.0.27760.140 - Gen Digital Inc.)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1697.6 - AVAST Software) Hidden
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2024.11.1 - Bitwarden Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command and Conquer Remastered Collection (HKLM-x32\...\Command and Conquer Remastered Collection_is1) (Version: - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
DisplayLink Graphics (HKLM\...\{FF7B0409-B387-4215-B575-7971A6B57F5D}) (Version: 11.2.3146.0 - DisplayLink Corp.)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
FileZilla 3.68.1 (HKLM-x32\...\FileZilla Client) (Version: 3.68.1 - Tim Kosse)
FortiClient (HKLM\...\{B611B858-9363-42FC-AE47-3430D54CCE1B}) (Version: 5.4.1.0840 - Fortinet Inc)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeTube 0.21.3 (HKLM\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.21.3 - PrestonN)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
iTunes (HKLM\...\{655EA96D-A278-4566-BECF-50417EF47F1E}) (Version: 12.13.4.4 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Manor Lords [K] (HKLM\...\Manor Lords [K]_is1) (Version: 0.8.004 - K-Repack)
Messenger (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft S/MIME Control for Outlook on the web for Edge/Chrome (HKLM-x32\...\{80C59609-6400-4E37-A0F4-BAF6D3725E60}) (Version: 15.21.18833 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
MiniTool Partition Wizard v12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited (RePack by Dodakaedr))
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Norton 360 (HKLM\...\Norton 360) (Version: 24.12.9725.1248 - Gen Digital Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.5 - Notepad++ Team)
NVIDIA Graphics Driver 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Název spolecnosti:)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roblox Player for Parek (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-07] (HP Inc.)
Bitwarden -> C:\Program Files\WindowsApps\bitwarden.com-8AD4A5AF_1.0.0.1_neutral__cm1p359qmnrhw [2024-11-17] (bitwarden.com)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16001.0_x64__8wekyb3d8bbwe [2024-11-14] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-28] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2024-09-09] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ BUOverlayExcluded] -> {42DE06EE-09E4-4808-A8AA-F63B1D3F6CE5} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ BUOverlayPending] -> {5A4597A9-CC87-4ED2-A7E5-3BC62CF54901} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ BUOverlayProtected] -> {9C11454A-4B5C-4586-B0BB-E51BB6033668} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53b77523eaecddc1\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39a55e8d68262d97\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2016-06-23 14:23 - 2016-06-23 14:23 - 000552978 _____ () [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-06-23 14:25 - 2016-06-23 14:25 - 000145426 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiSkin.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000291346 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiTrayResc.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000061458 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\libcfg.dll
2016-06-23 14:24 - 2016-06-23 14:24 - 000408082 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sslvpnlib.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000716818 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\utilsdll.dll
2024-11-02 15:49 - 2024-11-02 15:49 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nllSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nllSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-12-03] (Softdeluxe Ltd. -> FreeDownloadManager.ORG)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\sharepoint.com -> hxxps://cgiitczech-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2025-01-04 21:25 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parek\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5628546655569156232\133805776970294241.jpg
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: PPPoP WAN Adapter -> pppop64.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
Ethernet 5: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Bluetooth Network Connection 2: Bluetooth Device (Personal Area Network) #2 -> bthpan.sys
Wi-Fi 2: Intel(R) Wi-Fi 6 AX201 160MHz #2 -> Netwtw10.sys
vmware_bridge: VMware Bridge Protocol
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B605F3CE-F421-4095-AAD9-6D20C57681DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4B000B3-904A-42CF-9005-45CC68DD1420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70B53AB0-0A4B-4F73-85F4-BDBC6792DC96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65B472B7-0627-4046-B1A0-F83EE5E4D876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FF19C45-E2FF-4F3C-B64A-66DE5FB73C85}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{A8DA1959-2F69-4F6F-8A4A-33AF116C36DD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{5C4EE56C-14B3-42BD-929F-32B8003C0185}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{D84EE90D-1170-404F-BE48-A33DFF713D0E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{94DF1953-2C5D-4E9F-8E79-735582A4AD95}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{AA429FCB-F2DE-4C4D-B278-29D9839A93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61FE3BD0-CC98-4AE6-9D2B-DA7E50239E8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC288BE1-A23B-4AE8-9047-909B0A709F1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{817A5C39-085D-4904-8DBF-EB7D37B3F37A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{525CCC00-F7A1-40AE-A563-DA8B9887D8C7}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1646C64-12E6-4B1E-B9D1-1C56DE874437}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA882022-3AD7-4409-BE01-6EABF84C292B}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{2FF10A1E-FF78-41BB-BAFE-B104E1D8AF6F}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [TCP Query User{267035D8-1E6C-40E0-9568-1AEF128DABBE}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A4118F8-9177-4F9D-95FD-2EA08149BEF1}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{070347D7-6B2A-4EEE-8F81-9213C3BB149E}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{93674AC2-0603-4D1A-B42D-A26F2D7C2AC0}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [{9B8B03A9-E587-4334-8DB8-3F7939DD9373}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{601241F7-DFD0-4897-88F1-31B659D95982}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [UDP Query User{EEB4A53F-1E83-4326-A5AD-AA8D67782882}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [{E68DA63B-55DD-4BC1-831A-0C3A7C66C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34917D7B-78AB-4E05-9754-E5C791C5B7FD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{03ECE3F8-8C0E-4F9A-9384-A83BEB323DCE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2BEBBB9B-FF0A-49C6-B7A1-A38E515331D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A25797-8C46-4DC1-9FFA-609ADFFCFAC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{533199E0-ECCE-4AF1-A37F-1C5F0E346838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{257C9E53-0817-460B-8F96-A3FB08031119}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{78C4BA2D-3FFD-4F66-97AD-3E446D4F6F58}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{3E0F1D1E-41FB-4213-88E7-1435BE3ECE71}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{995F1DB9-E948-4751-AEBC-25456E172E61}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{587B427A-1A0E-4036-807D-6BC0A8CE4DBD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [{5FB67BE5-8DD9-4305-9B58-A9A2D3211AB9}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{47AFE74B-4363-481A-A409-5DDCCE445239}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (NortonLifeLock Inc. -> Gen Digital Inc.)
FirewallRules: [{C4DF92AB-38FF-4D36-99AF-70CCCF9D5111}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (NortonLifeLock Inc. -> Gen Digital Inc.)
FirewallRules: [{653F4031-6DA7-41EF-9F3D-6D5A3751980C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A3A8616D-B562-43F0-B47D-15E91EE3A9F4}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
==================== Restore Points =========================
06-01-2025 10:16:28 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Parek-x360.local already in use; will try Parek-x360-2.local instead
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Parek-x360.local. Addr 172.20.10.2
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.20.10.2:5353 16 Parek-x360.local. AAAA 2A00:11B1:10E0:470C:533F:894A:18D7:DFC9
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Parek-x360.local. AAAA FE80:0000:0000:0000:D146:099F:C7D2:960E
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.20.10.2:5353 16 Parek-x360.local. AAAA 2A00:11B1:10E0:470C:533F:894A:18D7:DFC9
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Parek-x360.local. Addr 172.20.10.2
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.20.10.2:5353 16 Parek-x360.local. AAAA 2A00:11B1:10E0:470C:533F:894A:18D7:DFC9
Error: (01/06/2025 10:16:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast SecureLine VPN since QueryServiceConfig API failed
System Error:
The system cannot find the file specified..
System errors:
=============
Error: (01/06/2025 11:21:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/06/2025 11:21:58 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/06/2025 08:51:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/06/2025 08:51:53 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/06/2025 08:51:17 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (01/06/2025 08:27:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/06/2025 08:27:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/05/2025 10:20:49 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Windows Defender:
================
Date: 2025-01-04 13:34:47
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {47FE5F70-936A-4FBB-B4CD-DBCE6F10249B}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-04 00:17:01
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {9FD109FC-AAD0-403F-94CC-35C23A9C6CE9}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:11:43
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {BEBA0D7A-EF75-42EB-A344-F6DB0A603CCE}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-01 01:45:29
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {41A867D5-8F54-4908-AF99-ADC52EE25692}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-30 08:25:50
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {8D4740D1-60F7-4DEB-882D-F790AEBE7A03}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Backup
Kód chyby: 0x80004004
Popis chyby: Operation aborted
Verze bezpečnostních informací: 1.419.377.0;1.419.377.0
Verze modulu: 1.1.24080.9
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Current
Kód chyby: 0x80501102
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Verze bezpečnostních informací: 1.419.387.0;1.419.387.0
Verze modulu: 1.1.24080.9
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80240022
Popis chyby: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2025-01-06 12:28:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Norton\Suite\NortonSvc.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.20 04/22/2024
Motherboard: HP 86E7
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 16081.58 MB
Available physical RAM: 6464.47 MB
Total Virtual: 18513.58 MB
Available Virtual: 7562.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:607.6 GB) (Free:89.07 GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
\\?\Volume{9025fdea-f346-417e-ab2c-5c0e7875a15c}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{a84bcc09-f93f-421e-aed0-9893fe441ab6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f5916b01-d3c0-46d7-ab8a-bd0b50faedd8}\ () (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{d2562ee7-52f9-49c2-8814-aab90d85c24d}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1788.5 GB) (Disk ID: 0DBB4B75)
Partition: GPT.
==================== End of Addition.txt =======================
děkuju moc! Posílám příspěvek na provoz.
Zde je fixlog a frst logy:
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (06-01-2025 12:26:54) Run:3
Running from C:\tmp\frst
Loaded Profiles: Parek
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
C:\Users\Parek\OneDrive\Dokumenty\SpellForce
C:\Users\Parek\AppData\Local\keraP
Folder: C:\Users\Parek\AppData\Local\GHISLER
Folder: C:\Users\Parek\AppData\Roaming\GHISLER
File: C:\Users\Parek\Downloads\GoogleChrome.exe
End
*****************
"C:\Users\Parek\OneDrive\Dokumenty\SpellForce" Folder move:
C:\Users\Parek\OneDrive\Dokumenty\SpellForce => moved successfully
"C:\Users\Parek\AppData\Local\keraP" Folder move:
C:\Users\Parek\AppData\Local\keraP => moved successfully
========================= Folder: C:\Users\Parek\AppData\Local\GHISLER ========================
====== End of Folder: ======
========================= Folder: C:\Users\Parek\AppData\Roaming\GHISLER ========================
2024-12-21 11:57 - 2024-12-28 11:11 - 000001270 ____A [8E86C1316D0B91D9BA7CFBD3E1B9EF31] () C:\Users\Parek\AppData\Roaming\GHISLER\WINCMD.INI
====== End of Folder: ======
========================= File: C:\Users\Parek\Downloads\GoogleChrome.exe ========================
"C:\Users\Parek\Downloads\GoogleChrome.exe" => not found
====== End of File: ======
==== End of Fixlog 12:26:54 ====
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by Parek (administrator) on PAREK-X360 (HP HP Spectre x360 Convertible 15-eb0xxx) (06-01-2025 12:27:53)
Running from C:\tmp\frst\FRST64.exe
Loaded Profiles: Parek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: English (United States)
Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\Norton\Suite\NortonSvc.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\aswEngSrv.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEM.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\BridgeCommunication.exe
(explorer.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Browser\Application\AvastBrowser.exe <23>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <28>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe
(NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonUI.exe <4>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Broadcom Inc -> ) C:\Windows\System32\bcmUshUpgradeService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostControlService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostStorageService.exe
(services.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\afwServ.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\AvDump.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\nllToolsSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\NortonSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> Gen Digital Inc.) C:\Program Files\Norton\Suite\VpnSvc.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Suite\aswidsagent.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton\Suite\wsc_proxy.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952720 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [NortonUI.exe] => C:\Program Files\Norton\Suite\AvLaunch.exe [429160 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [369488 2024-10-12] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-02] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [1829376 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1879552 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-02] (pdfforge GmbH) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\131.0.6778.205\Installer\chrmstp.exe [2025-01-06] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\Installer\chrmstp.exe [2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
Startup: C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2025-01-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7D108C1A-E51E-4A67-B337-339A2BC0F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {9D230D84-29BF-49D4-A8DF-348E33614554} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {87A7BB1F-7345-48E7-AD1D-382A15030F33} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {525C0657-9F52-46B6-B511-4D3D68022B10} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {502D412D-984D-4AB8-82A7-7EB3E69CFB4A} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {0CA436D0-5B09-46E2-96B6-A94B8B79004B} - System32\Tasks\CCleanerCrashReporting => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Users\Parek\Downloads\ccsetup631\LOG" --programpath "C:\Users\Parek\Downloads\ccsetup631" --guid "" --version "6.31.11415" --silent
Task: {D53EAE2B-19E9-4A6B-946D-C0A02322D551} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{E847C06D-173E-4D1F-A46A-88BAE79277FC} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {4D8A0455-E1FD-41E6-AD7A-E04FE99B81ED} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Users\Parek\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {BA9DC40E-7CA2-48EB-9706-358A2FF4AFBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {833EEEBE-1ABD-4D6F-B1C8-A37D31A6F13E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70279CCA-5CEF-4B0B-B0D7-4725EC155553} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B87A016-3F33-4624-98A7-3DC97FB16301} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB9976A5-C8FC-4DE8-91FC-A58C9018ACEE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [186992 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {845EBD79-50E0-4734-88FF-485218F7292A} - System32\Tasks\Norton\Norton 360 Patcher => C:\Program Files\Common Files\Norton\Icarus\norton-suite\icarus.exe [8661096 2024-12-16] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {4B1D6E7E-568D-436E-8F76-C5A4FF978D24} - System32\Tasks\Norton\Norton VPN Bug Report => C:\Program Files\Norton\Suite\AvBugReport.exe [5998184 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.) -> --send "dumps|report" --silent --product 187 --programpath "C:\Program Files\Norton\Suite" --configpath "C:\ProgramData\Norton\VPN" --path "C:\ProgramData\Norton\VPN\log" --path "C:\ProgramData\Norton\Icarus\Logs" --logpath "C:\ProgramData\Norton\VPN\log" --guid c8dddca6-f22c-46a9-a2c5-a62adceb43df
Task: {BBDDDE20-D5DC-46C1-9CAF-42CFA959C66D} - System32\Tasks\Norton\Overseer => C:\Program Files\Common Files\Norton\Overseer\overseer.exe [2566760 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {3AFCAE4F-7026-4375-9A8D-220A3CBAA896} - System32\Tasks\Norton\Suite Emergency Update => C:\Program Files\Norton\Suite\AvEmUpdate.exe [5215848 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {A1781271-B23F-4A85-A2CA-0E59B1B84CB4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8105478-0A37-45EC-8D69-35DF0BF2FC5B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Users\Parek\Downloads\ccsetup631\x64\CCleanerBugReport.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\368616368616: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\84F64756C6F564275656: [DhcpNameServer] 185.75.138.254 185.75.138.253
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{9cc330eb-c712-4df8-a8a7-ad3bb867bef7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpDomain] home
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\5436F6665756C6: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\B6271626963656: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Profile 3
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2025-01-05]
Edge Notifications: Profile 3 -> hxxps://calendar.google.com; hxxps://www.messenger.com
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-05]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-01-05]
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2025-01-04]
Edge Session Restore: Profile 4 -> is enabled.
Edge Extension: (lock) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-12-27]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-27]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-12-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-03]
FireFox:
========
FF HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2024-09-13] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
Chrome:
=======
CHR Profile: C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default [2025-01-06]
CHR Notifications: Default -> hxxps://www.messenger.com
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Entanglement Web App) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2025-01-06]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2025-01-06]
CHR Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2025-01-06]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-01-06]
CHR Extension: (OneTab) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2025-01-06]
CHR Extension: (Google Tips) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2025-01-06]
CHR Extension: (change-language) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2025-01-06]
CHR Extension: (Enhancer for Telegram™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafiggkhlbbhfcpgggcfeeoliillkabn [2025-01-06]
CHR Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2025-01-06]
CHR Extension: (Norton Safe Web) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2025-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-06]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2025-01-06]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2025-01-06]
CHR Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2025-01-06]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2025-01-06]
CHR Extension: (Dropbox) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2025-01-06]
CHR Extension: (Grepolis) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2025-01-06]
CHR Extension: (Norton Safe) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2025-01-06]
CHR Extension: (OneDrive) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2025-01-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-06]
CHR Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2025-01-06]
CHR Extension: (Drive Files to OneDrive™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcagpleiioillikneeillgemaanajfae [2025-01-06]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-10-02] (Apple Inc. -> Apple Inc.)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2025-01-05] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\elevation_service.exe [1910616 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [110098 2016-06-23] (Fortinet Inc.) [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 hostcontrolsvc; C:\Windows\System32\bcmHostControlService.exe [840416 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 hoststoragesvc; C:\Windows\System32\bcmHostStorageService.exe [176864 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 nllbIDSAgent; C:\Program Files\Norton\Suite\aswidsagent.exe [7641704 2025-01-06] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 Norton Antivirus; C:\Program Files\Norton\Suite\NortonSvc.exe [779880 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 Norton Firewall; C:\Program Files\Norton\Suite\afwServ.exe [2376296 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 Norton Tools; C:\Program Files\Norton\Suite\nllToolsSvc.exe [1230952 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 nortonAvDumper64; C:\Program Files\Norton\Suite\AvDump.exe [3498088 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 NortonVpn; C:\Program Files\Norton\Suite\VpnSvc.exe [12924008 2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
R2 NortonWscReporter; C:\Program Files\Norton\Suite\wsc_proxy.exe [76552 2025-01-06] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [256856 2024-03-15] (Intel Corporation -> Intel Corporation)
R2 ushupgradesvc; C:\Windows\System32\bcmUshUpgradeService.exe [333064 2023-07-05] (Broadcom Inc -> )
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ddmdrv; C:\Windows\SysWOW64\ddmdrv.sys [34216 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm660.sys [150336 2023-10-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 DPMDriver; C:\Windows\System32\drivers\DPMDriver.sys [139680 2022-12-08] (IndiLogic LLC -> Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_7e337195b92a35b6\e1d.sys [611936 2023-08-31] (Intel Corporation -> Intel Corporation)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [40016 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R0 nllArDisk; C:\Windows\System32\drivers\nllArDisk.sys [20560 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllArPot; C:\Windows\System32\drivers\nllArPot.sys [235088 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllbidsdriver; C:\Windows\System32\drivers\nllbidsdriver.sys [383056 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllbidsh; C:\Windows\System32\drivers\nllbidsh.sys [296016 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllbuniv; C:\Windows\System32\drivers\nllbuniv.sys [84560 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllElam; C:\Windows\System32\drivers\nllElam.sys [28280 2025-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 nllKbd; C:\Windows\System32\drivers\nllKbd.sys [28728 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllMonFlt; C:\Windows\System32\drivers\nllMonFlt.sys [275024 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllNetHub; C:\Windows\System32\drivers\nllNetHub.sys [550992 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllRdr; C:\Windows\System32\drivers\nllRdr2.sys [98360 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllRvrt; C:\Windows\System32\drivers\nllRvrt.sys [69712 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllSnx; C:\Windows\System32\drivers\nllSnx.sys [955960 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 nllSP; C:\Windows\System32\drivers\nllSP.sys [1424952 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R3 nllStm; C:\Windows\System32\drivers\nllStm.sys [204344 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 nllVmm; C:\Windows\System32\drivers\nllVmm.sys [381488 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 nllVpnRdr; C:\Windows\System32\drivers\nllVpnRdr.sys [80504 2025-01-06] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifelock Inc.)
R3 pppop; C:\Windows\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1169096 2023-06-15] (Realtek Semiconductor Corp. -> Realtek Corporation)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_fd307d9242e9056e\WiManH\WiManH.sys [182864 2023-11-09] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
U3 aswArDisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-06 10:15 - 2025-01-06 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2025-01-06 10:14 - 2025-01-06 10:15 - 000000000 ____D C:\Program Files\iTunes
2025-01-06 09:03 - 2025-01-06 09:03 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-01-06 09:03 - 2025-01-06 09:03 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
2025-01-06 09:03 - 2025-01-06 09:03 - 000000000 ____D C:\Program Files\Google
2025-01-06 09:03 - 2025-01-06 09:03 - 000000000 ____D C:\Program Files (x86)\Google
2025-01-06 09:02 - 2025-01-06 09:03 - 126284672 _____ (Google LLC) C:\Users\Parek\Downloads\ChromeStandaloneSetup64.exe
2025-01-06 09:01 - 2025-01-06 11:21 - 000000000 ___HD C:\Norton sandbox
2025-01-06 09:00 - 2025-01-06 09:00 - 010384768 _____ (Google LLC) C:\Users\Parek\Downloads\ChromeSetup.exe
2025-01-06 08:53 - 2025-01-06 08:53 - 000316008 _____ (Gen Digital Inc.) C:\Windows\system32\nllBoot.exe
2025-01-06 08:53 - 2025-01-06 08:53 - 000002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360.lnk
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Windows\system32\Tasks\Norton
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Norton
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Users\Parek\AppData\Local\Norton
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Program Files\Norton
2025-01-06 08:53 - 2025-01-06 08:53 - 000000000 ____D C:\Program Files\Common Files\Norton
2025-01-06 08:53 - 2025-01-06 08:52 - 000053048 _____ (Gen Digital Inc.) C:\Windows\system32\icarus_rvrt.exe
2025-01-06 08:52 - 2025-01-06 11:22 - 000000000 ____D C:\ProgramData\Norton
2025-01-06 08:48 - 2025-01-06 08:48 - 001917672 _____ (Gen Digital Inc.) C:\Users\Parek\Downloads\norton_360_online_setup.exe
2025-01-05 21:10 - 2025-01-05 21:10 - 000002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2025-01-05 21:04 - 2025-01-06 08:50 - 000000000 ____D C:\Users\Parek\AppData\Local\AVAST Software
2025-01-05 21:04 - 2025-01-05 21:04 - 000003844 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2025-01-05 21:04 - 2025-01-05 21:04 - 000003260 _____ C:\Windows\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2025-01-05 21:03 - 2025-01-05 21:03 - 000003456 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineUA
2025-01-05 21:03 - 2025-01-05 21:03 - 000003332 _____ C:\Windows\system32\Tasks\AvastUpdateTaskMachineCore
2025-01-05 21:03 - 2025-01-05 21:03 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2025-01-05 21:02 - 2025-01-06 08:52 - 000000000 ____D C:\ProgramData\Avast Software
2025-01-05 21:02 - 2025-01-06 08:52 - 000000000 ____D C:\Program Files\Avast Software
2025-01-05 21:02 - 2025-01-05 21:02 - 000249072 _____ (Gen Digital Inc.) C:\Users\Parek\Downloads\online_instalační_soubor_aplikace_avast_free_antivirus.exe
2025-01-05 20:53 - 2025-01-05 20:53 - 000000000 ____D C:\Users\Parek\AppData\Local\unali-121625
2025-01-05 20:53 - 2025-01-05 20:53 - 000000000 ____D C:\Users\Parek\AppData\Local\unali-121296
2025-01-05 00:32 - 2025-01-05 08:52 - 000000000 ____D C:\Users\Parek\AppData\Local\Notepad
2025-01-04 21:26 - 2025-01-04 21:26 - 000000008 _____ C:\ProgramData\ntuser.pol
2025-01-04 17:36 - 2025-01-04 21:26 - 000000662 _____ C:\Windows\Tasks\CCleanerCrashReporting.job
2025-01-04 17:36 - 2025-01-04 17:39 - 000000000 ____D C:\Users\Parek\Downloads\ccsetup631
2025-01-04 17:36 - 2025-01-04 17:36 - 000003378 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting
2025-01-04 17:35 - 2025-01-04 17:35 - 079982561 _____ C:\Users\Parek\Downloads\ccsetup631.zip
2025-01-04 17:14 - 2025-01-04 17:16 - 000000000 ____D C:\AdwCleaner
2025-01-04 17:14 - 2025-01-04 17:14 - 008790880 _____ (Malwarebytes) C:\Users\Parek\Downloads\adwcleaner.exe
2025-01-04 14:15 - 2025-01-06 12:28 - 000000000 ____D C:\FRST
2025-01-04 14:05 - 2025-01-04 14:05 - 002833136 _____ (Malwarebytes) C:\Users\Parek\Downloads\MBSetup.exe
2025-01-02 20:18 - 2025-01-02 20:18 - 000000389 _____ C:\Users\Parek\OneDrive\Desktop\Kingdom Come Deliverance.url
2025-01-02 19:24 - 2025-01-02 19:24 - 000000000 ____D C:\Program Files\Epic Games
2025-01-02 19:22 - 2025-01-04 15:46 - 000000000 ____D C:\Users\Parek\AppData\Local\EpicGamesLauncher
2025-01-02 19:22 - 2025-01-03 23:40 - 000000000 ____D C:\Users\Parek\AppData\Local\Epic Games
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngineLauncher
2025-01-02 19:21 - 2025-01-02 19:23 - 000000000 ____D C:\ProgramData\Epic
2025-01-02 19:21 - 2025-01-02 19:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-02 19:21 - 2025-01-02 19:21 - 203468800 _____ C:\Users\Parek\Downloads\EpicInstaller-17.2.0.msi
2025-01-02 19:21 - 2025-01-02 19:21 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-02 17:48 - 2025-01-02 17:48 - 000150411 _____ C:\Users\Parek\Downloads\zakazane_zasilky_obecne_CZ.pdf
2025-01-01 19:38 - 2025-01-01 19:38 - 070486104 _____ C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00.exe
2025-01-01 19:38 - 2025-01-01 19:38 - 000000000 ____D C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00
2024-12-31 00:19 - 2024-12-31 00:19 - 000002410 _____ C:\Users\Parek\OneDrive\Desktop\Quake 4.lnk
2024-12-30 23:52 - 2025-01-02 19:23 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA Corporation
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\AppData\Roaming\NVIDIA
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\ansel
2024-12-30 16:53 - 2024-12-30 16:53 - 000000802 _____ C:\Users\Parek\OneDrive\Desktop\Manor Lords.lnk
2024-12-30 11:18 - 2024-12-30 11:18 - 000000000 ____D C:\Users\Parek\AppData\Local\ManorLords
2024-12-30 00:12 - 2024-12-30 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[K-Repack]
2024-12-29 18:10 - 2024-12-29 18:10 - 000000852 _____ C:\Users\Parek\OneDrive\Desktop\Warcraft I Remastered.lnk
2024-12-28 00:18 - 2024-12-28 13:53 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Mount and Blade II Bannerlord
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2024-12-27 23:29 - 2024-12-27 23:29 - 000000000 ____D C:\ProgramData\GOG.com
2024-12-27 10:45 - 2024-12-27 10:45 - 003243852 _____ C:\Windows\Minidump\122724-12703-01.dmp
2024-12-25 11:25 - 2024-12-25 11:25 - 000000000 ____D C:\Users\Parek\AppData\Local\CrashDumps
2024-12-23 08:30 - 2024-12-23 08:31 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\CnCRemastered
2024-12-23 08:30 - 2024-12-23 08:30 - 000000000 ____D C:\Users\Parek\AppData\Roaming\CnCRemastered
2024-12-23 08:26 - 2024-12-23 08:26 - 000000000 ___HD C:\temp
2024-12-23 08:21 - 2024-12-23 08:21 - 000001045 _____ C:\Users\Parek\OneDrive\Desktop\Command and Conquer Remastered Collection.lnk
2024-12-23 08:21 - 2024-12-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2024-12-23 08:18 - 2025-01-06 10:16 - 000000837 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-12-23 08:18 - 2024-12-24 11:09 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Notepad++
2024-12-23 08:18 - 2024-12-23 08:18 - 000000000 ____D C:\Program Files\Notepad++
2024-12-23 08:17 - 2024-12-23 08:17 - 006652296 _____ (Don HO don.h@free.fr) C:\Users\Parek\Downloads\npp.8.7.4.Installer.x64.exe
2024-12-22 09:43 - 2024-12-22 09:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\FileZilla
2024-12-22 09:43 - 2024-12-22 09:46 - 000000000 ____D C:\Users\Parek\AppData\Local\FileZilla
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-12-22 09:11 - 2024-12-22 09:13 - 000000000 ____D C:\VMs
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Roaming\VMware
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Local\VMware
2024-12-22 09:09 - 2025-01-06 11:21 - 000000000 ____D C:\ProgramData\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000817478 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files (x86)\VMware
2024-12-22 09:09 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2024-12-22 09:09 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-12-22 09:09 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2024-12-22 09:02 - 2024-12-24 12:09 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Zero Hour Data
2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-20 17:23 - 2024-12-20 17:23 - 000000000 ___HD C:\$WinREAgent
2024-12-20 17:07 - 2024-12-20 17:07 - 000099732 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ARGENTINSKÁ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-20 17:06 - 2024-12-20 17:06 - 000084202 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ŽELEZNIČÁŘŮ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 21:58 - 2025-01-06 09:03 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:53 - 2024-12-18 00:13 - 000000717 _____ C:\Users\Parek\OneDrive\Desktop\Age of Empires IV.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-06 11:28 - 2024-09-09 18:38 - 000799974 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-06 11:28 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-01-06 11:23 - 2024-09-09 18:40 - 000000000 ___RD C:\Users\Parek\OneDrive
2025-01-06 11:23 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-06 11:22 - 2024-09-09 18:51 - 000000000 __SHD C:\Users\Parek\IntelGraphicsProfiles
2025-01-06 11:21 - 2024-10-27 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-06 11:21 - 2024-09-09 18:51 - 000000000 ____D C:\Intel
2025-01-06 11:21 - 2024-09-09 18:30 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-06 11:21 - 2024-09-09 18:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-06 11:21 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-06 11:21 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-01-06 10:23 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-01-06 10:16 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-06 10:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2025-01-06 10:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-01-06 10:15 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2025-01-06 10:14 - 2023-12-04 03:56 - 000000000 ____D C:\Windows\SystemTemp
2025-01-06 09:05 - 2024-09-09 18:48 - 000000000 ____D C:\Users\Parek\AppData\Local\D3DSCache
2025-01-06 09:05 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\Packages
2025-01-06 08:53 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-01-05 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2025-01-05 21:02 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Logishrd
2025-01-05 20:59 - 2024-10-07 21:20 - 000000000 ____D C:\Users\Parek\AppData\Local\Logi
2025-01-05 20:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2025-01-05 20:53 - 2024-11-21 21:14 - 000000000 ____D C:\Program Files (x86)\EaseUS
2025-01-05 20:21 - 2024-09-09 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-04 22:39 - 2024-09-09 20:13 - 000000000 ____D C:\tmp
2025-01-04 21:41 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-01-04 21:25 - 2024-09-20 06:41 - 000000000 ____D C:\Users\Parek\AppData\LocalLow\Temp
2025-01-04 21:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2025-01-03 20:09 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Záruční listy
2025-01-02 19:23 - 2024-09-14 11:32 - 000000000 ____D C:\GOG Games
2025-01-02 19:22 - 2024-09-15 13:09 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngine
2025-01-01 19:44 - 2024-09-26 16:22 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Word
2025-01-01 19:39 - 2024-09-18 17:55 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Excel
2024-12-31 15:55 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Rodina
2024-12-31 00:22 - 2024-09-13 20:08 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Free Download Manager
2024-12-30 23:51 - 2024-09-09 18:37 - 000000000 ____D C:\Users\Parek
2024-12-30 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 00:05 - 2024-09-14 18:30 - 000000000 ____D C:\Games
2024-12-29 23:06 - 2024-11-11 18:36 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2024-12-29 23:05 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\My Games
2024-12-29 13:58 - 2024-11-02 19:58 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-12-27 10:45 - 2024-10-11 16:42 - 1482165546 _____ C:\Windows\MEMORY.DMP
2024-12-27 10:45 - 2024-10-11 16:42 - 000000000 ____D C:\Windows\Minidump
2024-12-23 08:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-23 06:08 - 2024-09-09 18:30 - 000479088 _____ C:\Windows\system32\FNTCACHE.DAT
2024-12-22 16:31 - 2024-09-28 20:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-12-22 16:06 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Data
2024-12-22 08:46 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\VirtualStore
2024-12-21 11:58 - 2024-09-09 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-21 11:57 - 2024-09-09 18:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 11:57 - 2024-09-09 18:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-12-20 17:37 - 2024-09-09 18:38 - 000000000 ____D C:\ProgramData\Packages
2024-12-20 17:36 - 2024-09-09 18:44 - 000000000 ____D C:\Users\Parek\AppData\Local\PlaceholderTileLogoFolder
2024-12-20 17:33 - 2024-09-09 18:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-12-20 17:26 - 2024-09-13 19:55 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-12-20 17:25 - 2024-09-09 19:17 - 000000000 ____D C:\Windows\system32\compatrel
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2024-12-18 22:05 - 2024-09-11 19:49 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-18 22:01 - 2024-09-13 20:29 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-12-18 22:01 - 2024-09-13 20:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-18 21:53 - 2024-09-09 19:40 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Jízdenky
2024-12-18 21:52 - 2024-09-11 19:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-12-18 21:52 - 2024-09-11 19:59 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-18 21:52 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Vstupenky
2024-12-18 21:52 - 2024-09-09 19:22 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001
2024-12-14 20:34 - 2024-09-09 19:39 - 000002424 _____ C:\Users\Parek\OneDrive\Dokumenty\Default.rdp
==================== Files in the root of some directories ========
2024-11-21 21:24 - 2024-11-21 21:24 - 000000024 _____ () C:\Users\Parek\AppData\Roaming\epm_user.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (06-01-2025 12:28:38)
Running from C:\tmp\frst
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2024-09-09 17:32:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3391527302-3298552988-2452015091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3391527302-3298552988-2452015091-503 - Limited - Disabled)
Guest (S-1-5-21-3391527302-3298552988-2452015091-501 - Limited - Disabled)
Parek (S-1-5-21-3391527302-3298552988-2452015091-1001 - Administrator - Enabled) => C:\Users\Parek
WDAGUtilityAccount (S-1-5-21-3391527302-3298552988-2452015091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Enabled - Up to date) {343E1860-FD6F-AB8D-96E4-A5006AA98D2C}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {0C059945-B700-AAD5-BDBB-0C35947ACA57}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.09 (x64) (HKLM\...\7-Zip) (Version: 24.09 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.6.1 (HKLM-x32\...\AOMEI Partition Assistant_is1) (Version: 9.6.1 - RePack 9649)
Apple Mobile Device Support (HKLM\...\{AAFEC555-4154-4A21-9523-30B8CDE94533}) (Version: 18.0.0.33 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 131.0.27760.140 - Gen Digital Inc.)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1697.6 - AVAST Software) Hidden
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2024.11.1 - Bitwarden Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command and Conquer Remastered Collection (HKLM-x32\...\Command and Conquer Remastered Collection_is1) (Version: - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
DisplayLink Graphics (HKLM\...\{FF7B0409-B387-4215-B575-7971A6B57F5D}) (Version: 11.2.3146.0 - DisplayLink Corp.)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
FileZilla 3.68.1 (HKLM-x32\...\FileZilla Client) (Version: 3.68.1 - Tim Kosse)
FortiClient (HKLM\...\{B611B858-9363-42FC-AE47-3430D54CCE1B}) (Version: 5.4.1.0840 - Fortinet Inc)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeTube 0.21.3 (HKLM\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.21.3 - PrestonN)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
iTunes (HKLM\...\{655EA96D-A278-4566-BECF-50417EF47F1E}) (Version: 12.13.4.4 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Manor Lords [K] (HKLM\...\Manor Lords [K]_is1) (Version: 0.8.004 - K-Repack)
Messenger (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft S/MIME Control for Outlook on the web for Edge/Chrome (HKLM-x32\...\{80C59609-6400-4E37-A0F4-BAF6D3725E60}) (Version: 15.21.18833 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
MiniTool Partition Wizard v12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited (RePack by Dodakaedr))
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Norton 360 (HKLM\...\Norton 360) (Version: 24.12.9725.1248 - Gen Digital Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.5 - Notepad++ Team)
NVIDIA Graphics Driver 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Název spolecnosti:)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roblox Player for Parek (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-07] (HP Inc.)
Bitwarden -> C:\Program Files\WindowsApps\bitwarden.com-8AD4A5AF_1.0.0.1_neutral__cm1p359qmnrhw [2024-11-17] (bitwarden.com)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16001.0_x64__8wekyb3d8bbwe [2024-11-14] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-28] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2024-09-09] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ BUOverlayExcluded] -> {42DE06EE-09E4-4808-A8AA-F63B1D3F6CE5} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ BUOverlayPending] -> {5A4597A9-CC87-4ED2-A7E5-3BC62CF54901} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ BUOverlayProtected] -> {9C11454A-4B5C-4586-B0BB-E51BB6033668} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00nll] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-11-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [norton] -> {472083B2-C522-11CF-8763-00608CC02F24} => C:\Program Files\Norton\Suite\ashShell.dll [2025-01-06] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53b77523eaecddc1\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39a55e8d68262d97\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2016-06-23 14:23 - 2016-06-23 14:23 - 000552978 _____ () [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-06-23 14:25 - 2016-06-23 14:25 - 000145426 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiSkin.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000291346 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiTrayResc.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000061458 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\libcfg.dll
2016-06-23 14:24 - 2016-06-23 14:24 - 000408082 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sslvpnlib.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000716818 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\utilsdll.dll
2024-11-02 15:49 - 2024-11-02 15:49 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nllSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nllSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-12-03] (Softdeluxe Ltd. -> FreeDownloadManager.ORG)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\sharepoint.com -> hxxps://cgiitczech-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2025-01-04 21:25 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parek\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5628546655569156232\133805776970294241.jpg
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: PPPoP WAN Adapter -> pppop64.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
Ethernet 5: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Bluetooth Network Connection 2: Bluetooth Device (Personal Area Network) #2 -> bthpan.sys
Wi-Fi 2: Intel(R) Wi-Fi 6 AX201 160MHz #2 -> Netwtw10.sys
vmware_bridge: VMware Bridge Protocol
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B605F3CE-F421-4095-AAD9-6D20C57681DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4B000B3-904A-42CF-9005-45CC68DD1420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70B53AB0-0A4B-4F73-85F4-BDBC6792DC96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65B472B7-0627-4046-B1A0-F83EE5E4D876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0FF19C45-E2FF-4F3C-B64A-66DE5FB73C85}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{A8DA1959-2F69-4F6F-8A4A-33AF116C36DD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{5C4EE56C-14B3-42BD-929F-32B8003C0185}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{D84EE90D-1170-404F-BE48-A33DFF713D0E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{94DF1953-2C5D-4E9F-8E79-735582A4AD95}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{AA429FCB-F2DE-4C4D-B278-29D9839A93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61FE3BD0-CC98-4AE6-9D2B-DA7E50239E8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC288BE1-A23B-4AE8-9047-909B0A709F1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{817A5C39-085D-4904-8DBF-EB7D37B3F37A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{525CCC00-F7A1-40AE-A563-DA8B9887D8C7}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1646C64-12E6-4B1E-B9D1-1C56DE874437}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA882022-3AD7-4409-BE01-6EABF84C292B}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{2FF10A1E-FF78-41BB-BAFE-B104E1D8AF6F}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [TCP Query User{267035D8-1E6C-40E0-9568-1AEF128DABBE}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A4118F8-9177-4F9D-95FD-2EA08149BEF1}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{070347D7-6B2A-4EEE-8F81-9213C3BB149E}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{93674AC2-0603-4D1A-B42D-A26F2D7C2AC0}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [{9B8B03A9-E587-4334-8DB8-3F7939DD9373}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{601241F7-DFD0-4897-88F1-31B659D95982}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [UDP Query User{EEB4A53F-1E83-4326-A5AD-AA8D67782882}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [{E68DA63B-55DD-4BC1-831A-0C3A7C66C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34917D7B-78AB-4E05-9754-E5C791C5B7FD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{03ECE3F8-8C0E-4F9A-9384-A83BEB323DCE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2BEBBB9B-FF0A-49C6-B7A1-A38E515331D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A25797-8C46-4DC1-9FFA-609ADFFCFAC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{533199E0-ECCE-4AF1-A37F-1C5F0E346838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{257C9E53-0817-460B-8F96-A3FB08031119}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{78C4BA2D-3FFD-4F66-97AD-3E446D4F6F58}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{3E0F1D1E-41FB-4213-88E7-1435BE3ECE71}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{995F1DB9-E948-4751-AEBC-25456E172E61}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{587B427A-1A0E-4036-807D-6BC0A8CE4DBD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [{5FB67BE5-8DD9-4305-9B58-A9A2D3211AB9}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{47AFE74B-4363-481A-A409-5DDCCE445239}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (NortonLifeLock Inc. -> Gen Digital Inc.)
FirewallRules: [{C4DF92AB-38FF-4D36-99AF-70CCCF9D5111}] => (Allow) C:\Program Files\Norton\Suite\NortonUI.exe (NortonLifeLock Inc. -> Gen Digital Inc.)
FirewallRules: [{653F4031-6DA7-41EF-9F3D-6D5A3751980C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A3A8616D-B562-43F0-B47D-15E91EE3A9F4}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
==================== Restore Points =========================
06-01-2025 10:16:28 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Parek-x360.local already in use; will try Parek-x360-2.local instead
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Parek-x360.local. Addr 172.20.10.2
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.20.10.2:5353 16 Parek-x360.local. AAAA 2A00:11B1:10E0:470C:533F:894A:18D7:DFC9
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Parek-x360.local. AAAA FE80:0000:0000:0000:D146:099F:C7D2:960E
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.20.10.2:5353 16 Parek-x360.local. AAAA 2A00:11B1:10E0:470C:533F:894A:18D7:DFC9
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Parek-x360.local. Addr 172.20.10.2
Error: (01/06/2025 12:20:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 172.20.10.2:5353 16 Parek-x360.local. AAAA 2A00:11B1:10E0:470C:533F:894A:18D7:DFC9
Error: (01/06/2025 10:16:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast SecureLine VPN since QueryServiceConfig API failed
System Error:
The system cannot find the file specified..
System errors:
=============
Error: (01/06/2025 11:21:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/06/2025 11:21:58 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/06/2025 08:51:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/06/2025 08:51:53 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/06/2025 08:51:17 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (01/06/2025 08:27:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/06/2025 08:27:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/05/2025 10:20:49 PM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Windows Defender:
================
Date: 2025-01-04 13:34:47
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {47FE5F70-936A-4FBB-B4CD-DBCE6F10249B}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-04 00:17:01
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {9FD109FC-AAD0-403F-94CC-35C23A9C6CE9}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:11:43
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {BEBA0D7A-EF75-42EB-A344-F6DB0A603CCE}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-01 01:45:29
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {41A867D5-8F54-4908-AF99-ADC52EE25692}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-30 08:25:50
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {8D4740D1-60F7-4DEB-882D-F790AEBE7A03}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Backup
Kód chyby: 0x80004004
Popis chyby: Operation aborted
Verze bezpečnostních informací: 1.419.377.0;1.419.377.0
Verze modulu: 1.1.24080.9
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Current
Kód chyby: 0x80501102
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Verze bezpečnostních informací: 1.419.387.0;1.419.387.0
Verze modulu: 1.1.24080.9
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80240022
Popis chyby: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2025-01-06 12:28:36
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Norton\Suite\NortonSvc.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.20 04/22/2024
Motherboard: HP 86E7
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 16081.58 MB
Available physical RAM: 6464.47 MB
Total Virtual: 18513.58 MB
Available Virtual: 7562.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:607.6 GB) (Free:89.07 GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
\\?\Volume{9025fdea-f346-417e-ab2c-5c0e7875a15c}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{a84bcc09-f93f-421e-aed0-9893fe441ab6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f5916b01-d3c0-46d7-ab8a-bd0b50faedd8}\ () (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{d2562ee7-52f9-49c2-8814-aab90d85c24d}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1788.5 GB) (Disk ID: 0DBB4B75)
Partition: GPT.
==================== End of Addition.txt =======================
Přispějete na provoz fóra?