Prosím o kontrolu logu, údajně jde o Vidar infostealer - dohled z práce mně zablokoval přístup na firemní email a do firemní databaze. Děkuji
Log FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-01-2025 01
Ran by Marian (administrator) on DESKTOP-5D375SL (HP HP ProBook 450 G5) (10-01-2025 15:10:39)
Running from D:\Programy\Malware\FRST64.exe
Loaded Profiles: Marian
Platform: Microsoft Windows 11 Pro Version 23H2 22631.4602 (X64) Language: Čeština (Česko)
Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Windows\CxSvc\CxAudioSvc.exe ->) (Synaptics Incorporated -> Conexant Systems LLC.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(C:\Windows\CxSvc\CxAudioSvc.exe ->) (Synaptics Incorporated -> Conexant Systems, Inc) C:\Program Files\CONEXANT\Flow\Flow.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_0bd497310795eeb4\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0bd497310795eeb4\igfxEM.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Conexant Systems LLC.) [File not signed] C:\Windows\CxSvc\CxAudioSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0bd497310795eeb4\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_4d06d7f3655985a2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_dca7f3f6531ce13b\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_dca7f3f6531ce13b\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\fpCSEvtSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (RealDefense LLC -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Synaptics Incorporated -> Conexant Systems LLC.) C:\Windows\CxSvc\CxUtilSvc.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.220.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24112.22.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (Conexant Systems LLC -> Conexant) C:\Windows\System32\MicTray64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318112 2017-11-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752216 2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11699224 2024-12-03] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [24071312 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [CiscoMeetingDaemon] => C:\Users\Marian\AppData\Local\WebEx\WebexHost.exe [8077920 2023-07-13] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45381424 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {b04efcab-53bc-11ed-bc94-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d0d56b69-23c0-11ef-bcee-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d3a10da5-1adc-11ed-bc77-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\131.0.6778.265\Installer\chrmstp.exe [2025-01-10] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\Installer\chrmstp.exe [2025-01-02] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2023-11-10]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartDriver.lnk [2022-10-20]
ShortcutTarget: StartDriver.lnk -> C:\SignatureDriver\driver\bin\runSilent.vbs () [File not signed]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {A0791F63-932B-44D2-8FCC-B9BDF2221727} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {CE1510DA-E82C-4919-A5B0-12BA6B9F33FB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {CF9E9FEF-2178-45C3-A091-BF9B69B4326A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {4E51B2E6-E526-4289-A0D6-46EF44BC8CD4} - System32\Tasks\AvastBrowserProtectS-1-5-21-3576560084-3732143217-555266759-1003 => C:\Program Files\AVAST Software\Browser\Application\AvastBrowserProtect.exe [1690008 2024-04-16] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {746E8D89-FBF6-4C56-8166-984CBFB8A98E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {5F103CB1-687B-4C6B-86A5-5F2C4CBBF7AB} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {EE8A92D0-64A0-47AF-99D3-790F4237FB7B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [829408 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {6F96F2AD-3277-483E-964D-3854B7D5CCC9} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "0d00bd21-a1ed-49e1-b2f7-79b721e2360f" --version "6.31.11415" --silent
Task: {89B2DD93-5600-4D8D-8F6D-885DBBEFDAE3} - System32\Tasks\CCleanerSkipUAC - Marian => C:\Program Files\CCleaner\CCleaner.exe [39151920 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
Task: {AA95F125-7361-412E-B4BE-FADF4A209D37} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5575576 2024-12-10] (Microsoft Windows -> Microsoft Corporation)
Task: {ADB9EBEF-A43E-42D5-A5D2-4A567729D0ED} - System32\Tasks\G2MUpdateTask-S-1-5-21-3576560084-3732143217-555266759-1003 => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {88F592A1-D371-49E8-82DC-C506DF89DDBB} - System32\Tasks\G2MUploadTask-S-1-5-21-3576560084-3732143217-555266759-1003 => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {ABE8D5F4-44EC-47F5-9B27-752C105F71B6} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{795E2FB3-CBFE-4BFF-A2ED-D35E677E1984} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {E43F7235-230B-4F11-AFC4-EC210EB0F987} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [1003528 2024-12-17] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {3C0351B5-51BF-48AC-A2D2-10C9D45E1211} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [479984 2024-12-17] (HP Inc. -> HP Inc.)
Task: {F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => "C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe" (No File)
Task: {6FED9C97-1CF7-4B15-ACFC-CC8E9CB490F2} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-11-08] (HP Inc. -> HP Inc.)
Task: {5B485602-6806-41BE-8ADC-9192E86A5DB2} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-11-08] (HP Inc. -> HP Inc.)
Task: {8A44C216-1D43-4A0D-9131-A3083CE64FB2} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002480 2023-02-21] (Intel Corporation -> Intel Corporation)
Task: {4AA440B8-FED5-4B96-B82F-AD18E08550B0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002480 2023-02-21] (Intel Corporation -> Intel Corporation)
Task: {0AEF898D-9B9D-4ED5-A41A-1468C2962EA3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {BEF9D0D4-006D-4732-9479-36A14645F17A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2118144 2024-09-02] () [File not signed]
Task: {D1713CEF-F680-43EA-AC8C-E656A67A9354} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BC9E62C-A633-42D5-95E8-F7DA0E852633} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A1821E1-6084-4ED5-9794-EEF44238DDE1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {468437BD-1C74-4FAE-B707-66D225373FF3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C0E3887-906E-4B61-8FDA-EB1E4E39CB86} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2938448 2020-07-02] (Conexant Systems LLC -> Conexant)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {0D089A66-CE07-4A68-8D4D-41FEB114E5B2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File)
Task: {94C690A0-2B27-4D04-9ED0-3CA29BEFD73D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {7CADEA4A-9631-4513-88B5-1EC748587B97} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {3A03AAED-A183-4D7C-B6F9-A75AC6851FA1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (No File)
Task: {F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (No File)
Task: {915D70AD-0424-4AAC-8E2E-DC57B99DE54A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (No File)
Task: {6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6} - System32\Tasks\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (No File)
Task: {1B88E2D8-4A82-47F3-B1E9-2516ADA50A63} - System32\Tasks\Sump Task (One-Time) => "C:\Program Files (x86)\IObit\Advanced SystemCare\sump.exe" -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/sup2
Task: {AF65B719-5FAB-4472-AE9D-D975D0BC268B} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-3576560084-3732143217-555266759-1003 => C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe [435000 2024-11-26] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3576560084-3732143217-555266759-1003.job => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3576560084-3732143217-555266759-1003.job => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d25a711a-c14b-4f9d-a76f-621ffe89f0ae}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\0756E647160266275656: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\0756E647160266275656: [DhcpNameServer] 172.31.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373F574: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373F574: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D223232354: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D223232354: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D254345464: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D254345464: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B416079647F6C6F577966696: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B416079647F6C6F577966696: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B4F4D4A5143494: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B4F4D4A5143494: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\D485D284F4D45473637353: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\D485D284F4D45473637353: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-10]
Edge DownloadDir: Default -> C:\Users\Marian\Downloads
Edge Notifications: Default -> hxxps://webmail.kapitol.cz
Edge Extension: (Ultimate Video Downloader) - C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ajhiojdgfpacghbbefjjnomoihpljhai [2020-12-29]
Edge Extension: (Dokumenty Google offline) - C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-21]
Edge Extension: (Edge relevant text changes) - C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-27]
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2019-01-16] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.431.2 -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\dtplugin\npDeployJava1.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.431.2 -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\plugin2\npjp2.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2019-01-16] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default [2025-01-10]
CHR DownloadDir: D:\
CHR Notifications: Default -> hxxps://39.cpnotesz.com; hxxps://9xbuddy.xyz; hxxps://a.mp3pro.xyz; hxxps://calendar.google.com; hxxps://captchamodern.top; hxxps://freecaptcha.top; hxxps://leonsitheckrew.info; hxxps://teams.microsoft.com; hxxps://webmail.kapitol.cz; hxxps://www.fyzioklinika.cz; hxxps://www.grizly.cz; hxxps://www.hamty.cz; hxxps://www.kupi.cz; hxxps://www.sevt.cz; hxxps://www.tradingview.com
CHR StartupUrls: Default -> "chrome://newtab/"
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-20]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-12-11]
CHR Extension: (I don't care about cookies) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2024-06-30]
CHR Extension: (Hamty.cz doplněk) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccfnphpieojibjmnodiiobdapckkkfb [2024-09-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2024-12-13]
CHR Extension: (HLS Downloader) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkbifmjmkohpemgdkknlbgmnpocooogp [2024-11-30]
CHR Extension: (Převod řeči na text) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2023-03-07]
CHR Extension: (Live Stream Downloader) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2025-01-05]
CHR Extension: (Video Downloader HD) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcbiamenoghegpghidohnfegcepamdm [2024-12-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Vimeo™ Video Downloader Pro) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\penndbmahnpapepljikkjmakcobdahne [2024-12-27]
CHR Profile: C:\Users\Marian\AppData\Local\Google\Chrome\User Data\System Profile [2025-01-10]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKU\S-1-5-21-3576560084-3732143217-555266759-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [231456 2024-09-20] (RealDefense LLC -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\elevation_service.exe [1910616 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1087792 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [81408 2021-08-25] (Conexant Systems LLC.) [File not signed]
R2 CxUtilSvc; C:\WINDOWS\CxSvc\CxUtilSvc.exe [173880 2021-08-25] (Synaptics Incorporated -> Conexant Systems LLC.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [47000 2024-11-25] (Intel Corporation -> Intel)
R2 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [330136 2024-11-25] (Intel Corporation -> Intel)
R2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [23912 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe [1510464 2024-10-28] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [887904 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPAudioAnalytics; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe [516184 2024-10-28] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [886368 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [882296 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2024-11-08] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-28] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [887392 2024-12-17] (HP Inc. -> HP Inc.)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe [605280 2024-10-28] (HP Inc. -> HP Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 qcmtusvc; C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe [129024 2019-01-02] (QUALCOMM, Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2021-11-25] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2021-11-25] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [21007160 2024-01-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 valWBFPolicyService; C:\WINDOWS\System32\valWBFPolicyService.exe [92520 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveVpnWireguardService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\121.1.62.162\BraveVpnWireguardService\brave_vpn_wireguard_service.exe" [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-10-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-10-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [135136 2022-01-14] (Cypress Semiconductor Corporation -> Cypress Semiconductor)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-01-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl871e07a9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A51A90E-97AB-4FAA-AC32-CC30409E016D}\MpKslDrv.sys [267552 2025-01-10] (Microsoft Windows -> Microsoft Corporation)
S3 prwntdrv; C:\WINDOWS\system32\prwntdrv.sys [18528 2014-10-23] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [23072 2024-09-20] (RealDefense LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [57344 2022-05-07] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [81920 2022-10-04] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-10 15:10 - 2025-01-10 15:11 - 000000000 ____D C:\FRST
2025-01-10 14:53 - 2025-01-10 14:53 - 000728484 _____ C:\WINDOWS\system32\perfh005.dat
2025-01-10 14:53 - 2025-01-10 14:53 - 000151700 _____ C:\WINDOWS\system32\perfc005.dat
2025-01-10 14:52 - 2025-01-10 15:06 - 000000000 ____D C:\Users\Marian\AppData\Local\Malwarebytes
2025-01-10 14:52 - 2025-01-10 14:52 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-01-10 14:52 - 2025-01-10 14:52 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-01-10 14:52 - 2025-01-10 14:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-01-10 14:52 - 2025-01-10 14:52 - 000000000 ____D C:\Program Files\Malwarebytes
2025-01-10 13:12 - 2025-01-10 14:46 - 000000000 ____D C:\KVRT2020_Data
2025-01-10 07:02 - 2025-01-10 07:02 - 000000624 _____ C:\Users\Marian\Desktop\po.txt
2025-01-10 06:48 - 2025-01-10 06:48 - 144885903 _____ C:\Users\Marian\Downloads\TradingView_Premium_Desktop.zip
2025-01-08 13:29 - 2025-01-08 13:29 - 000000000 ____D C:\ProgramData\A16PP890HDJM
2025-01-08 13:26 - 2025-01-08 13:26 - 000000000 ____D C:\ProgramData\ZCTRQ9R1VKF3
2025-01-08 13:20 - 2025-01-08 13:20 - 000000000 ____D C:\Users\Marian\Nová složka
2025-01-07 07:05 - 2025-01-07 07:05 - 000236526 _____ C:\Users\Marian\Downloads\0266_Odmena_za_vernost-1736229932174.pdf
2025-01-03 16:53 - 2025-01-03 16:53 - 000001626 _____ C:\Users\Public\Desktop\Trader Workstation 10.23.lnk
2025-01-03 16:53 - 2025-01-03 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trader Workstation 10.23
2025-01-03 07:54 - 2025-01-03 07:54 - 000000000 ____D C:\ProgramData\Piriform
2025-01-03 07:53 - 2025-01-10 13:09 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2025-01-03 07:53 - 2025-01-10 13:09 - 000000000 ____D C:\Program Files\CCleaner
2025-01-03 07:53 - 2025-01-03 13:31 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-01-03 07:53 - 2025-01-03 07:53 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-01-03 07:53 - 2025-01-03 07:53 - 000002908 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Marian
2025-01-03 07:53 - 2025-01-03 07:53 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2025-01-03 07:53 - 2025-01-03 07:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2025-01-01 09:48 - 2025-01-01 17:21 - 000289055 _____ C:\Users\Marian\Downloads\U15219304_20240101_20241231.xlsx
2025-01-01 09:44 - 2025-01-01 09:47 - 000500273 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231.csv
2025-01-01 09:43 - 2025-01-01 09:43 - 000378455 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231.xlsx
2025-01-01 08:43 - 2025-01-01 08:43 - 000496834 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231_AS_Fv2_6971e3f28f0c5ce5ddbab992bda40d4a.xlsx
2025-01-01 08:29 - 2025-01-01 08:29 - 001691694 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231_AS_Fv2_a18bed456a79d4efea2ee1c0861a5d2b.pdf
2025-01-01 08:29 - 2025-01-01 08:29 - 000926765 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231_AS_Fv2_6971e3f28f0c5ce5ddbab992bda40d4a.csv
2024-12-30 22:39 - 2025-01-02 21:24 - 000002421 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2024-12-22 21:09 - 2024-12-02 14:12 - 000710000 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2024-12-22 21:09 - 2024-12-02 14:12 - 000604656 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2024-12-22 21:09 - 2024-12-02 14:11 - 000945520 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2024-12-22 21:09 - 2024-12-02 14:11 - 000708432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2024-12-22 21:09 - 2024-12-02 14:10 - 000594304 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2024-12-22 21:09 - 2024-12-02 14:10 - 000455856 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001972544 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001972544 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001529176 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001529176 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001437016 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001437016 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001150272 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001150272 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 000495424 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 000401216 _____ C:\WINDOWS\system32\ze_loader.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 000162112 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2024-12-22 21:09 - 2024-12-02 14:06 - 027966784 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2024-12-22 21:09 - 2024-12-02 14:06 - 020690752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2024-12-17 13:49 - 2025-01-03 16:50 - 000000000 ____D C:\Jts
2024-12-17 13:39 - 2024-12-17 13:44 - 172064424 _____ (Interactive Brokers LLC) C:\Users\Marian\Downloads\tws40_install_10.23.2a.exe
2024-12-17 13:14 - 2024-12-17 13:14 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3576560084-3732143217-555266759-1003
2024-12-17 13:14 - 2024-12-17 13:14 - 000002380 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-14 09:29 - 2024-12-14 09:29 - 000491435 _____ C:\Users\Marian\Downloads\Vankova_KNZ_KOL_5051266511_smlouvaPnd_241214_092935.pdf
2024-12-14 08:53 - 2024-12-14 08:53 - 000543985 _____ C:\Users\Marian\Downloads\eDoklady_Manuál použití v KNZ.pdf
2024-12-14 08:47 - 2024-12-14 08:47 - 000351990 _____ C:\Users\Marian\Downloads\Záznam z jednání - Vanková Vojtěška - 20. 10. 2024.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-10 15:08 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-10 15:07 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-01-10 14:53 - 2022-10-04 09:13 - 001718246 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-01-10 14:53 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2025-01-10 14:52 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-01-10 14:48 - 2023-05-30 12:43 - 000000000 ____D C:\Program Files\TeamViewer
2025-01-10 14:48 - 2022-10-04 09:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-01-10 14:48 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2025-01-10 14:48 - 2018-08-23 11:42 - 000000000 __SHD C:\Users\Marian\IntelGraphicsProfiles
2025-01-10 14:48 - 2018-08-20 10:33 - 000000000 ____D C:\ProgramData\Synaptics
2025-01-10 14:48 - 2018-08-20 10:33 - 000000000 ____D C:\Intel
2025-01-10 14:47 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-01-10 13:53 - 2022-10-04 09:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-01-10 13:11 - 2024-09-24 05:44 - 000000000 ____D C:\Users\Marian\AppData\Roaming\MPC-HC
2025-01-10 13:09 - 2024-10-28 16:40 - 000000000 ____D C:\Program Files (x86)\IObit
2025-01-10 13:07 - 2018-08-23 18:55 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-01-10 06:55 - 2024-11-05 14:00 - 000002554 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2025-01-10 06:51 - 2020-06-08 09:16 - 000001379 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-01-10 06:49 - 2020-06-08 09:16 - 000001273 _____ C:\Users\Marian\Desktop\ESET Online Scanner.lnk
2025-01-09 17:32 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2025-01-09 17:32 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-01-09 17:08 - 2018-08-23 11:42 - 000000000 ____D C:\Users\Marian\AppData\Local\Packages
2025-01-09 12:44 - 2024-10-28 16:41 - 000000000 ____D C:\ProgramData\ProductData3
2025-01-09 07:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-01-09 07:05 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-01-09 07:04 - 2018-08-25 08:07 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Word
2025-01-08 13:20 - 2022-10-04 08:41 - 000000000 ____D C:\Users\Marian
2025-01-08 07:20 - 2018-08-25 08:23 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Excel
2025-01-04 08:27 - 2020-06-09 16:57 - 000000000 ____D C:\Program Files\Recuva
2025-01-03 20:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-01-03 16:21 - 2018-08-23 12:52 - 000000000 ____D C:\Users\Marian\AppData\Local\D3DSCache
2025-01-02 21:27 - 2018-08-23 11:42 - 000000000 ____D C:\Users\Marian\AppData\Local\MicrosoftEdge
2025-01-02 21:24 - 2023-11-27 18:27 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2024-12-30 22:32 - 2023-11-27 18:27 - 000003510 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2024-12-30 22:32 - 2023-11-27 18:27 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2024-12-22 21:17 - 2018-08-20 10:33 - 000000000 ____D C:\Program Files\Intel
2024-12-22 21:09 - 2018-08-20 11:29 - 000000000 ____D C:\ProgramData\Package Cache
2024-12-21 18:38 - 2018-08-25 08:07 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Office
2024-12-21 18:05 - 2022-10-04 09:10 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 18:05 - 2022-10-04 09:10 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 22:23 - 2022-10-04 09:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2024-12-20 22:18 - 2022-01-14 18:30 - 000000000 ____D C:\SWSetup
2024-12-20 22:05 - 2019-02-05 11:37 - 000000000 ____D C:\Users\Marian\AppData\Local\HP
2024-12-20 21:18 - 2021-06-29 08:36 - 000000000 ____D C:\Program Files\HP
2024-12-20 13:07 - 2018-08-23 11:43 - 000000000 ____D C:\Users\Marian\AppData\Roaming\hpqLog
2024-12-17 17:11 - 2022-01-14 18:20 - 000000000 ____D C:\ProgramData\IObit
2024-12-17 13:14 - 2022-10-04 09:10 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3576560084-3732143217-555266759-1003
2024-12-14 10:54 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-12-13 21:58 - 2018-08-25 07:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
==================== Files in the root of some directories ========
2019-01-06 18:20 - 2019-01-06 18:20 - 000000001 _____ () C:\Users\Marian\AppData\Local\llftool.4.40.agreement
2018-08-23 14:01 - 2018-08-23 14:01 - 000007605 _____ () C:\Users\Marian\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
log Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2025 01
Ran by Marian (10-01-2025 15:12:14)
Running from D:\Programy\Malware
Microsoft Windows 11 Pro Version 23H2 22631.4602 (X64) (2022-10-04 08:11:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3576560084-3732143217-555266759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3576560084-3732143217-555266759-503 - Limited - Disabled)
Guest (S-1-5-21-3576560084-3732143217-555266759-501 - Limited - Disabled)
Marian (S-1-5-21-3576560084-3732143217-555266759-1003 - Administrator - Enabled) => C:\Users\Marian
WDAGUtilityAccount (S-1-5-21-3576560084-3732143217-555266759-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ADB AppControl verze 1.8.3 (HKLM-x32\...\{64A8B963-4FB2-49B5-B2B1-35A333497319}_is1) (Version: 1.8.3 - Cyber.Cat)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1697.6 - AVAST Software) Hidden
Avidemux VC++ 64bits (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\{f9f3df0b-b58e-4d21-b4fd-e5c4915cad0b}) (Version: 2.7.5 - Mean)
Balíček ovladače systému Windows - Microsoft USBDevice (02/19/2016 1.0.0.0) (HKLM\...\01D4AA89568B59E5941907D403E3B682EE413AB7) (Version: 02/19/2016 1.0.0.0 - Microsoft)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 72.2023.1006.0843 - F5 Networks, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.31 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\ActiveTouchMeetingClient) (Version: 42.3.1 - Cisco Webex LLC)
Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.278.150 - Conexant)
EaseUS Partition Recovery 8.5 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version: - EaseUS)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
ePodpisFS-x86 (HKLM-x32\...\{A3B9DFF0-4BC3-4578-9BB8-AAA16B26E65F}_is1) (Version: 13.0.0.0 - )
FFU Loader Driver 1.0.0 (HKLM-x32\...\{7209d085-ed88-4a08-beb2-c49db2b9e838}) (Version: 1.0.0 - Microsoft)
FFU Loader Driver 1.0.0 (HKLM-x32\...\{CA839C49-B3D1-4EA6-BB8A-21937B808771}) (Version: 1.0.0 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.265 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
HP LaserJet Pro MFP M125-M126 (HKLM-x32\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 15.0.15310.1316 - Hewlett-Packard)
HP LJ M125126 Scan HP Scan (HKLM-x32\...\{F84EA1B1-5184-4145-B6E6-5E5D33D85FE4}) (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{3EC04ABB-D60E-44B6-9403-0D9DE44F56D9}) (Version: 1.6.0.0 - HP Inc.)
HP Product FWUpdater (HKLM-x32\...\{5A11EF83-9E0A-4B5C-8D2F-1FF9551A5E8C}) (Version: 4.0.0.8895 - Hewlett-Packard Company) Hidden
HP Unified IO (HKLM\...\{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}) (Version: 2.0.0.434 - HP) Hidden
HP Unified IO (HKLM-x32\...\{F1390872-2500-4408-A46C-CD16C960C661}) (Version: 2.0.0.434 - HP) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{E2412D7F-3FB3-4638-819A-953908EA116E}) (Version: 24.6.49.8 - Intel) Hidden
Intel GFX Driver (HKLM-x32\...\{ca0ebadf-f7bd-4e32-9fec-e19a5d68c724}) (Version: 1.0.0.0 - Intel) Hidden
Intel(R) Arc Software & Drivers (HKLM\...\Intel(R) Arc Software & Drivers) (Version: 1.0.993.6 - Intel(R) Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{318C30A1-C7AF-414E-890F-6345E6E0FD33}) (Version: 2.4.09084 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{0703311b-31d5-4c17-9668-c48dee4b7749}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{0fdd3c9a-20e1-444d-8d00-8c413c83f824}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{1fe0084f-3e2b-4ba9-a4a6-c33f56e7f886}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{2aeceede-4a87-4cd8-b518-7a3598cf47be}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{34663e82-6c5e-4b48-b1b1-fee1881dc39b}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{56b89a97-2659-4931-bffa-4b136a521eb1}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7cd4cd84-8203-4ef3-92b4-ed60c8210241}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8850e5d7-7f46-4a65-8f61-90533664733c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{899f8bb6-99cd-4f33-a004-c70d9ec22260}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{9454a0e6-0762-48ec-b153-2a75b252d1fb}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{a3052cfa-e19e-4092-a8e5-264f6d84442c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ab620838-f172-44a7-88ea-614e2c134043}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{c49f9463-8ca3-4422-82b0-c06c7a9640ed}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ccb72772-9926-4b3e-9fff-7ab001bffac6}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{d8ebe554-4504-4ade-ada9-8617c4525581}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ed8a48d8-7f70-4dcd-b524-163792643281}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{f07e8107-88e2-4459-865e-665afe7dda07}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM\...\{0FCE256E-F9AA-4070-886F-7C75AED03FB5}) (Version: 10.1.19444.8378 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{8e171961-44e9-48e3-9a1e-7e05e5387200}) (Version: 10.1.19444.8378 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2351.5.48.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{56A1C2D8-CFC4-4AC5-B5F5-27B57643C069}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A5F91B87-4823-4C89-B65F-FF2157F73A64}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{B39E6B81-419D-4CC0-BBFD-A9C1401936BB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{2B2BD352-136F-4616-ACD6-AD967508F8D9}) (Version: 30.100.1914.3 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1914.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.71.99.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.71.99.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c0203f85-38d9-49b0-af1f-cc6a2096b774}) (Version: 1.71.99.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{E5FB0A2C-49A5-41B5-B5AB-249A3A05405E}) (Version: 24.6.49.8 - Intel)
Java 8 Update 431 (HKLM-x32\...\{71024AE4-039E-4CA4-87B4-2F32180431F0}) (Version: 8.0.4310.10 - Oracle Corporation)
K-Lite Codec Pack 18.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 18.5.5 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (pouze odinstalace) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes version 5.2.4.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.4.157 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.7 (x64) (HKLM\...\{3E3E3302-0CAD-4D0D-B6C0-206B30773468}) (Version: 64.28.16731 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.7 (x64) (HKLM\...\{CA4FE2DB-2E1C-453B-B8C9-960AB929E5B4}) (Version: 64.28.16731 - Microsoft Corporation) Hidden
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{641CD7B5-5711-44BC-B706-2A369CF75905}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{1FE18A4F-8E2C-49EE-8C80-F4C03C9AF81D}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.7 (x64) (HKLM\...\{F6FBF64F-D459-4F03-BF3B-C0A36A0596A2}) (Version: 64.28.16739 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.7 (x64) (HKLM-x32\...\{754bcfb5-42ac-4c12-8f12-b818943a1365}) (Version: 8.0.7.33814 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (HKLM\...\{680EDA59-9266-44B4-949E-0C24F65DFF82}) (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (HKLM-x32\...\{E3B64CC5-C011-40C0-92BC-7316CD5E5688}) (Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Philips Channel Editor (HKLM-x32\...\{0D70B4E7-5C69-4F38-B831-9437CD08AF2A}) (Version: 6.61.46 - Philips)
Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.57 - QUALCOMM Incorporated)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.154 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.115 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rostliny - Fotogalerie (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Rostliny - Fotogalerie) (Version: - )
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Ryby nasich vod (HKLM-x32\...\Ryby nasich vod) (Version: - )
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.50.0 - Samsung Electronics Co., Ltd.)
SignatureDriver (HKLM-x32\...\{A8F187A6-8C0A-42EC-AEF7-C5EADD4D8AA6}) (Version: 3.6.24 - SignoSoft)
signotec HID (HKLM\...\{C3EE487B-F804-42FE-BA97-6B4F611FE9D2}) (Version: 1.1.0 - signotec GmbH)
SixPack 2.0.20 (HKLM\...\{b7373a3b-63cf-5f3e-8049-f7c86486f3b5}) (Version: 2.0.20 - 6ti Minutovka 1.0 s.r.o.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1262 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.166 - Synaptics Incorporated)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.50.5 - TeamViewer)
Trader Workstation 10.23 (HKLM\...\5556-0173-2810-2300) (Version: (.2a) 20230615 16:54:18 - Interactive Brokers LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wacom STU Driver (HKLM-x32\...\{27d481b5-9939-4f89-ab90-3a4871c03104}) (Version: 5.4.5 - Wacom Co., Ltd.)
Wacom STU Driver (x64) (HKLM\...\{BFF3F85F-2194-4845-BCFF-B123B32F8B14}) (Version: 5.4.5 - Wacom Co., Ltd.) Hidden
Windows Device Recovery Tool 3.14.07501 (HKLM-x32\...\{453BBFB2-D227-40FB-9D87-F633C559D92B}) (Version: 3.14.07501 - Microsoft) Hidden
Windows Device Recovery Tool 3.14.07501 (HKLM-x32\...\{a8ef6d85-8556-4ab8-9e84-f935f5582d43}) (Version: 3.14.7501 - Microsoft)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)
Zoom Workplace (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\ZoomUMX) (Version: 6.2.7 (49583) - Zoom Video Communications, Inc.)
Živočichové - Fotogalerie (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Živočichové - Fotogalerie) (Version: - )
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-10] ()
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-20] (INTEL CORP) [Startup Task]
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.79.7900.0_x64__ytsefhwckbdv6 [2025-01-03] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_156.1.1125.0_x64__v10z8vjag6ke6 [2024-11-08] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6 [2025-01-08] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.44.0_x64__v10z8vjag6ke6 [2024-12-04] (HP Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-21] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-12-14] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft.HEVCVideoExtensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.2.10.0_x64__8wekyb3d8bbwe [2024-11-08] (Microsoft Corporation)
PhotoScape X -> C:\Program Files\WindowsApps\MooiiTech.PhotoScapeX_4.2.1.0_x64__f5eddttrpssna [2022-04-21] (Mooii Tech)
Wifi Analyzer and Scanner -> C:\Program Files\WindowsApps\28877WebProvider.WifiAnalyzerandScanner_1.2.1.0_x64__gdrx0g078t8zg [2024-09-24] (WebProvider)
WinRAR -> C:\Program Files\WinRAR [2022-04-17] (win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Marian\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\Users\Marian\AppData\Local\WebEx\WebEx64\Meetings\atucfobj.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2009-09-16 17:44 - 2009-09-16 17:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 10:44 - 2009-09-16 10:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
2023-01-17 22:04 - 2021-06-29 14:06 - 001431552 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\CONEXANT\Flow\x64\SQLite.Interop.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\BHO\ie_to_edge_bho_64.dll => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-12-17] (HP Inc. -> HP Inc.)
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\jp2ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-12-17] (HP Inc. -> HP Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Marian\AppData\Local\Temp\F5_TMP_801632291624919730141\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Marian\AppData\Local\Temp\F5_TMP_18317310420318416713435\InstallerControl.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Marian\AppData\Local\Temp\F5_TMP_25319668465813376103\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Marian\AppData\Local\Temp\F5_TMP_907516410818675373\urxhost.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\mfcr.cz -> mfcr.cz
IE trusted site: HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\rsts.cz -> hxxps://vpn1.rsts.cz
IE trusted site: HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\sharepoint.com -> hxxps://szsopava-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-09-21 10:45 - 2024-02-26 07:06 - 000001414 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 local.signotecwebsocket.de # signotec WebSocket Pad Server127.0.0.1 license.piriform.com
127.0.0.1 www.license.piriform.com
127.0.0.1 speccy.piriform.com
127.0.0.1 www.speccy.piriform.com
127.0.0.1 recuva.piriform.com
127.0.0.1 www.recuva.piriform.com
127.0.0.1 defraggler.piriform.com
127.0.0.1 www.defraggler.piriform.com
127.0.0.1 ccleaner.piriform.com
127.0.0.1 www.ccleaner.piriform.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\SignatureDriver\dll\wacom;C:\SignatureDriver\dll\hanvon;C:\SignatureDriver\dll\signotec;C:\Program Files\dotnet\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Marian\Downloads\2560x1600-Wallpaper-TGW.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Realtek RTL8822BE 802.11ac PCIe Adapter -> rtwlane.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "StartDriver.lnk"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "NokiaSuite.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4767C015-C727-4E8B-9748-95FA8D67FFC7}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D1FC14FD-226D-4AB3-A13F-5E2270650DD5}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{D0F24173-A50B-4050-9A45-94FD7EF3D22E}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F1B44328-DFF7-4BFE-9BDB-EAB5A0FB5232}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7A971262-8587-4AC5-933B-161996CBC5DB}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B73AC251-47A4-46E2-8201-64C10892924D}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [UDP Query User{02A646D5-7754-449E-8771-CC94D2D5505A}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E7D4F65B-9339-4177-80A9-64700D694EC1}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [{130725D3-DCC9-4D03-97CB-AFB58E64EEA8}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{409384FA-64D1-4A50-9572-6629EAECC165}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{734ECA72-F45F-48D1-BF4E-DDB4E17EC563}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{985E426F-C3FB-4E81-8D41-AAD13FFD0332}C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe] => (Allow) C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe
FirewallRules: [TCP Query User{7EAB67A5-A420-4E0C-B17F-38CBC23E8504}C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe] => (Allow) C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe
FirewallRules: [{906432A5-122F-478C-BC50-806E1662184D}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{F5732DE0-6379-4F93-B6C2-CA42AF23D666}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B1123F75-85A4-4D1A-82BB-339D482C4D92}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3268B5CF-9212-4D7F-A16D-33B2779A12D1}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{15DFCF0F-A5C5-490B-A49E-252FC2219EBF}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [{AA01A3DD-7B50-4917-919E-4730B2640FFA}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B5D0296E-848B-453B-8BD8-330F2C3F24FD}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{40E9B272-413C-4C95-8F03-B2589C62AE94}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{E6C235D3-6BB0-4EF9-B279-BEE7B4F42BD6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{7AF64807-F788-4030-811C-760F47EAD71D}] => (Allow) C:\SignatureDriver\driver\bin\tomcat8.exe (The Apache Software Foundation -> Apache Software Foundation)
FirewallRules: [{C6EE49A1-654E-4196-8B42-CFB56BB4680B}] => (Allow) C:\SignatureDriver\Java\jdk1.8.0_181\jre\bin\java.exe
FirewallRules: [TCP Query User{C6C71762-2B51-4D85-B1F5-E915489B21C9}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F6F3CAD5-EF4F-4909-8184-2AD5475596ED}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B80B2FEB-00EE-4A5A-BA11-7F987735978D}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{4EE62843-1342-4F2D-931B-984423683161}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2F7A3DFF-291C-47D5-9EAD-107E46105CD4}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FEBB1EA9-2D9C-4CDA-A47C-AAD0CB1A3FD1}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [TCP Query User{882CD998-AE9F-45C2-A4DB-E6327A61BC3A}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8427AA98-5BBA-4106-B2E0-CB3801F7CCB0}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [{66373BC4-A1E6-4EE1-BC9F-5CD2F522ED45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{791DFB43-9163-4F73-B573-D55D0B452230}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F0EEFCCC-C47A-407C-BE5B-6A3A3A367EC8}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{19AD830C-1746-430A-AAA9-857722E58671}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [TCP Query User{99BC3592-FD4A-4A75-BD7A-C3D276BCF221}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B7F86751-9519-440C-BB9F-B513DA2D616B}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [{5D206B62-3C7F-4077-B754-946FEAFD97A2}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C9083D78-1302-49E5-AC79-93EC61040EEC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB99ECB7-874A-4EF0-8D76-759CFEBF10EA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DB7FABFB-77F8-4B10-B498-F9DDE312B478}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E878E7FF-EE9A-487E-BEA5-9C36FB85F3D6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{47E7F3D6-A40D-4DAE-B7BA-940952FDE1AC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B09574E-BB1E-4758-9F90-27AFAB7262EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E31C15DF-67AA-4953-8F7B-BD17EC70F20D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{54C00AA3-9C25-4168-BE8B-CE01F9F45BFB}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [UDP Query User{10DF8D2A-831D-4EE2-B58A-6F5C9BA49FD6}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [{B8064EB6-0169-4E82-9EC5-8CD8E0B9681C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EAAD3CED-3807-456E-8C1D-EE60B9428DC4}C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [UDP Query User{CD2D1414-A290-45ED-9C11-8963F8DBA90E}C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [{9AB20BEE-02AE-4B4E-9A9C-0E0506429507}] => (Block) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [{C3758001-0B0F-4D4F-9DC3-2AC3709AEAE6}] => (Block) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [{A60D8661-66C4-46E5-BF80-89C1829A183B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3ADE446D-268F-474B-8F30-A6F8F521692E}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [TCP Query User{F20F5B5C-A980-4EF2-81EF-11563BBC2510}C:\jts\1023\tws.exe] => (Allow) C:\jts\1023\tws.exe (Interactive Brokers Group, Inc. -> Interactive Brokers LLC)
FirewallRules: [UDP Query User{0B9DD36F-E98C-4F60-BB82-CEA0F5360BC0}C:\jts\1023\tws.exe] => (Allow) C:\jts\1023\tws.exe (Interactive Brokers Group, Inc. -> Interactive Brokers LLC)
FirewallRules: [{E77432F4-809D-4BCA-AACD-69CB5C29017F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:117.75 GB) (Free:24.23 GB) (21%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/10/2025 01:10:58 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službě Windows Search se nepodařilo zpracovat seznam zahrnutých a vyloučených umístění, a to s chybou <30, 0x80040d07, iehistory://{S-1-5-21-3576560084-3732143217-555266759-1003}/>.
Error: (01/08/2025 10:20:25 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: bad_module_info, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x0xa48
Čas spuštění chybující aplikace: 0x0x1db61c94f71e5bd
Cesta k chybující aplikaci: bad_module_info
Cesta k chybujícímu modulu: unknown
ID zprávy: 688b668d-76e8-4814-9cb9-28e29d2d5543
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/07/2025 10:21:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]
Error: (01/07/2025 10:21:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: HotKeyServiceUWP.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: kód výjimky c0000005, adresa výjimky 00007FF705B4E713
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]
System errors:
=============
Error: (01/10/2025 02:50:15 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
Error: (01/10/2025 02:50:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (01/10/2025 02:50:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Aktualizace Google (gupdate) bylo dosaženo časového limitu (30000 ms).
Error: (01/10/2025 02:50:13 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.
Error: (01/10/2025 02:50:11 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.
Error: (01/10/2025 02:49:54 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.
Error: (01/10/2025 02:49:52 PM) (Source: disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk2\DR2.
Error: (01/10/2025 02:48:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba GameInput Service byla neočekávaně ukončena. Tento stav nastal již 6krát.
Windows Defender:
================
Date: 2025-01-09 17:33:26
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CA043B75-AF44-4D77-A807-D5F6BBB67615}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-08 21:49:11
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FE7D1BEE-9594-4F12-ADA4-E20FA159D04D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-08 18:53:33
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F2F4552E-9A1B-4DF6-81A0-7D26DCD1221D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:09:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {663F5B46-F565-4387-9091-0FB63AF52210}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-31 20:46:11
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {971A445A-B32D-4148-9B6D-E054BD36694A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
CodeIntegrity:
===============
Date: 2025-01-10 15:07:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_dca7f3f6531ce13b\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2025-01-10 15:04:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2025-01-10 15:03:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-01-10 15:00:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: HP Q85 Ver. 01.30.00 11/20/2024
Motherboard: HP 837D
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 55%
Total physical RAM: 8051.21 MB
Available physical RAM: 3592.87 MB
Total Virtual: 16243.21 MB
Available Virtual: 11815.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.75 GB) (Free:24.23 GB) (Model: SAMSUNG MZNLN128HAHQ-000H1) NTFS
Drive d: (Data) (Fixed) (Total:540.87 GB) (Free:67.48 GB) (Model: TOSHIBA MQ04ABF100) NTFS
Drive e: (Záloha) (Fixed) (Total:146.48 GB) (Free:89.89 GB) (Model: TOSHIBA MQ04ABF100) NTFS
Drive f: (Práce) (Fixed) (Total:244.14 GB) (Free:117.29 GB) (Model: TOSHIBA MQ04ABF100) NTFS
\\?\Volume{d647cabe-9562-4e94-9d5b-06f19d260716}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{5ea6e0dc-bc8a-4565-a1d3-eda63eba9217}\ () (Fixed) (Total:0.94 GB) (Free:0.1 GB) NTFS
\\?\Volume{ba868bab-2fc7-486f-b009-b744ef3d09e9}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 086340C5)
Partition: GPT.
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 0863A0C6)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vidar infostealer
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vidar infostealer
Zdravím!
Fórum viry.cz neprovádí odvirování, ani čištění firemních PC. Od toho je firemní IT oddělení.
Fórum viry.cz neprovádí odvirování, ani čištění firemních PC. Od toho je firemní IT oddělení.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
letadloaero
- Návštěvník
- Příspěvky: 17
- Registrován: 21 čer 2011 05:45
Re: Vidar infostealer
Není to firemní notebook, ale přihlašuji se s ním na firemní email a do databází (jsem osvč-zprostředkovatel) a kdyby to byl firemní pc tak jim ho dám ať se starají. Poslali jenom email, že mě odstřihli od všeho a mám si to vyřešit sám. Projel jsem PC clenerem a antispywarem a nic jsem nenašel.
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vidar infostealer
No nevím, pokud vám zakázal přístup váš zaměstnavatel, měla by to být jeho věc. Nicméně to zkusím. Spusťte nejdřív tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
letadloaero
- Návštěvník
- Příspěvky: 17
- Registrován: 21 čer 2011 05:45
Re: Vidar infostealer
Ještě jednou děkuji moc děkuji.
log
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-10-2025
# Duration: 00:00:12
# OS: Windows 11 (Build 22631.4602)
# Scanned: 32096
# Detected: 15
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Marian\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Marian\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F322B446-B157-4257-B44F-4F22D41F8EDB}
Preinstalled.SamsungSmartSwitch Folder C:\Users\Marian\AppData\Roaming\SAMSUNG\SMART SWITCH PC
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
a po zavření programu ještě jeden log
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-10-2025
# Duration: 00:00:00
# OS: Windows 11 (Build 22631.4602)
# Cleaned: 5
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\Marian\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3036 octets] - [10/01/2025 17:10:56]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
log
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-10-2025
# Duration: 00:00:12
# OS: Windows 11 (Build 22631.4602)
# Scanned: 32096
# Detected: 15
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Marian\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\Marian\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F322B446-B157-4257-B44F-4F22D41F8EDB}
Preinstalled.SamsungSmartSwitch Folder C:\Users\Marian\AppData\Roaming\SAMSUNG\SMART SWITCH PC
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
a po zavření programu ještě jeden log
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-10-2025
# Duration: 00:00:00
# OS: Windows 11 (Build 22631.4602)
# Cleaned: 5
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\Marian\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3036 octets] - [10/01/2025 17:10:56]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vidar infostealer
Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
letadloaero
- Návštěvník
- Příspěvky: 17
- Registrován: 21 čer 2011 05:45
Re: Vidar infostealer
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-01-2025 02
Ran by Marian (administrator) on DESKTOP-5D375SL (HP HP ProBook 450 G5) (10-01-2025 17:52:31)
Running from D:\Programy\Malware\FRST64.exe
Loaded Profiles: Marian
Platform: Microsoft Windows 11 Pro Version 23H2 22631.4602 (X64) Language: Čeština (Česko)
Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (RealDefense LLC -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.220.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318112 2017-11-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752216 2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11699224 2024-12-03] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [24071312 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [CiscoMeetingDaemon] => C:\Users\Marian\AppData\Local\WebEx\WebexHost.exe [8077920 2023-07-13] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45381424 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {b04efcab-53bc-11ed-bc94-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d0d56b69-23c0-11ef-bcee-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d3a10da5-1adc-11ed-bc77-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\131.0.6778.265\Installer\chrmstp.exe [2025-01-10] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\Installer\chrmstp.exe [2025-01-02] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2023-11-10]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartDriver.lnk [2022-10-20]
ShortcutTarget: StartDriver.lnk -> C:\SignatureDriver\driver\bin\runSilent.vbs () [File not signed]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {A0791F63-932B-44D2-8FCC-B9BDF2221727} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {CE1510DA-E82C-4919-A5B0-12BA6B9F33FB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {CF9E9FEF-2178-45C3-A091-BF9B69B4326A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {4E51B2E6-E526-4289-A0D6-46EF44BC8CD4} - System32\Tasks\AvastBrowserProtectS-1-5-21-3576560084-3732143217-555266759-1003 => C:\Program Files\AVAST Software\Browser\Application\AvastBrowserProtect.exe [1690008 2024-04-16] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {746E8D89-FBF6-4C56-8166-984CBFB8A98E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {5F103CB1-687B-4C6B-86A5-5F2C4CBBF7AB} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {EE8A92D0-64A0-47AF-99D3-790F4237FB7B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [829408 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {6F96F2AD-3277-483E-964D-3854B7D5CCC9} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "0d00bd21-a1ed-49e1-b2f7-79b721e2360f" --version "6.31.11415" --silent
Task: {89B2DD93-5600-4D8D-8F6D-885DBBEFDAE3} - System32\Tasks\CCleanerSkipUAC - Marian => C:\Program Files\CCleaner\CCleaner.exe [39151920 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
Task: {AA95F125-7361-412E-B4BE-FADF4A209D37} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5575576 2024-12-10] (Microsoft Windows -> Microsoft Corporation)
Task: {ADB9EBEF-A43E-42D5-A5D2-4A567729D0ED} - System32\Tasks\G2MUpdateTask-S-1-5-21-3576560084-3732143217-555266759-1003 => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {88F592A1-D371-49E8-82DC-C506DF89DDBB} - System32\Tasks\G2MUploadTask-S-1-5-21-3576560084-3732143217-555266759-1003 => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {ABE8D5F4-44EC-47F5-9B27-752C105F71B6} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{795E2FB3-CBFE-4BFF-A2ED-D35E677E1984} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {E43F7235-230B-4F11-AFC4-EC210EB0F987} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [1003528 2024-12-17] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {3C0351B5-51BF-48AC-A2D2-10C9D45E1211} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [479984 2024-12-17] (HP Inc. -> HP Inc.)
Task: {F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => "C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe" (No File)
Task: {6FED9C97-1CF7-4B15-ACFC-CC8E9CB490F2} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-11-08] (HP Inc. -> HP Inc.)
Task: {5B485602-6806-41BE-8ADC-9192E86A5DB2} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-11-08] (HP Inc. -> HP Inc.)
Task: {8A44C216-1D43-4A0D-9131-A3083CE64FB2} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002480 2023-02-21] (Intel Corporation -> Intel Corporation)
Task: {4AA440B8-FED5-4B96-B82F-AD18E08550B0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002480 2023-02-21] (Intel Corporation -> Intel Corporation)
Task: {0AEF898D-9B9D-4ED5-A41A-1468C2962EA3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {BEF9D0D4-006D-4732-9479-36A14645F17A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2118144 2024-09-02] () [File not signed]
Task: {D1713CEF-F680-43EA-AC8C-E656A67A9354} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BC9E62C-A633-42D5-95E8-F7DA0E852633} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A1821E1-6084-4ED5-9794-EEF44238DDE1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {468437BD-1C74-4FAE-B707-66D225373FF3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C0E3887-906E-4B61-8FDA-EB1E4E39CB86} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2938448 2020-07-02] (Conexant Systems LLC -> Conexant)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {0D089A66-CE07-4A68-8D4D-41FEB114E5B2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File)
Task: {94C690A0-2B27-4D04-9ED0-3CA29BEFD73D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {7CADEA4A-9631-4513-88B5-1EC748587B97} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {3A03AAED-A183-4D7C-B6F9-A75AC6851FA1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {24334E5D-242C-414F-B7FB-09076F286F51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D890ACC1-81C4-4E6D-9401-EEB32D8DC6F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFED3FB3-6C18-4AE8-8682-D9ABA03380AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {40C32493-1E93-4184-9A82-64A341CC373B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (No File)
Task: {F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (No File)
Task: {915D70AD-0424-4AAC-8E2E-DC57B99DE54A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (No File)
Task: {6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6} - System32\Tasks\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (No File)
Task: {1B88E2D8-4A82-47F3-B1E9-2516ADA50A63} - System32\Tasks\Sump Task (One-Time) => "C:\Program Files (x86)\IObit\Advanced SystemCare\sump.exe" -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/sup2
Task: {AF65B719-5FAB-4472-AE9D-D975D0BC268B} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-3576560084-3732143217-555266759-1003 => C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe [435000 2024-11-26] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3576560084-3732143217-555266759-1003.job => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3576560084-3732143217-555266759-1003.job => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d25a711a-c14b-4f9d-a76f-621ffe89f0ae}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\0756E647160266275656: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\0756E647160266275656: [DhcpNameServer] 172.31.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373F574: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373F574: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D223232354: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D223232354: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D254345464: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D254345464: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B416079647F6C6F577966696: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B416079647F6C6F577966696: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B4F4D4A5143494: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B4F4D4A5143494: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\D485D284F4D45473637353: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\D485D284F4D45473637353: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-10]
Edge DownloadDir: Default -> C:\Users\Marian\Downloads
Edge Notifications: Default -> hxxps://webmail.kapitol.cz
Edge Extension: (Ultimate Video Downloader) - C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ajhiojdgfpacghbbefjjnomoihpljhai [2020-12-29]
Edge Extension: (Dokumenty Google offline) - C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-21]
Edge Extension: (Edge relevant text changes) - C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-27]
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2019-01-16] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.431.2 -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\dtplugin\npDeployJava1.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.431.2 -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\plugin2\npjp2.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2019-01-16] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default [2025-01-10]
CHR DownloadDir: D:\
CHR Notifications: Default -> hxxps://39.cpnotesz.com; hxxps://9xbuddy.xyz; hxxps://a.mp3pro.xyz; hxxps://calendar.google.com; hxxps://captchamodern.top; hxxps://freecaptcha.top; hxxps://leonsitheckrew.info; hxxps://teams.microsoft.com; hxxps://webmail.kapitol.cz; hxxps://www.fyzioklinika.cz; hxxps://www.grizly.cz; hxxps://www.hamty.cz; hxxps://www.kupi.cz; hxxps://www.sevt.cz; hxxps://www.tradingview.com
CHR StartupUrls: Default -> "chrome://newtab/"
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-20]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-12-11]
CHR Extension: (I don't care about cookies) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2024-06-30]
CHR Extension: (Hamty.cz doplněk) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccfnphpieojibjmnodiiobdapckkkfb [2024-09-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2024-12-13]
CHR Extension: (HLS Downloader) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkbifmjmkohpemgdkknlbgmnpocooogp [2024-11-30]
CHR Extension: (Převod řeči na text) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2023-03-07]
CHR Extension: (Live Stream Downloader) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2025-01-05]
CHR Extension: (Video Downloader HD) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcbiamenoghegpghidohnfegcepamdm [2024-12-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Vimeo™ Video Downloader Pro) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\penndbmahnpapepljikkjmakcobdahne [2024-12-27]
CHR Profile: C:\Users\Marian\AppData\Local\Google\Chrome\User Data\System Profile [2025-01-10]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKU\S-1-5-21-3576560084-3732143217-555266759-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [231456 2024-09-20] (RealDefense LLC -> SUPERAntiSpyware.com)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\elevation_service.exe [1910616 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1087792 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
S2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [81408 2021-08-25] (Conexant Systems LLC.) [File not signed]
S2 CxUtilSvc; C:\WINDOWS\CxSvc\CxUtilSvc.exe [173880 2021-08-25] (Synaptics Incorporated -> Conexant Systems LLC.)
S2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [47000 2024-11-25] (Intel Corporation -> Intel)
S2 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [330136 2024-11-25] (Intel Corporation -> Intel)
S2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [23912 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe [1510464 2024-10-28] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [887904 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPAudioAnalytics; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe [516184 2024-10-28] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [886368 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [882296 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2024-11-08] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-28] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [887392 2024-12-17] (HP Inc. -> HP Inc.)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe [605280 2024-10-28] (HP Inc. -> HP Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 qcmtusvc; C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe [129024 2019-01-02] (QUALCOMM, Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2021-11-25] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2021-11-25] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [21007160 2024-01-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S2 valWBFPolicyService; C:\WINDOWS\System32\valWBFPolicyService.exe [92520 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveVpnWireguardService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\121.1.62.162\BraveVpnWireguardService\brave_vpn_wireguard_service.exe" [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-10-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-10-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [135136 2022-01-14] (Cypress Semiconductor Corporation -> Cypress Semiconductor)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-01-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl871e07a9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A51A90E-97AB-4FAA-AC32-CC30409E016D}\MpKslDrv.sys [267552 2025-01-10] (Microsoft Windows -> Microsoft Corporation)
S3 prwntdrv; C:\WINDOWS\system32\prwntdrv.sys [18528 2014-10-23] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [23072 2024-09-20] (RealDefense LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [57344 2022-05-07] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [81920 2022-10-04] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-10 17:10 - 2025-01-10 17:17 - 000000000 ____D C:\AdwCleaner
2025-01-10 17:08 - 2025-01-10 17:08 - 008790880 _____ (Malwarebytes) C:\Users\Marian\Desktop\AdwCleaner.exe
2025-01-10 15:10 - 2025-01-10 17:52 - 000000000 ____D C:\FRST
2025-01-10 14:53 - 2025-01-10 14:53 - 000728484 _____ C:\WINDOWS\system32\perfh005.dat
2025-01-10 14:53 - 2025-01-10 14:53 - 000151700 _____ C:\WINDOWS\system32\perfc005.dat
2025-01-10 14:52 - 2025-01-10 15:06 - 000000000 ____D C:\Users\Marian\AppData\Local\Malwarebytes
2025-01-10 14:52 - 2025-01-10 14:52 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-01-10 14:52 - 2025-01-10 14:52 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-01-10 14:52 - 2025-01-10 14:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-01-10 14:52 - 2025-01-10 14:52 - 000000000 ____D C:\Program Files\Malwarebytes
2025-01-10 13:12 - 2025-01-10 14:46 - 000000000 ____D C:\KVRT2020_Data
2025-01-10 07:02 - 2025-01-10 07:02 - 000000624 _____ C:\Users\Marian\Desktop\po.txt
2025-01-08 13:29 - 2025-01-08 13:29 - 000000000 ____D C:\ProgramData\A16PP890HDJM
2025-01-08 13:26 - 2025-01-08 13:26 - 000000000 ____D C:\ProgramData\ZCTRQ9R1VKF3
2025-01-08 13:20 - 2025-01-08 13:20 - 000000000 ____D C:\Users\Marian\Nová složka
2025-01-03 16:53 - 2025-01-03 16:53 - 000001626 _____ C:\Users\Public\Desktop\Trader Workstation 10.23.lnk
2025-01-03 16:53 - 2025-01-03 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trader Workstation 10.23
2025-01-03 07:54 - 2025-01-03 07:54 - 000000000 ____D C:\ProgramData\Piriform
2025-01-03 07:53 - 2025-01-10 13:09 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2025-01-03 07:53 - 2025-01-10 13:09 - 000000000 ____D C:\Program Files\CCleaner
2025-01-03 07:53 - 2025-01-03 13:31 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-01-03 07:53 - 2025-01-03 07:53 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-01-03 07:53 - 2025-01-03 07:53 - 000002908 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Marian
2025-01-03 07:53 - 2025-01-03 07:53 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2025-01-03 07:53 - 2025-01-03 07:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2025-01-01 09:48 - 2025-01-01 17:21 - 000289055 _____ C:\Users\Marian\Downloads\U15219304_20240101_20241231.xlsx
2025-01-01 09:44 - 2025-01-01 09:47 - 000500273 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231.csv
2025-01-01 09:43 - 2025-01-01 09:43 - 000378455 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231.xlsx
2025-01-01 08:43 - 2025-01-01 08:43 - 000496834 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231_AS_Fv2_6971e3f28f0c5ce5ddbab992bda40d4a.xlsx
2025-01-01 08:29 - 2025-01-01 08:29 - 001691694 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231_AS_Fv2_a18bed456a79d4efea2ee1c0861a5d2b.pdf
2025-01-01 08:29 - 2025-01-01 08:29 - 000926765 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231_AS_Fv2_6971e3f28f0c5ce5ddbab992bda40d4a.csv
2024-12-30 22:39 - 2025-01-02 21:24 - 000002421 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2024-12-22 21:09 - 2024-12-02 14:12 - 000710000 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2024-12-22 21:09 - 2024-12-02 14:12 - 000604656 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2024-12-22 21:09 - 2024-12-02 14:11 - 000945520 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2024-12-22 21:09 - 2024-12-02 14:11 - 000708432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2024-12-22 21:09 - 2024-12-02 14:10 - 000594304 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2024-12-22 21:09 - 2024-12-02 14:10 - 000455856 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001972544 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001972544 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001529176 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001529176 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001437016 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001437016 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001150272 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001150272 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 000495424 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 000401216 _____ C:\WINDOWS\system32\ze_loader.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 000162112 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2024-12-22 21:09 - 2024-12-02 14:06 - 027966784 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2024-12-22 21:09 - 2024-12-02 14:06 - 020690752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2024-12-17 13:49 - 2025-01-03 16:50 - 000000000 ____D C:\Jts
2024-12-17 13:39 - 2024-12-17 13:44 - 172064424 _____ (Interactive Brokers LLC) C:\Users\Marian\Downloads\tws40_install_10.23.2a.exe
2024-12-17 13:14 - 2024-12-17 13:14 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3576560084-3732143217-555266759-1003
2024-12-17 13:14 - 2024-12-17 13:14 - 000002380 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-14 09:29 - 2024-12-14 09:29 - 000491435 _____ C:\Users\Marian\Downloads\Vankova_KNZ_KOL_5051266511_smlouvaPnd_241214_092935.pdf
2024-12-14 08:53 - 2024-12-14 08:53 - 000543985 _____ C:\Users\Marian\Downloads\eDoklady_Manuál použití v KNZ.pdf
2024-12-14 08:47 - 2024-12-14 08:47 - 000351990 _____ C:\Users\Marian\Downloads\Záznam z jednání - Vanková Vojtěška - 20. 10. 2024.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-10 17:17 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-10 17:17 - 2022-01-14 18:20 - 000000000 ____D C:\Users\Marian\AppData\Roaming\IObit
2025-01-10 17:17 - 2022-01-14 18:20 - 000000000 ____D C:\ProgramData\IObit
2025-01-10 15:17 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-01-10 14:53 - 2022-10-04 09:13 - 001718246 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-01-10 14:53 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2025-01-10 14:52 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-01-10 14:48 - 2023-05-30 12:43 - 000000000 ____D C:\Program Files\TeamViewer
2025-01-10 14:48 - 2022-10-04 09:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-01-10 14:48 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2025-01-10 14:48 - 2018-08-23 11:42 - 000000000 __SHD C:\Users\Marian\IntelGraphicsProfiles
2025-01-10 14:48 - 2018-08-20 10:33 - 000000000 ____D C:\ProgramData\Synaptics
2025-01-10 14:48 - 2018-08-20 10:33 - 000000000 ____D C:\Intel
2025-01-10 14:47 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-01-10 13:53 - 2022-10-04 09:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-01-10 13:11 - 2024-09-24 05:44 - 000000000 ____D C:\Users\Marian\AppData\Roaming\MPC-HC
2025-01-10 13:09 - 2024-10-28 16:40 - 000000000 ____D C:\Program Files (x86)\IObit
2025-01-10 13:07 - 2018-08-23 18:55 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-01-10 06:55 - 2024-11-05 14:00 - 000002554 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2025-01-10 06:51 - 2020-06-08 09:16 - 000001379 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-01-10 06:49 - 2020-06-08 09:16 - 000001273 _____ C:\Users\Marian\Desktop\ESET Online Scanner.lnk
2025-01-09 17:32 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2025-01-09 17:32 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-01-09 17:08 - 2018-08-23 11:42 - 000000000 ____D C:\Users\Marian\AppData\Local\Packages
2025-01-09 12:44 - 2024-10-28 16:41 - 000000000 ____D C:\ProgramData\ProductData3
2025-01-09 07:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-01-09 07:05 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-01-09 07:04 - 2018-08-25 08:07 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Word
2025-01-08 13:20 - 2022-10-04 08:41 - 000000000 ____D C:\Users\Marian
2025-01-08 07:20 - 2018-08-25 08:23 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Excel
2025-01-04 08:27 - 2020-06-09 16:57 - 000000000 ____D C:\Program Files\Recuva
2025-01-03 20:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-01-03 16:21 - 2018-08-23 12:52 - 000000000 ____D C:\Users\Marian\AppData\Local\D3DSCache
2025-01-02 21:27 - 2018-08-23 11:42 - 000000000 ____D C:\Users\Marian\AppData\Local\MicrosoftEdge
2025-01-02 21:24 - 2023-11-27 18:27 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2024-12-30 22:32 - 2023-11-27 18:27 - 000003510 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2024-12-30 22:32 - 2023-11-27 18:27 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2024-12-22 21:17 - 2018-08-20 10:33 - 000000000 ____D C:\Program Files\Intel
2024-12-22 21:09 - 2018-08-20 11:29 - 000000000 ____D C:\ProgramData\Package Cache
2024-12-21 18:38 - 2018-08-25 08:07 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Office
2024-12-21 18:05 - 2022-10-04 09:10 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 18:05 - 2022-10-04 09:10 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 22:23 - 2022-10-04 09:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2024-12-20 22:18 - 2022-01-14 18:30 - 000000000 ____D C:\SWSetup
2024-12-20 22:05 - 2019-02-05 11:37 - 000000000 ____D C:\Users\Marian\AppData\Local\HP
2024-12-20 21:18 - 2021-06-29 08:36 - 000000000 ____D C:\Program Files\HP
2024-12-20 13:07 - 2018-08-23 11:43 - 000000000 ____D C:\Users\Marian\AppData\Roaming\hpqLog
2024-12-17 13:14 - 2022-10-04 09:10 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3576560084-3732143217-555266759-1003
2024-12-14 10:54 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-12-13 21:58 - 2018-08-25 07:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
==================== Files in the root of some directories ========
2019-01-06 18:20 - 2019-01-06 18:20 - 000000001 _____ () C:\Users\Marian\AppData\Local\llftool.4.40.agreement
2018-08-23 14:01 - 2018-08-23 14:01 - 000007605 _____ () C:\Users\Marian\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2025 02
Ran by Marian (10-01-2025 17:53:42)
Running from D:\Programy\Malware
Microsoft Windows 11 Pro Version 23H2 22631.4602 (X64) (2022-10-04 08:11:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3576560084-3732143217-555266759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3576560084-3732143217-555266759-503 - Limited - Disabled)
Guest (S-1-5-21-3576560084-3732143217-555266759-501 - Limited - Disabled)
Marian (S-1-5-21-3576560084-3732143217-555266759-1003 - Administrator - Enabled) => C:\Users\Marian
WDAGUtilityAccount (S-1-5-21-3576560084-3732143217-555266759-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ADB AppControl verze 1.8.3 (HKLM-x32\...\{64A8B963-4FB2-49B5-B2B1-35A333497319}_is1) (Version: 1.8.3 - Cyber.Cat)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1697.6 - AVAST Software) Hidden
Avidemux VC++ 64bits (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\{f9f3df0b-b58e-4d21-b4fd-e5c4915cad0b}) (Version: 2.7.5 - Mean)
Balíček ovladače systému Windows - Microsoft USBDevice (02/19/2016 1.0.0.0) (HKLM\...\01D4AA89568B59E5941907D403E3B682EE413AB7) (Version: 02/19/2016 1.0.0.0 - Microsoft)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 72.2023.1006.0843 - F5 Networks, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.31 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\ActiveTouchMeetingClient) (Version: 42.3.1 - Cisco Webex LLC)
Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.278.150 - Conexant)
EaseUS Partition Recovery 8.5 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version: - EaseUS)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
ePodpisFS-x86 (HKLM-x32\...\{A3B9DFF0-4BC3-4578-9BB8-AAA16B26E65F}_is1) (Version: 13.0.0.0 - )
FFU Loader Driver 1.0.0 (HKLM-x32\...\{7209d085-ed88-4a08-beb2-c49db2b9e838}) (Version: 1.0.0 - Microsoft)
FFU Loader Driver 1.0.0 (HKLM-x32\...\{CA839C49-B3D1-4EA6-BB8A-21937B808771}) (Version: 1.0.0 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.265 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
HP LaserJet Pro MFP M125-M126 (HKLM-x32\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 15.0.15310.1316 - Hewlett-Packard)
HP LJ M125126 Scan HP Scan (HKLM-x32\...\{F84EA1B1-5184-4145-B6E6-5E5D33D85FE4}) (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{3EC04ABB-D60E-44B6-9403-0D9DE44F56D9}) (Version: 1.6.0.0 - HP Inc.)
HP Product FWUpdater (HKLM-x32\...\{5A11EF83-9E0A-4B5C-8D2F-1FF9551A5E8C}) (Version: 4.0.0.8895 - Hewlett-Packard Company) Hidden
HP Unified IO (HKLM\...\{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}) (Version: 2.0.0.434 - HP) Hidden
HP Unified IO (HKLM-x32\...\{F1390872-2500-4408-A46C-CD16C960C661}) (Version: 2.0.0.434 - HP) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{E2412D7F-3FB3-4638-819A-953908EA116E}) (Version: 24.6.49.8 - Intel) Hidden
Intel GFX Driver (HKLM-x32\...\{ca0ebadf-f7bd-4e32-9fec-e19a5d68c724}) (Version: 1.0.0.0 - Intel) Hidden
Intel(R) Arc Software & Drivers (HKLM\...\Intel(R) Arc Software & Drivers) (Version: 1.0.993.6 - Intel(R) Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{318C30A1-C7AF-414E-890F-6345E6E0FD33}) (Version: 2.4.09084 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{0703311b-31d5-4c17-9668-c48dee4b7749}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{0fdd3c9a-20e1-444d-8d00-8c413c83f824}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{1fe0084f-3e2b-4ba9-a4a6-c33f56e7f886}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{2aeceede-4a87-4cd8-b518-7a3598cf47be}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{34663e82-6c5e-4b48-b1b1-fee1881dc39b}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{56b89a97-2659-4931-bffa-4b136a521eb1}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7cd4cd84-8203-4ef3-92b4-ed60c8210241}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8850e5d7-7f46-4a65-8f61-90533664733c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{899f8bb6-99cd-4f33-a004-c70d9ec22260}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{9454a0e6-0762-48ec-b153-2a75b252d1fb}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{a3052cfa-e19e-4092-a8e5-264f6d84442c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ab620838-f172-44a7-88ea-614e2c134043}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{c49f9463-8ca3-4422-82b0-c06c7a9640ed}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ccb72772-9926-4b3e-9fff-7ab001bffac6}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{d8ebe554-4504-4ade-ada9-8617c4525581}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ed8a48d8-7f70-4dcd-b524-163792643281}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{f07e8107-88e2-4459-865e-665afe7dda07}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM\...\{0FCE256E-F9AA-4070-886F-7C75AED03FB5}) (Version: 10.1.19444.8378 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{8e171961-44e9-48e3-9a1e-7e05e5387200}) (Version: 10.1.19444.8378 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2351.5.48.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{56A1C2D8-CFC4-4AC5-B5F5-27B57643C069}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A5F91B87-4823-4C89-B65F-FF2157F73A64}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{B39E6B81-419D-4CC0-BBFD-A9C1401936BB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{2B2BD352-136F-4616-ACD6-AD967508F8D9}) (Version: 30.100.1914.3 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1914.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.71.99.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.71.99.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c0203f85-38d9-49b0-af1f-cc6a2096b774}) (Version: 1.71.99.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{E5FB0A2C-49A5-41B5-B5AB-249A3A05405E}) (Version: 24.6.49.8 - Intel)
Java 8 Update 431 (HKLM-x32\...\{71024AE4-039E-4CA4-87B4-2F32180431F0}) (Version: 8.0.4310.10 - Oracle Corporation)
K-Lite Codec Pack 18.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 18.5.5 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (pouze odinstalace) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes version 5.2.4.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.4.157 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.7 (x64) (HKLM\...\{3E3E3302-0CAD-4D0D-B6C0-206B30773468}) (Version: 64.28.16731 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.7 (x64) (HKLM\...\{CA4FE2DB-2E1C-453B-B8C9-960AB929E5B4}) (Version: 64.28.16731 - Microsoft Corporation) Hidden
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{641CD7B5-5711-44BC-B706-2A369CF75905}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{1FE18A4F-8E2C-49EE-8C80-F4C03C9AF81D}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.7 (x64) (HKLM\...\{F6FBF64F-D459-4F03-BF3B-C0A36A0596A2}) (Version: 64.28.16739 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.7 (x64) (HKLM-x32\...\{754bcfb5-42ac-4c12-8f12-b818943a1365}) (Version: 8.0.7.33814 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (HKLM\...\{680EDA59-9266-44B4-949E-0C24F65DFF82}) (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (HKLM-x32\...\{E3B64CC5-C011-40C0-92BC-7316CD5E5688}) (Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Philips Channel Editor (HKLM-x32\...\{0D70B4E7-5C69-4F38-B831-9437CD08AF2A}) (Version: 6.61.46 - Philips)
Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.57 - QUALCOMM Incorporated)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.154 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.115 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rostliny - Fotogalerie (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Rostliny - Fotogalerie) (Version: - )
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Ryby nasich vod (HKLM-x32\...\Ryby nasich vod) (Version: - )
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.50.0 - Samsung Electronics Co., Ltd.)
SignatureDriver (HKLM-x32\...\{A8F187A6-8C0A-42EC-AEF7-C5EADD4D8AA6}) (Version: 3.6.24 - SignoSoft)
signotec HID (HKLM\...\{C3EE487B-F804-42FE-BA97-6B4F611FE9D2}) (Version: 1.1.0 - signotec GmbH)
SixPack 2.0.20 (HKLM\...\{b7373a3b-63cf-5f3e-8049-f7c86486f3b5}) (Version: 2.0.20 - 6ti Minutovka 1.0 s.r.o.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1262 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.166 - Synaptics Incorporated)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.50.5 - TeamViewer)
Trader Workstation 10.23 (HKLM\...\5556-0173-2810-2300) (Version: (.2a) 20230615 16:54:18 - Interactive Brokers LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wacom STU Driver (HKLM-x32\...\{27d481b5-9939-4f89-ab90-3a4871c03104}) (Version: 5.4.5 - Wacom Co., Ltd.)
Wacom STU Driver (x64) (HKLM\...\{BFF3F85F-2194-4845-BCFF-B123B32F8B14}) (Version: 5.4.5 - Wacom Co., Ltd.) Hidden
Windows Device Recovery Tool 3.14.07501 (HKLM-x32\...\{453BBFB2-D227-40FB-9D87-F633C559D92B}) (Version: 3.14.07501 - Microsoft) Hidden
Windows Device Recovery Tool 3.14.07501 (HKLM-x32\...\{a8ef6d85-8556-4ab8-9e84-f935f5582d43}) (Version: 3.14.7501 - Microsoft)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)
Zoom Workplace (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\ZoomUMX) (Version: 6.2.7 (49583) - Zoom Video Communications, Inc.)
Živočichové - Fotogalerie (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Živočichové - Fotogalerie) (Version: - )
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-10] ()
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-20] (INTEL CORP) [Startup Task]
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.79.7900.0_x64__ytsefhwckbdv6 [2025-01-03] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_156.1.1125.0_x64__v10z8vjag6ke6 [2024-11-08] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6 [2025-01-08] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.44.0_x64__v10z8vjag6ke6 [2024-12-04] (HP Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-21] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-12-14] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft.HEVCVideoExtensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.2.10.0_x64__8wekyb3d8bbwe [2024-11-08] (Microsoft Corporation)
PhotoScape X -> C:\Program Files\WindowsApps\MooiiTech.PhotoScapeX_4.2.1.0_x64__f5eddttrpssna [2022-04-21] (Mooii Tech)
Wifi Analyzer and Scanner -> C:\Program Files\WindowsApps\28877WebProvider.WifiAnalyzerandScanner_1.2.1.0_x64__gdrx0g078t8zg [2024-09-24] (WebProvider)
WinRAR -> C:\Program Files\WinRAR [2022-04-17] (win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Marian\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\Users\Marian\AppData\Local\WebEx\WebEx64\Meetings\atucfobj.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2009-09-16 17:44 - 2009-09-16 17:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 10:44 - 2009-09-16 10:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\BHO\ie_to_edge_bho_64.dll => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-12-17] (HP Inc. -> HP Inc.)
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\jp2ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-12-17] (HP Inc. -> HP Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Marian\AppData\Local\Temp\F5_TMP_801632291624919730141\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Marian\AppData\Local\Temp\F5_TMP_18317310420318416713435\InstallerControl.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Marian\AppData\Local\Temp\F5_TMP_25319668465813376103\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Marian\AppData\Local\Temp\F5_TMP_907516410818675373\urxhost.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\mfcr.cz -> mfcr.cz
IE trusted site: HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\rsts.cz -> hxxps://vpn1.rsts.cz
IE trusted site: HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\sharepoint.com -> hxxps://szsopava-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-09-21 10:45 - 2024-02-26 07:06 - 000001414 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 local.signotecwebsocket.de # signotec WebSocket Pad Server127.0.0.1 license.piriform.com
127.0.0.1 www.license.piriform.com
127.0.0.1 speccy.piriform.com
127.0.0.1 www.speccy.piriform.com
127.0.0.1 recuva.piriform.com
127.0.0.1 www.recuva.piriform.com
127.0.0.1 defraggler.piriform.com
127.0.0.1 www.defraggler.piriform.com
127.0.0.1 ccleaner.piriform.com
127.0.0.1 www.ccleaner.piriform.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\SignatureDriver\dll\wacom;C:\SignatureDriver\dll\hanvon;C:\SignatureDriver\dll\signotec;C:\Program Files\dotnet\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Marian\Downloads\2560x1600-Wallpaper-TGW.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Realtek RTL8822BE 802.11ac PCIe Adapter -> rtwlane.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "StartDriver.lnk"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "NokiaSuite.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4767C015-C727-4E8B-9748-95FA8D67FFC7}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D1FC14FD-226D-4AB3-A13F-5E2270650DD5}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{D0F24173-A50B-4050-9A45-94FD7EF3D22E}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F1B44328-DFF7-4BFE-9BDB-EAB5A0FB5232}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7A971262-8587-4AC5-933B-161996CBC5DB}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B73AC251-47A4-46E2-8201-64C10892924D}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [UDP Query User{02A646D5-7754-449E-8771-CC94D2D5505A}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E7D4F65B-9339-4177-80A9-64700D694EC1}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [{130725D3-DCC9-4D03-97CB-AFB58E64EEA8}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{409384FA-64D1-4A50-9572-6629EAECC165}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{734ECA72-F45F-48D1-BF4E-DDB4E17EC563}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{985E426F-C3FB-4E81-8D41-AAD13FFD0332}C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe] => (Allow) C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe
FirewallRules: [TCP Query User{7EAB67A5-A420-4E0C-B17F-38CBC23E8504}C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe] => (Allow) C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe
FirewallRules: [{906432A5-122F-478C-BC50-806E1662184D}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{F5732DE0-6379-4F93-B6C2-CA42AF23D666}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B1123F75-85A4-4D1A-82BB-339D482C4D92}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3268B5CF-9212-4D7F-A16D-33B2779A12D1}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{15DFCF0F-A5C5-490B-A49E-252FC2219EBF}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [{AA01A3DD-7B50-4917-919E-4730B2640FFA}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B5D0296E-848B-453B-8BD8-330F2C3F24FD}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{40E9B272-413C-4C95-8F03-B2589C62AE94}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{E6C235D3-6BB0-4EF9-B279-BEE7B4F42BD6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{7AF64807-F788-4030-811C-760F47EAD71D}] => (Allow) C:\SignatureDriver\driver\bin\tomcat8.exe (The Apache Software Foundation -> Apache Software Foundation)
FirewallRules: [{C6EE49A1-654E-4196-8B42-CFB56BB4680B}] => (Allow) C:\SignatureDriver\Java\jdk1.8.0_181\jre\bin\java.exe
FirewallRules: [TCP Query User{C6C71762-2B51-4D85-B1F5-E915489B21C9}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F6F3CAD5-EF4F-4909-8184-2AD5475596ED}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B80B2FEB-00EE-4A5A-BA11-7F987735978D}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{4EE62843-1342-4F2D-931B-984423683161}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2F7A3DFF-291C-47D5-9EAD-107E46105CD4}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FEBB1EA9-2D9C-4CDA-A47C-AAD0CB1A3FD1}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [TCP Query User{882CD998-AE9F-45C2-A4DB-E6327A61BC3A}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8427AA98-5BBA-4106-B2E0-CB3801F7CCB0}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [{66373BC4-A1E6-4EE1-BC9F-5CD2F522ED45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{791DFB43-9163-4F73-B573-D55D0B452230}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F0EEFCCC-C47A-407C-BE5B-6A3A3A367EC8}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{19AD830C-1746-430A-AAA9-857722E58671}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [TCP Query User{99BC3592-FD4A-4A75-BD7A-C3D276BCF221}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B7F86751-9519-440C-BB9F-B513DA2D616B}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [{5D206B62-3C7F-4077-B754-946FEAFD97A2}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C9083D78-1302-49E5-AC79-93EC61040EEC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB99ECB7-874A-4EF0-8D76-759CFEBF10EA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DB7FABFB-77F8-4B10-B498-F9DDE312B478}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E878E7FF-EE9A-487E-BEA5-9C36FB85F3D6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{47E7F3D6-A40D-4DAE-B7BA-940952FDE1AC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B09574E-BB1E-4758-9F90-27AFAB7262EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E31C15DF-67AA-4953-8F7B-BD17EC70F20D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{54C00AA3-9C25-4168-BE8B-CE01F9F45BFB}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [UDP Query User{10DF8D2A-831D-4EE2-B58A-6F5C9BA49FD6}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [{B8064EB6-0169-4E82-9EC5-8CD8E0B9681C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EAAD3CED-3807-456E-8C1D-EE60B9428DC4}C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [UDP Query User{CD2D1414-A290-45ED-9C11-8963F8DBA90E}C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [{9AB20BEE-02AE-4B4E-9A9C-0E0506429507}] => (Block) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [{C3758001-0B0F-4D4F-9DC3-2AC3709AEAE6}] => (Block) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [{A60D8661-66C4-46E5-BF80-89C1829A183B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3ADE446D-268F-474B-8F30-A6F8F521692E}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [TCP Query User{F20F5B5C-A980-4EF2-81EF-11563BBC2510}C:\jts\1023\tws.exe] => (Allow) C:\jts\1023\tws.exe (Interactive Brokers Group, Inc. -> Interactive Brokers LLC)
FirewallRules: [UDP Query User{0B9DD36F-E98C-4F60-BB82-CEA0F5360BC0}C:\jts\1023\tws.exe] => (Allow) C:\jts\1023\tws.exe (Interactive Brokers Group, Inc. -> Interactive Brokers LLC)
FirewallRules: [{E77432F4-809D-4BCA-AACD-69CB5C29017F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:117.75 GB) (Free:24.25 GB) (21%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/10/2025 01:10:58 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službě Windows Search se nepodařilo zpracovat seznam zahrnutých a vyloučených umístění, a to s chybou <30, 0x80040d07, iehistory://{S-1-5-21-3576560084-3732143217-555266759-1003}/>.
Error: (01/08/2025 10:20:25 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: bad_module_info, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x0xa48
Čas spuštění chybující aplikace: 0x0x1db61c94f71e5bd
Cesta k chybující aplikaci: bad_module_info
Cesta k chybujícímu modulu: unknown
ID zprávy: 688b668d-76e8-4814-9cb9-28e29d2d5543
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/07/2025 10:21:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]
Error: (01/07/2025 10:21:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: HotKeyServiceUWP.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: kód výjimky c0000005, adresa výjimky 00007FF705B4E713
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]
System errors:
=============
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba SAS Core Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Graphics Command Center Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Driver & Support Assistant byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SAMSUNG Mobile Connectivity Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba fpCsEvtSvc byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP LAN/WLAN/WWAN Switching UWP Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Management Engine WMI Provider Registration byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
================
Date: 2025-01-09 17:33:26
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CA043B75-AF44-4D77-A807-D5F6BBB67615}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-08 21:49:11
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FE7D1BEE-9594-4F12-ADA4-E20FA159D04D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-08 18:53:33
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F2F4552E-9A1B-4DF6-81A0-7D26DCD1221D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:09:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {663F5B46-F565-4387-9091-0FB63AF52210}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-31 20:46:11
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {971A445A-B32D-4148-9B6D-E054BD36694A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
CodeIntegrity:
===============
Date: 2025-01-10 15:07:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_dca7f3f6531ce13b\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2025-01-10 15:04:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2025-01-10 15:03:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-01-10 15:00:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: HP Q85 Ver. 01.30.00 11/20/2024
Motherboard: HP 837D
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 8051.21 MB
Available physical RAM: 4225.87 MB
Total Virtual: 16243.21 MB
Available Virtual: 12201.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.75 GB) (Free:24.25 GB) (Model: SAMSUNG MZNLN128HAHQ-000H1) NTFS
Drive d: (Data) (Fixed) (Total:540.87 GB) (Free:67.48 GB) (Model: TOSHIBA MQ04ABF100) NTFS
Drive e: (Záloha) (Fixed) (Total:146.48 GB) (Free:89.89 GB) (Model: TOSHIBA MQ04ABF100) NTFS
Drive f: (Práce) (Fixed) (Total:244.14 GB) (Free:117.29 GB) (Model: TOSHIBA MQ04ABF100) NTFS
\\?\Volume{d647cabe-9562-4e94-9d5b-06f19d260716}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{5ea6e0dc-bc8a-4565-a1d3-eda63eba9217}\ () (Fixed) (Total:0.94 GB) (Free:0.1 GB) NTFS
\\?\Volume{ba868bab-2fc7-486f-b009-b744ef3d09e9}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 086340C5)
Partition: GPT.
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 0863A0C6)
Partition: GPT.
==================== End of Addition.txt =======================
Ran by Marian (administrator) on DESKTOP-5D375SL (HP HP ProBook 450 G5) (10-01-2025 17:52:31)
Running from D:\Programy\Malware\FRST64.exe
Loaded Profiles: Marian
Platform: Microsoft Windows 11 Pro Version 23H2 22631.4602 (X64) Language: Čeština (Česko)
Default browser: "C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (RealDefense LLC -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.220.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318112 2017-11-15] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752216 2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11699224 2024-12-03] (RealDefense LLC -> SUPERAntiSpyware)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [24071312 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [CiscoMeetingDaemon] => C:\Users\Marian\AppData\Local\WebEx\WebexHost.exe [8077920 2023-07-13] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45381424 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {b04efcab-53bc-11ed-bc94-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d0d56b69-23c0-11ef-bcee-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d3a10da5-1adc-11ed-bc77-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\131.0.6778.265\Installer\chrmstp.exe [2025-01-10] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9459C573-B17A-45AE-9F64-1857B5D58CEE}] -> "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\Installer\chrmstp.exe [2025-01-02] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Poslat do aplikace OneNote.lnk [2023-11-10]
ShortcutTarget: Poslat do aplikace OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartDriver.lnk [2022-10-20]
ShortcutTarget: StartDriver.lnk -> C:\SignatureDriver\driver\bin\runSilent.vbs () [File not signed]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {A0791F63-932B-44D2-8FCC-B9BDF2221727} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {CE1510DA-E82C-4919-A5B0-12BA6B9F33FB} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {CF9E9FEF-2178-45C3-A091-BF9B69B4326A} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [3271064 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {4E51B2E6-E526-4289-A0D6-46EF44BC8CD4} - System32\Tasks\AvastBrowserProtectS-1-5-21-3576560084-3732143217-555266759-1003 => C:\Program Files\AVAST Software\Browser\Application\AvastBrowserProtect.exe [1690008 2024-04-16] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {746E8D89-FBF6-4C56-8166-984CBFB8A98E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {5F103CB1-687B-4C6B-86A5-5F2C4CBBF7AB} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {EE8A92D0-64A0-47AF-99D3-790F4237FB7B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [829408 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {6F96F2AD-3277-483E-964D-3854B7D5CCC9} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "0d00bd21-a1ed-49e1-b2f7-79b721e2360f" --version "6.31.11415" --silent
Task: {89B2DD93-5600-4D8D-8F6D-885DBBEFDAE3} - System32\Tasks\CCleanerSkipUAC - Marian => C:\Program Files\CCleaner\CCleaner.exe [39151920 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
Task: {AA95F125-7361-412E-B4BE-FADF4A209D37} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5575576 2024-12-10] (Microsoft Windows -> Microsoft Corporation)
Task: {ADB9EBEF-A43E-42D5-A5D2-4A567729D0ED} - System32\Tasks\G2MUpdateTask-S-1-5-21-3576560084-3732143217-555266759-1003 => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {88F592A1-D371-49E8-82DC-C506DF89DDBB} - System32\Tasks\G2MUploadTask-S-1-5-21-3576560084-3732143217-555266759-1003 => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-20] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {ABE8D5F4-44EC-47F5-9B27-752C105F71B6} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{795E2FB3-CBFE-4BFF-A2ED-D35E677E1984} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {E43F7235-230B-4F11-AFC4-EC210EB0F987} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [1003528 2024-12-17] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {3C0351B5-51BF-48AC-A2D2-10C9D45E1211} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [479984 2024-12-17] (HP Inc. -> HP Inc.)
Task: {F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => "C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe" (No File)
Task: {6FED9C97-1CF7-4B15-ACFC-CC8E9CB490F2} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-11-08] (HP Inc. -> HP Inc.)
Task: {5B485602-6806-41BE-8ADC-9192E86A5DB2} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-11-08] (HP Inc. -> HP Inc.)
Task: {8A44C216-1D43-4A0D-9131-A3083CE64FB2} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002480 2023-02-21] (Intel Corporation -> Intel Corporation)
Task: {4AA440B8-FED5-4B96-B82F-AD18E08550B0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [5002480 2023-02-21] (Intel Corporation -> Intel Corporation)
Task: {0AEF898D-9B9D-4ED5-A41A-1468C2962EA3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {BEF9D0D4-006D-4732-9479-36A14645F17A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2118144 2024-09-02] () [File not signed]
Task: {D1713CEF-F680-43EA-AC8C-E656A67A9354} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BC9E62C-A633-42D5-95E8-F7DA0E852633} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A1821E1-6084-4ED5-9794-EEF44238DDE1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {468437BD-1C74-4FAE-B707-66D225373FF3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222352 2024-12-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C0E3887-906E-4B61-8FDA-EB1E4E39CB86} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2938448 2020-07-02] (Conexant Systems LLC -> Conexant)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {0D089A66-CE07-4A68-8D4D-41FEB114E5B2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File)
Task: {94C690A0-2B27-4D04-9ED0-3CA29BEFD73D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {7CADEA4A-9631-4513-88B5-1EC748587B97} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {3A03AAED-A183-4D7C-B6F9-A75AC6851FA1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {24334E5D-242C-414F-B7FB-09076F286F51} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D890ACC1-81C4-4E6D-9401-EEB32D8DC6F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AFED3FB3-6C18-4AE8-8682-D9ABA03380AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {40C32493-1E93-4184-9A82-64A341CC373B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (No File)
Task: {F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (No File)
Task: {915D70AD-0424-4AAC-8E2E-DC57B99DE54A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (No File)
Task: {6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6} - System32\Tasks\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (No File)
Task: {1B88E2D8-4A82-47F3-B1E9-2516ADA50A63} - System32\Tasks\Sump Task (One-Time) => "C:\Program Files (x86)\IObit\Advanced SystemCare\sump.exe" -> C:\Program Files (x86)\IObit\Advanced SystemCare\\/sup2
Task: {AF65B719-5FAB-4472-AE9D-D975D0BC268B} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-3576560084-3732143217-555266759-1003 => C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe [435000 2024-11-26] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3576560084-3732143217-555266759-1003.job => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3576560084-3732143217-555266759-1003.job => C:\Users\Marian\AppData\Local\GoToMeeting\19992\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d25a711a-c14b-4f9d-a76f-621ffe89f0ae}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\0756E647160266275656: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\0756E647160266275656: [DhcpNameServer] 172.31.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373F574: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\7696761636572656D2533433532373F574: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D223232354: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D223232354: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D254345464: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\845514755494D224331303D254345464: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B416079647F6C6F577966696: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B416079647F6C6F577966696: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B4F4D4A5143494: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\B4F4D4A5143494: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\D485D284F4D45473637353: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{dba3c69a-cbe4-4be2-9c86-aeb3ad70ec6f}\D485D284F4D45473637353: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-10]
Edge DownloadDir: Default -> C:\Users\Marian\Downloads
Edge Notifications: Default -> hxxps://webmail.kapitol.cz
Edge Extension: (Ultimate Video Downloader) - C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ajhiojdgfpacghbbefjjnomoihpljhai [2020-12-29]
Edge Extension: (Dokumenty Google offline) - C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-21]
Edge Extension: (Edge relevant text changes) - C:\Users\Marian\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-27]
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2019-01-16] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.431.2 -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\dtplugin\npDeployJava1.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.431.2 -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\plugin2\npjp2.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2019-01-16] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1697.6\npAvastBrowserUpdate3.dll [2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default [2025-01-10]
CHR DownloadDir: D:\
CHR Notifications: Default -> hxxps://39.cpnotesz.com; hxxps://9xbuddy.xyz; hxxps://a.mp3pro.xyz; hxxps://calendar.google.com; hxxps://captchamodern.top; hxxps://freecaptcha.top; hxxps://leonsitheckrew.info; hxxps://teams.microsoft.com; hxxps://webmail.kapitol.cz; hxxps://www.fyzioklinika.cz; hxxps://www.grizly.cz; hxxps://www.hamty.cz; hxxps://www.kupi.cz; hxxps://www.sevt.cz; hxxps://www.tradingview.com
CHR StartupUrls: Default -> "chrome://newtab/"
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-20]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-12-11]
CHR Extension: (I don't care about cookies) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2024-06-30]
CHR Extension: (Hamty.cz doplněk) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gccfnphpieojibjmnodiiobdapckkkfb [2024-09-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2024-12-13]
CHR Extension: (HLS Downloader) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkbifmjmkohpemgdkknlbgmnpocooogp [2024-11-30]
CHR Extension: (Převod řeči na text) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2023-03-07]
CHR Extension: (Live Stream Downloader) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2025-01-05]
CHR Extension: (Video Downloader HD) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcbiamenoghegpghidohnfegcepamdm [2024-12-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Vimeo™ Video Downloader Pro) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\penndbmahnpapepljikkjmakcobdahne [2024-12-27]
CHR Profile: C:\Users\Marian\AppData\Local\Google\Chrome\User Data\System Profile [2025-01-10]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKU\S-1-5-21-3576560084-3732143217-555266759-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [231456 2024-09-20] (RealDefense LLC -> SUPERAntiSpyware.com)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [192664 2024-12-30] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\131.0.27760.140\elevation_service.exe [1910616 2024-12-13] (Avast Software s.r.o. -> Gen Digital Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1087792 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
S2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [81408 2021-08-25] (Conexant Systems LLC.) [File not signed]
S2 CxUtilSvc; C:\WINDOWS\CxSvc\CxUtilSvc.exe [173880 2021-08-25] (Synaptics Incorporated -> Conexant Systems LLC.)
S2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [47000 2024-11-25] (Intel Corporation -> Intel)
S2 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [330136 2024-11-25] (Intel Corporation -> Intel)
S2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [23912 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HotKeyServiceUWP.exe [1510464 2024-10-28] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [887904 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPAudioAnalytics; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\HPAudioAnalytics.exe [516184 2024-10-28] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [886368 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [882296 2024-12-17] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2024-11-08] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-28] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [887392 2024-12-17] (HP Inc. -> HP Inc.)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_b8c54d887660aa14\LanWlanWwanSwitchingServiceUWP.exe [605280 2024-10-28] (HP Inc. -> HP Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 qcmtusvc; C:\Program Files (x86)\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe [129024 2019-01-02] (QUALCOMM, Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-11-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2021-11-25] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2021-11-25] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [21007160 2024-01-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S2 valWBFPolicyService; C:\WINDOWS\System32\valWBFPolicyService.exe [92520 2018-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveVpnWireguardService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\121.1.62.162\BraveVpnWireguardService\brave_vpn_wireguard_service.exe" [X]
S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-10-04] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-10-04] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [File not signed]
S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [135136 2022-01-14] (Cypress Semiconductor Corporation -> Cypress Semiconductor)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-01-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl871e07a9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2A51A90E-97AB-4FAA-AC32-CC30409E016D}\MpKslDrv.sys [267552 2025-01-10] (Microsoft Windows -> Microsoft Corporation)
S3 prwntdrv; C:\WINDOWS\system32\prwntdrv.sys [18528 2014-10-23] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [23072 2024-09-20] (RealDefense LLC -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [57344 2022-05-07] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [81920 2022-10-04] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-10 17:10 - 2025-01-10 17:17 - 000000000 ____D C:\AdwCleaner
2025-01-10 17:08 - 2025-01-10 17:08 - 008790880 _____ (Malwarebytes) C:\Users\Marian\Desktop\AdwCleaner.exe
2025-01-10 15:10 - 2025-01-10 17:52 - 000000000 ____D C:\FRST
2025-01-10 14:53 - 2025-01-10 14:53 - 000728484 _____ C:\WINDOWS\system32\perfh005.dat
2025-01-10 14:53 - 2025-01-10 14:53 - 000151700 _____ C:\WINDOWS\system32\perfc005.dat
2025-01-10 14:52 - 2025-01-10 15:06 - 000000000 ____D C:\Users\Marian\AppData\Local\Malwarebytes
2025-01-10 14:52 - 2025-01-10 14:52 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-01-10 14:52 - 2025-01-10 14:52 - 000002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-01-10 14:52 - 2025-01-10 14:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-01-10 14:52 - 2025-01-10 14:52 - 000000000 ____D C:\Program Files\Malwarebytes
2025-01-10 13:12 - 2025-01-10 14:46 - 000000000 ____D C:\KVRT2020_Data
2025-01-10 07:02 - 2025-01-10 07:02 - 000000624 _____ C:\Users\Marian\Desktop\po.txt
2025-01-08 13:29 - 2025-01-08 13:29 - 000000000 ____D C:\ProgramData\A16PP890HDJM
2025-01-08 13:26 - 2025-01-08 13:26 - 000000000 ____D C:\ProgramData\ZCTRQ9R1VKF3
2025-01-08 13:20 - 2025-01-08 13:20 - 000000000 ____D C:\Users\Marian\Nová složka
2025-01-03 16:53 - 2025-01-03 16:53 - 000001626 _____ C:\Users\Public\Desktop\Trader Workstation 10.23.lnk
2025-01-03 16:53 - 2025-01-03 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trader Workstation 10.23
2025-01-03 07:54 - 2025-01-03 07:54 - 000000000 ____D C:\ProgramData\Piriform
2025-01-03 07:53 - 2025-01-10 13:09 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2025-01-03 07:53 - 2025-01-10 13:09 - 000000000 ____D C:\Program Files\CCleaner
2025-01-03 07:53 - 2025-01-03 13:31 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-01-03 07:53 - 2025-01-03 07:53 - 000003380 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-01-03 07:53 - 2025-01-03 07:53 - 000002908 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Marian
2025-01-03 07:53 - 2025-01-03 07:53 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2025-01-03 07:53 - 2025-01-03 07:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2025-01-01 09:48 - 2025-01-01 17:21 - 000289055 _____ C:\Users\Marian\Downloads\U15219304_20240101_20241231.xlsx
2025-01-01 09:44 - 2025-01-01 09:47 - 000500273 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231.csv
2025-01-01 09:43 - 2025-01-01 09:43 - 000378455 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231.xlsx
2025-01-01 08:43 - 2025-01-01 08:43 - 000496834 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231_AS_Fv2_6971e3f28f0c5ce5ddbab992bda40d4a.xlsx
2025-01-01 08:29 - 2025-01-01 08:29 - 001691694 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231_AS_Fv2_a18bed456a79d4efea2ee1c0861a5d2b.pdf
2025-01-01 08:29 - 2025-01-01 08:29 - 000926765 _____ C:\Users\Marian\Downloads\U15219304_U15219304_20240101_20241231_AS_Fv2_6971e3f28f0c5ce5ddbab992bda40d4a.csv
2024-12-30 22:39 - 2025-01-02 21:24 - 000002421 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2024-12-22 21:09 - 2024-12-02 14:12 - 000710000 _____ (Intel) C:\WINDOWS\system32\libvpl.dll
2024-12-22 21:09 - 2024-12-02 14:12 - 000604656 _____ (Intel) C:\WINDOWS\SysWOW64\libvpl.dll
2024-12-22 21:09 - 2024-12-02 14:11 - 000945520 _____ (Intel Corporation) C:\WINDOWS\system32\libmfxhw64.dll
2024-12-22 21:09 - 2024-12-02 14:11 - 000708432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\libmfxhw32.dll
2024-12-22 21:09 - 2024-12-02 14:10 - 000594304 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2024-12-22 21:09 - 2024-12-02 14:10 - 000455856 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001972544 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001972544 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001529176 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001529176 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-12-22 21:09 - 2024-12-02 14:07 - 001437016 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001437016 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001150272 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 001150272 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 000495424 _____ C:\WINDOWS\system32\ze_tracing_layer.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 000401216 _____ C:\WINDOWS\system32\ze_loader.dll
2024-12-22 21:09 - 2024-12-02 14:07 - 000162112 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2024-12-22 21:09 - 2024-12-02 14:06 - 027966784 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2024-12-22 21:09 - 2024-12-02 14:06 - 020690752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2024-12-17 13:49 - 2025-01-03 16:50 - 000000000 ____D C:\Jts
2024-12-17 13:39 - 2024-12-17 13:44 - 172064424 _____ (Interactive Brokers LLC) C:\Users\Marian\Downloads\tws40_install_10.23.2a.exe
2024-12-17 13:14 - 2024-12-17 13:14 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3576560084-3732143217-555266759-1003
2024-12-17 13:14 - 2024-12-17 13:14 - 000002380 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-14 09:29 - 2024-12-14 09:29 - 000491435 _____ C:\Users\Marian\Downloads\Vankova_KNZ_KOL_5051266511_smlouvaPnd_241214_092935.pdf
2024-12-14 08:53 - 2024-12-14 08:53 - 000543985 _____ C:\Users\Marian\Downloads\eDoklady_Manuál použití v KNZ.pdf
2024-12-14 08:47 - 2024-12-14 08:47 - 000351990 _____ C:\Users\Marian\Downloads\Záznam z jednání - Vanková Vojtěška - 20. 10. 2024.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-10 17:17 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-10 17:17 - 2022-01-14 18:20 - 000000000 ____D C:\Users\Marian\AppData\Roaming\IObit
2025-01-10 17:17 - 2022-01-14 18:20 - 000000000 ____D C:\ProgramData\IObit
2025-01-10 15:17 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-01-10 14:53 - 2022-10-04 09:13 - 001718246 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-01-10 14:53 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2025-01-10 14:52 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-01-10 14:48 - 2023-05-30 12:43 - 000000000 ____D C:\Program Files\TeamViewer
2025-01-10 14:48 - 2022-10-04 09:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-01-10 14:48 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2025-01-10 14:48 - 2018-08-23 11:42 - 000000000 __SHD C:\Users\Marian\IntelGraphicsProfiles
2025-01-10 14:48 - 2018-08-20 10:33 - 000000000 ____D C:\ProgramData\Synaptics
2025-01-10 14:48 - 2018-08-20 10:33 - 000000000 ____D C:\Intel
2025-01-10 14:47 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-01-10 13:53 - 2022-10-04 09:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-01-10 13:11 - 2024-09-24 05:44 - 000000000 ____D C:\Users\Marian\AppData\Roaming\MPC-HC
2025-01-10 13:09 - 2024-10-28 16:40 - 000000000 ____D C:\Program Files (x86)\IObit
2025-01-10 13:07 - 2018-08-23 18:55 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-01-10 06:55 - 2024-11-05 14:00 - 000002554 _____ C:\WINDOWS\SysWOW64\pubfreeware.ini
2025-01-10 06:51 - 2020-06-08 09:16 - 000001379 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-01-10 06:49 - 2020-06-08 09:16 - 000001273 _____ C:\Users\Marian\Desktop\ESET Online Scanner.lnk
2025-01-09 17:32 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2025-01-09 17:32 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-01-09 17:08 - 2018-08-23 11:42 - 000000000 ____D C:\Users\Marian\AppData\Local\Packages
2025-01-09 12:44 - 2024-10-28 16:41 - 000000000 ____D C:\ProgramData\ProductData3
2025-01-09 07:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-01-09 07:05 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-01-09 07:04 - 2018-08-25 08:07 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Word
2025-01-08 13:20 - 2022-10-04 08:41 - 000000000 ____D C:\Users\Marian
2025-01-08 07:20 - 2018-08-25 08:23 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Excel
2025-01-04 08:27 - 2020-06-09 16:57 - 000000000 ____D C:\Program Files\Recuva
2025-01-03 20:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-01-03 16:21 - 2018-08-23 12:52 - 000000000 ____D C:\Users\Marian\AppData\Local\D3DSCache
2025-01-02 21:27 - 2018-08-23 11:42 - 000000000 ____D C:\Users\Marian\AppData\Local\MicrosoftEdge
2025-01-02 21:24 - 2023-11-27 18:27 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2024-12-30 22:32 - 2023-11-27 18:27 - 000003510 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineUA
2024-12-30 22:32 - 2023-11-27 18:27 - 000003386 _____ C:\WINDOWS\system32\Tasks\AvastUpdateTaskMachineCore
2024-12-22 21:17 - 2018-08-20 10:33 - 000000000 ____D C:\Program Files\Intel
2024-12-22 21:09 - 2018-08-20 11:29 - 000000000 ____D C:\ProgramData\Package Cache
2024-12-21 18:38 - 2018-08-25 08:07 - 000000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Office
2024-12-21 18:05 - 2022-10-04 09:10 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 18:05 - 2022-10-04 09:10 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 22:23 - 2022-10-04 09:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2024-12-20 22:18 - 2022-01-14 18:30 - 000000000 ____D C:\SWSetup
2024-12-20 22:05 - 2019-02-05 11:37 - 000000000 ____D C:\Users\Marian\AppData\Local\HP
2024-12-20 21:18 - 2021-06-29 08:36 - 000000000 ____D C:\Program Files\HP
2024-12-20 13:07 - 2018-08-23 11:43 - 000000000 ____D C:\Users\Marian\AppData\Roaming\hpqLog
2024-12-17 13:14 - 2022-10-04 09:10 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3576560084-3732143217-555266759-1003
2024-12-14 10:54 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-12-13 21:58 - 2018-08-25 07:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
==================== Files in the root of some directories ========
2019-01-06 18:20 - 2019-01-06 18:20 - 000000001 _____ () C:\Users\Marian\AppData\Local\llftool.4.40.agreement
2018-08-23 14:01 - 2018-08-23 14:01 - 000007605 _____ () C:\Users\Marian\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2025 02
Ran by Marian (10-01-2025 17:53:42)
Running from D:\Programy\Malware
Microsoft Windows 11 Pro Version 23H2 22631.4602 (X64) (2022-10-04 08:11:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3576560084-3732143217-555266759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3576560084-3732143217-555266759-503 - Limited - Disabled)
Guest (S-1-5-21-3576560084-3732143217-555266759-501 - Limited - Disabled)
Marian (S-1-5-21-3576560084-3732143217-555266759-1003 - Administrator - Enabled) => C:\Users\Marian
WDAGUtilityAccount (S-1-5-21-3576560084-3732143217-555266759-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ADB AppControl verze 1.8.3 (HKLM-x32\...\{64A8B963-4FB2-49B5-B2B1-35A333497319}_is1) (Version: 1.8.3 - Cyber.Cat)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1697.6 - AVAST Software) Hidden
Avidemux VC++ 64bits (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\{f9f3df0b-b58e-4d21-b4fd-e5c4915cad0b}) (Version: 2.7.5 - Mean)
Balíček ovladače systému Windows - Microsoft USBDevice (02/19/2016 1.0.0.0) (HKLM\...\01D4AA89568B59E5941907D403E3B682EE413AB7) (Version: 02/19/2016 1.0.0.0 - Microsoft)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 72.2023.1006.0843 - F5 Networks, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.31 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\ActiveTouchMeetingClient) (Version: 42.3.1 - Cisco Webex LLC)
Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.278.150 - Conexant)
EaseUS Partition Recovery 8.5 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version: - EaseUS)
Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft)
ePodpisFS-x86 (HKLM-x32\...\{A3B9DFF0-4BC3-4578-9BB8-AAA16B26E65F}_is1) (Version: 13.0.0.0 - )
FFU Loader Driver 1.0.0 (HKLM-x32\...\{7209d085-ed88-4a08-beb2-c49db2b9e838}) (Version: 1.0.0 - Microsoft)
FFU Loader Driver 1.0.0 (HKLM-x32\...\{CA839C49-B3D1-4EA6-BB8A-21937B808771}) (Version: 1.0.0 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 131.0.6778.265 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
HP LaserJet Pro MFP M125-M126 (HKLM-x32\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 15.0.15310.1316 - Hewlett-Packard)
HP LJ M125126 Scan HP Scan (HKLM-x32\...\{F84EA1B1-5184-4145-B6E6-5E5D33D85FE4}) (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{3EC04ABB-D60E-44B6-9403-0D9DE44F56D9}) (Version: 1.6.0.0 - HP Inc.)
HP Product FWUpdater (HKLM-x32\...\{5A11EF83-9E0A-4B5C-8D2F-1FF9551A5E8C}) (Version: 4.0.0.8895 - Hewlett-Packard Company) Hidden
HP Unified IO (HKLM\...\{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}) (Version: 2.0.0.434 - HP) Hidden
HP Unified IO (HKLM-x32\...\{F1390872-2500-4408-A46C-CD16C960C661}) (Version: 2.0.0.434 - HP) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{E2412D7F-3FB3-4638-819A-953908EA116E}) (Version: 24.6.49.8 - Intel) Hidden
Intel GFX Driver (HKLM-x32\...\{ca0ebadf-f7bd-4e32-9fec-e19a5d68c724}) (Version: 1.0.0.0 - Intel) Hidden
Intel(R) Arc Software & Drivers (HKLM\...\Intel(R) Arc Software & Drivers) (Version: 1.0.993.6 - Intel(R) Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{318C30A1-C7AF-414E-890F-6345E6E0FD33}) (Version: 2.4.09084 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.5.10103.7263 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{0703311b-31d5-4c17-9668-c48dee4b7749}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{0fdd3c9a-20e1-444d-8d00-8c413c83f824}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{1fe0084f-3e2b-4ba9-a4a6-c33f56e7f886}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{2aeceede-4a87-4cd8-b518-7a3598cf47be}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{34663e82-6c5e-4b48-b1b1-fee1881dc39b}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{34989299-2d34-4a1b-baa2-4de4fafbb4d0}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{56b89a97-2659-4931-bffa-4b136a521eb1}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7cd4cd84-8203-4ef3-92b4-ed60c8210241}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{7e58df71-ff1c-43fd-a618-5511b76c0dd9}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{8850e5d7-7f46-4a65-8f61-90533664733c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{899f8bb6-99cd-4f33-a004-c70d9ec22260}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{9454a0e6-0762-48ec-b153-2a75b252d1fb}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{a3052cfa-e19e-4092-a8e5-264f6d84442c}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ab620838-f172-44a7-88ea-614e2c134043}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{b4e016a7-e963-49d7-9b66-4d635026af31}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{c49f9463-8ca3-4422-82b0-c06c7a9640ed}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ccb72772-9926-4b3e-9fff-7ab001bffac6}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{d8ebe554-4504-4ade-ada9-8617c4525581}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{ed8a48d8-7f70-4dcd-b524-163792643281}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{f07e8107-88e2-4459-865e-665afe7dda07}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM\...\{0FCE256E-F9AA-4070-886F-7C75AED03FB5}) (Version: 10.1.19444.8378 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{8e171961-44e9-48e3-9a1e-7e05e5387200}) (Version: 10.1.19444.8378 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2351.5.48.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{56A1C2D8-CFC4-4AC5-B5F5-27B57643C069}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{A5F91B87-4823-4C89-B65F-FF2157F73A64}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{B39E6B81-419D-4CC0-BBFD-A9C1401936BB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{2B2BD352-136F-4616-ACD6-AD967508F8D9}) (Version: 30.100.1914.3 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1914.3 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.71.99.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.71.99.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c0203f85-38d9-49b0-af1f-cc6a2096b774}) (Version: 1.71.99.0 - Intel Corporation) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{E5FB0A2C-49A5-41B5-B5AB-249A3A05405E}) (Version: 24.6.49.8 - Intel)
Java 8 Update 431 (HKLM-x32\...\{71024AE4-039E-4CA4-87B4-2F32180431F0}) (Version: 8.0.4310.10 - Oracle Corporation)
K-Lite Codec Pack 18.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 18.5.5 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (pouze odinstalace) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes version 5.2.4.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.4.157 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x64) (HKLM\...\{8A8E3A04-83BC-4CDE-9259-893B666C1AB1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x64) (HKLM\...\{ABC6B3C2-1A8D-4C5E-AC16-C2AE44F02743}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM\...\{A741B803-3F0E-4684-81EF-FC128D15A92C}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x64) (HKLM-x32\...\{784973c8-d618-4ac8-97ed-1fd52c5bdf2f}) (Version: 3.1.32.31915 - Microsoft Corporation)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.7 (x64) (HKLM\...\{3E3E3302-0CAD-4D0D-B6C0-206B30773468}) (Version: 64.28.16731 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.7 (x64) (HKLM\...\{CA4FE2DB-2E1C-453B-B8C9-960AB929E5B4}) (Version: 64.28.16731 - Microsoft Corporation) Hidden
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{641CD7B5-5711-44BC-B706-2A369CF75905}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{1FE18A4F-8E2C-49EE-8C80-F4C03C9AF81D}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.7 (x64) (HKLM\...\{F6FBF64F-D459-4F03-BF3B-C0A36A0596A2}) (Version: 64.28.16739 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.7 (x64) (HKLM-x32\...\{754bcfb5-42ac-4c12-8f12-b818943a1365}) (Version: 8.0.7.33814 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (HKLM\...\{680EDA59-9266-44B4-949E-0C24F65DFF82}) (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (HKLM-x32\...\{E3B64CC5-C011-40C0-92BC-7316CD5E5688}) (Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Philips Channel Editor (HKLM-x32\...\{0D70B4E7-5C69-4F38-B831-9437CD08AF2A}) (Version: 6.61.46 - Philips)
Qualcomm USB Drivers For Windows (HKLM-x32\...\{D9FB7F91-9687-4B09-894D-072903CADEA4}) (Version: 1.00.57 - QUALCOMM Incorporated)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.154 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.115 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rostliny - Fotogalerie (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Rostliny - Fotogalerie) (Version: - )
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Ryby nasich vod (HKLM-x32\...\Ryby nasich vod) (Version: - )
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.50.0 - Samsung Electronics Co., Ltd.)
SignatureDriver (HKLM-x32\...\{A8F187A6-8C0A-42EC-AEF7-C5EADD4D8AA6}) (Version: 3.6.24 - SignoSoft)
signotec HID (HKLM\...\{C3EE487B-F804-42FE-BA97-6B4F611FE9D2}) (Version: 1.1.0 - signotec GmbH)
SixPack 2.0.20 (HKLM\...\{b7373a3b-63cf-5f3e-8049-f7c86486f3b5}) (Version: 2.0.20 - 6ti Minutovka 1.0 s.r.o.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1262 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.166 - Synaptics Incorporated)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.50.5 - TeamViewer)
Trader Workstation 10.23 (HKLM\...\5556-0173-2810-2300) (Version: (.2a) 20230615 16:54:18 - Interactive Brokers LLC)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wacom STU Driver (HKLM-x32\...\{27d481b5-9939-4f89-ab90-3a4871c03104}) (Version: 5.4.5 - Wacom Co., Ltd.)
Wacom STU Driver (x64) (HKLM\...\{BFF3F85F-2194-4845-BCFF-B123B32F8B14}) (Version: 5.4.5 - Wacom Co., Ltd.) Hidden
Windows Device Recovery Tool 3.14.07501 (HKLM-x32\...\{453BBFB2-D227-40FB-9D87-F633C559D92B}) (Version: 3.14.07501 - Microsoft) Hidden
Windows Device Recovery Tool 3.14.07501 (HKLM-x32\...\{a8ef6d85-8556-4ab8-9e84-f935f5582d43}) (Version: 3.14.7501 - Microsoft)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft)
WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft)
WinUSB Drivers ext (HKLM-x32\...\{29BAAF65-09E5-4F52-8D15-2FAF2E23A8DC}) (Version: 1.1.24.1544 - Microsoft)
Zoom Workplace (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\ZoomUMX) (Version: 6.2.7 (49583) - Zoom Video Communications, Inc.)
Živočichové - Fotogalerie (HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\Živočichové - Fotogalerie) (Version: - )
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-12-10] ()
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-20] (INTEL CORP) [Startup Task]
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.79.7900.0_x64__ytsefhwckbdv6 [2025-01-03] (G5 Entertainment AB)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_156.1.1125.0_x64__v10z8vjag6ke6 [2024-11-08] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.41.29.0_x64__v10z8vjag6ke6 [2025-01-08] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.44.0_x64__v10z8vjag6ke6 [2024-12-04] (HP Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-21] (INTEL CORP)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-12-14] (INTEL CORP)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-09] (Microsoft Corporation) [MS Ad]
Microsoft.HEVCVideoExtensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.2.10.0_x64__8wekyb3d8bbwe [2024-11-08] (Microsoft Corporation)
PhotoScape X -> C:\Program Files\WindowsApps\MooiiTech.PhotoScapeX_4.2.1.0_x64__f5eddttrpssna [2022-04-21] (Mooii Tech)
Wifi Analyzer and Scanner -> C:\Program Files\WindowsApps\28877WebProvider.WifiAnalyzerandScanner_1.2.1.0_x64__gdrx0g078t8zg [2024-09-24] (WebProvider)
WinRAR -> C:\Program Files\WinRAR [2022-04-17] (win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Marian\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\Users\Marian\AppData\Local\WebEx\WebEx64\Meetings\atucfobj.dll (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-10] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2009-09-16 17:44 - 2009-09-16 17:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 10:44 - 2009-09-16 10:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\BHO\ie_to_edge_bho_64.dll => No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-12-17] (HP Inc. -> HP Inc.)
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_431\bin\jp2ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-12-17] (HP Inc. -> HP Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2019-01-16] (LogMeIn, Inc. -> LastPass)
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Marian\AppData\Local\Temp\F5_TMP_801632291624919730141\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Marian\AppData\Local\Temp\F5_TMP_18317310420318416713435\InstallerControl.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Marian\AppData\Local\Temp\F5_TMP_25319668465813376103\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Marian\AppData\Local\Temp\F5_TMP_907516410818675373\urxhost.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\mfcr.cz -> mfcr.cz
IE trusted site: HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\rsts.cz -> hxxps://vpn1.rsts.cz
IE trusted site: HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\sharepoint.com -> hxxps://szsopava-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-09-21 10:45 - 2024-02-26 07:06 - 000001414 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 local.signotecwebsocket.de # signotec WebSocket Pad Server127.0.0.1 license.piriform.com
127.0.0.1 www.license.piriform.com
127.0.0.1 speccy.piriform.com
127.0.0.1 www.speccy.piriform.com
127.0.0.1 recuva.piriform.com
127.0.0.1 www.recuva.piriform.com
127.0.0.1 defraggler.piriform.com
127.0.0.1 www.defraggler.piriform.com
127.0.0.1 ccleaner.piriform.com
127.0.0.1 www.ccleaner.piriform.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\SignatureDriver\dll\wacom;C:\SignatureDriver\dll\hanvon;C:\SignatureDriver\dll\signotec;C:\Program Files\dotnet\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Marian\Downloads\2560x1600-Wallpaper-TGW.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Realtek RTL8822BE 802.11ac PCIe Adapter -> rtwlane.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "StartDriver.lnk"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\StartupFolder: => "Poslat do aplikace OneNote.lnk"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "NokiaSuite.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4767C015-C727-4E8B-9748-95FA8D67FFC7}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D1FC14FD-226D-4AB3-A13F-5E2270650DD5}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{D0F24173-A50B-4050-9A45-94FD7EF3D22E}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F1B44328-DFF7-4BFE-9BDB-EAB5A0FB5232}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7A971262-8587-4AC5-933B-161996CBC5DB}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B73AC251-47A4-46E2-8201-64C10892924D}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [UDP Query User{02A646D5-7754-449E-8771-CC94D2D5505A}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E7D4F65B-9339-4177-80A9-64700D694EC1}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [{130725D3-DCC9-4D03-97CB-AFB58E64EEA8}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{409384FA-64D1-4A50-9572-6629EAECC165}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{734ECA72-F45F-48D1-BF4E-DDB4E17EC563}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{985E426F-C3FB-4E81-8D41-AAD13FFD0332}C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe] => (Allow) C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe
FirewallRules: [TCP Query User{7EAB67A5-A420-4E0C-B17F-38CBC23E8504}C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe] => (Allow) C:\signaturedriver\java\jdk1.8.0_181\jre\bin\java.exe
FirewallRules: [{906432A5-122F-478C-BC50-806E1662184D}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{F5732DE0-6379-4F93-B6C2-CA42AF23D666}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B1123F75-85A4-4D1A-82BB-339D482C4D92}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3268B5CF-9212-4D7F-A16D-33B2779A12D1}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{15DFCF0F-A5C5-490B-A49E-252FC2219EBF}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [{AA01A3DD-7B50-4917-919E-4730B2640FFA}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B5D0296E-848B-453B-8BD8-330F2C3F24FD}] => (Allow) C:\Users\Marian\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{40E9B272-413C-4C95-8F03-B2589C62AE94}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{E6C235D3-6BB0-4EF9-B279-BEE7B4F42BD6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{7AF64807-F788-4030-811C-760F47EAD71D}] => (Allow) C:\SignatureDriver\driver\bin\tomcat8.exe (The Apache Software Foundation -> Apache Software Foundation)
FirewallRules: [{C6EE49A1-654E-4196-8B42-CFB56BB4680B}] => (Allow) C:\SignatureDriver\Java\jdk1.8.0_181\jre\bin\java.exe
FirewallRules: [TCP Query User{C6C71762-2B51-4D85-B1F5-E915489B21C9}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F6F3CAD5-EF4F-4909-8184-2AD5475596ED}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B80B2FEB-00EE-4A5A-BA11-7F987735978D}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{4EE62843-1342-4F2D-931B-984423683161}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2F7A3DFF-291C-47D5-9EAD-107E46105CD4}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FEBB1EA9-2D9C-4CDA-A47C-AAD0CB1A3FD1}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [TCP Query User{882CD998-AE9F-45C2-A4DB-E6327A61BC3A}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8427AA98-5BBA-4106-B2E0-CB3801F7CCB0}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [{66373BC4-A1E6-4EE1-BC9F-5CD2F522ED45}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{791DFB43-9163-4F73-B573-D55D0B452230}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{F0EEFCCC-C47A-407C-BE5B-6A3A3A367EC8}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{19AD830C-1746-430A-AAA9-857722E58671}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [TCP Query User{99BC3592-FD4A-4A75-BD7A-C3D276BCF221}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B7F86751-9519-440C-BB9F-B513DA2D616B}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [{5D206B62-3C7F-4077-B754-946FEAFD97A2}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C9083D78-1302-49E5-AC79-93EC61040EEC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.303.2080.2726_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FB99ECB7-874A-4EF0-8D76-759CFEBF10EA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DB7FABFB-77F8-4B10-B498-F9DDE312B478}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E878E7FF-EE9A-487E-BEA5-9C36FB85F3D6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{47E7F3D6-A40D-4DAE-B7BA-940952FDE1AC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B09574E-BB1E-4758-9F90-27AFAB7262EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E31C15DF-67AA-4953-8F7B-BD17EC70F20D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{54C00AA3-9C25-4168-BE8B-CE01F9F45BFB}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [UDP Query User{10DF8D2A-831D-4EE2-B58A-6F5C9BA49FD6}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [{B8064EB6-0169-4E82-9EC5-8CD8E0B9681C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{EAAD3CED-3807-456E-8C1D-EE60B9428DC4}C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [UDP Query User{CD2D1414-A290-45ED-9C11-8963F8DBA90E}C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [{9AB20BEE-02AE-4B4E-9A9C-0E0506429507}] => (Block) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [{C3758001-0B0F-4D4F-9DC3-2AC3709AEAE6}] => (Block) C:\program files (x86)\java\jre1.8.0_431\bin\javaw.exe
FirewallRules: [{A60D8661-66C4-46E5-BF80-89C1829A183B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3ADE446D-268F-474B-8F30-A6F8F521692E}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [TCP Query User{F20F5B5C-A980-4EF2-81EF-11563BBC2510}C:\jts\1023\tws.exe] => (Allow) C:\jts\1023\tws.exe (Interactive Brokers Group, Inc. -> Interactive Brokers LLC)
FirewallRules: [UDP Query User{0B9DD36F-E98C-4F60-BB82-CEA0F5360BC0}C:\jts\1023\tws.exe] => (Allow) C:\jts\1023\tws.exe (Interactive Brokers Group, Inc. -> Interactive Brokers LLC)
FirewallRules: [{E77432F4-809D-4BCA-AACD-69CB5C29017F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:117.75 GB) (Free:24.25 GB) (21%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/10/2025 01:10:58 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Službě Windows Search se nepodařilo zpracovat seznam zahrnutých a vyloučených umístění, a to s chybou <30, 0x80040d07, iehistory://{S-1-5-21-3576560084-3732143217-555266759-1003}/>.
Error: (01/08/2025 10:20:25 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Název chybující aplikace: bad_module_info, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x0000000000000000
ID chybujícího procesu: 0x0xa48
Čas spuštění chybující aplikace: 0x0x1db61c94f71e5bd
Cesta k chybující aplikaci: bad_module_info
Cesta k chybujícímu modulu: unknown
ID zprávy: 688b668d-76e8-4814-9cb9-28e29d2d5543
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/07/2025 10:21:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]
Error: (01/07/2025 10:21:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: HotKeyServiceUWP.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: kód výjimky c0000005, adresa výjimky 00007FF705B4E713
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému..
Error: (01/07/2025 08:03:18 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.]
System errors:
=============
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba SAS Core Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Graphics Command Center Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Driver & Support Assistant byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SAMSUNG Mobile Connectivity Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba fpCsEvtSvc byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP LAN/WLAN/WWAN Switching UWP Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.
Error: (01/10/2025 05:17:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Management Engine WMI Provider Registration byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
================
Date: 2025-01-09 17:33:26
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CA043B75-AF44-4D77-A807-D5F6BBB67615}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-08 21:49:11
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FE7D1BEE-9594-4F12-ADA4-E20FA159D04D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-08 18:53:33
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F2F4552E-9A1B-4DF6-81A0-7D26DCD1221D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:09:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {663F5B46-F565-4387-9091-0FB63AF52210}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-31 20:46:11
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {971A445A-B32D-4148-9B6D-E054BD36694A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
CodeIntegrity:
===============
Date: 2025-01-10 15:07:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_dca7f3f6531ce13b\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2025-01-10 15:04:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
Date: 2025-01-10 15:03:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.
Date: 2025-01-10 15:00:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: HP Q85 Ver. 01.30.00 11/20/2024
Motherboard: HP 837D
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 8051.21 MB
Available physical RAM: 4225.87 MB
Total Virtual: 16243.21 MB
Available Virtual: 12201.51 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.75 GB) (Free:24.25 GB) (Model: SAMSUNG MZNLN128HAHQ-000H1) NTFS
Drive d: (Data) (Fixed) (Total:540.87 GB) (Free:67.48 GB) (Model: TOSHIBA MQ04ABF100) NTFS
Drive e: (Záloha) (Fixed) (Total:146.48 GB) (Free:89.89 GB) (Model: TOSHIBA MQ04ABF100) NTFS
Drive f: (Práce) (Fixed) (Total:244.14 GB) (Free:117.29 GB) (Model: TOSHIBA MQ04ABF100) NTFS
\\?\Volume{d647cabe-9562-4e94-9d5b-06f19d260716}\ (Obnovení) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{5ea6e0dc-bc8a-4565-a1d3-eda63eba9217}\ () (Fixed) (Total:0.94 GB) (Free:0.1 GB) NTFS
\\?\Volume{ba868bab-2fc7-486f-b009-b744ef3d09e9}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 086340C5)
Partition: GPT.
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 0863A0C6)
Partition: GPT.
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vidar infostealer
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do D:\Programy\Malware jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {b04efcab-53bc-11ed-bc94-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d0d56b69-23c0-11ef-bcee-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d3a10da5-1adc-11ed-bc77-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
ShortcutTarget: StartDriver.lnk -> C:\SignatureDriver\driver\bin\runSilent.vbs () [File not signed]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => "C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe" (No File)
Task: {0AEF898D-9B9D-4ED5-A41A-1468C2962EA3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
ask: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {0D089A66-CE07-4A68-8D4D-41FEB114E5B2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File)
Task: {94C690A0-2B27-4D04-9ED0-3CA29BEFD73D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {7CADEA4A-9631-4513-88B5-1EC748587B97} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {3A03AAED-A183-4D7C-B6F9-A75AC6851FA1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (No File)
Task: {F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (No File)
Task: {915D70AD-0424-4AAC-8E2E-DC57B99DE54A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (No File)
Task: {6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6} - System32\Tasks\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\ProgramData\A16PP890HDJM
C:\ProgramData\ZCTRQ9R1VKF3
C:\ProgramData\IObit
C:\Program Files (x86)\IObit
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
FirewallRules: [UDP Query User{4767C015-C727-4E8B-9748-95FA8D67FFC7}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D1FC14FD-226D-4AB3-A13F-5E2270650DD5}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{D0F24173-A50B-4050-9A45-94FD7EF3D22E}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F1B44328-DFF7-4BFE-9BDB-EAB5A0FB5232}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7A971262-8587-4AC5-933B-161996CBC5DB}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B73AC251-47A4-46E2-8201-64C10892924D}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [UDP Query User{02A646D5-7754-449E-8771-CC94D2D5505A}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E7D4F65B-9339-4177-80A9-64700D694EC1}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F5732DE0-6379-4F93-B6C2-CA42AF23D666}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B1123F75-85A4-4D1A-82BB-339D482C4D92}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3268B5CF-9212-4D7F-A16D-33B2779A12D1}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{15DFCF0F-A5C5-490B-A49E-252FC2219EBF}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C6C71762-2B51-4D85-B1F5-E915489B21C9}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F6F3CAD5-EF4F-4909-8184-2AD5475596ED}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B80B2FEB-00EE-4A5A-BA11-7F987735978D}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{4EE62843-1342-4F2D-931B-984423683161}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2F7A3DFF-291C-47D5-9EAD-107E46105CD4}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FEBB1EA9-2D9C-4CDA-A47C-AAD0CB1A3FD1}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [TCP Query User{882CD998-AE9F-45C2-A4DB-E6327A61BC3A}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8427AA98-5BBA-4106-B2E0-CB3801F7CCB0}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F0EEFCCC-C47A-407C-BE5B-6A3A3A367EC8}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{19AD830C-1746-430A-AAA9-857722E58671}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [TCP Query User{99BC3592-FD4A-4A75-BD7A-C3D276BCF221}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B7F86751-9519-440C-BB9F-B513DA2D616B}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [TCP Query User{54C00AA3-9C25-4168-BE8B-CE01F9F45BFB}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [UDP Query User{10DF8D2A-831D-4EE2-B58A-6F5C9BA49FD6}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
EmptyTemp:
Hosts:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
letadloaero
- Návštěvník
- Příspěvky: 17
- Registrován: 21 čer 2011 05:45
Re: Vidar infostealer
Fix result of Farbar Recovery Scan Tool (x64) Version: 10-01-2025 02
Ran by Marian (10-01-2025 19:05:43) Run:1
Running from D:\Programy\Malware
Loaded Profiles: Marian
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {b04efcab-53bc-11ed-bc94-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d0d56b69-23c0-11ef-bcee-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d3a10da5-1adc-11ed-bc77-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
ShortcutTarget: StartDriver.lnk -> C:\SignatureDriver\driver\bin\runSilent.vbs () [File not signed]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => "C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe" (No File)
Task: {0AEF898D-9B9D-4ED5-A41A-1468C2962EA3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
ask: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {0D089A66-CE07-4A68-8D4D-41FEB114E5B2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File)
Task: {94C690A0-2B27-4D04-9ED0-3CA29BEFD73D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {7CADEA4A-9631-4513-88B5-1EC748587B97} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {3A03AAED-A183-4D7C-B6F9-A75AC6851FA1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (No File)
Task: {F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (No File)
Task: {915D70AD-0424-4AAC-8E2E-DC57B99DE54A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (No File)
Task: {6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6} - System32\Tasks\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\ProgramData\A16PP890HDJM
C:\ProgramData\ZCTRQ9R1VKF3
C:\ProgramData\IObit
C:\Program Files (x86)\IObit
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
FirewallRules: [UDP Query User{4767C015-C727-4E8B-9748-95FA8D67FFC7}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D1FC14FD-226D-4AB3-A13F-5E2270650DD5}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{D0F24173-A50B-4050-9A45-94FD7EF3D22E}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F1B44328-DFF7-4BFE-9BDB-EAB5A0FB5232}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7A971262-8587-4AC5-933B-161996CBC5DB}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B73AC251-47A4-46E2-8201-64C10892924D}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [UDP Query User{02A646D5-7754-449E-8771-CC94D2D5505A}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E7D4F65B-9339-4177-80A9-64700D694EC1}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F5732DE0-6379-4F93-B6C2-CA42AF23D666}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B1123F75-85A4-4D1A-82BB-339D482C4D92}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3268B5CF-9212-4D7F-A16D-33B2779A12D1}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{15DFCF0F-A5C5-490B-A49E-252FC2219EBF}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C6C71762-2B51-4D85-B1F5-E915489B21C9}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F6F3CAD5-EF4F-4909-8184-2AD5475596ED}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B80B2FEB-00EE-4A5A-BA11-7F987735978D}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{4EE62843-1342-4F2D-931B-984423683161}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2F7A3DFF-291C-47D5-9EAD-107E46105CD4}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FEBB1EA9-2D9C-4CDA-A47C-AAD0CB1A3FD1}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [TCP Query User{882CD998-AE9F-45C2-A4DB-E6327A61BC3A}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8427AA98-5BBA-4106-B2E0-CB3801F7CCB0}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F0EEFCCC-C47A-407C-BE5B-6A3A3A367EC8}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{19AD830C-1746-430A-AAA9-857722E58671}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [TCP Query User{99BC3592-FD4A-4A75-BD7A-C3D276BCF221}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B7F86751-9519-440C-BB9F-B513DA2D616B}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [TCP Query User{54C00AA3-9C25-4168-BE8B-CE01F9F45BFB}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [UDP Query User{10DF8D2A-831D-4EE2-B58A-6F5C9BA49FD6}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b04efcab-53bc-11ed-bc94-80ce623e8ed5} => removed successfully
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0d56b69-23c0-11ef-bcee-80ce623e8ed5} => removed successfully
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a10da5-1adc-11ed-bc77-80ce623e8ed5} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
C:\SignatureDriver\driver\bin\runSilent.vbs => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8}" => removed successfully
C:\WINDOWS\System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP\HP Hotkey Support\Start QLBController Process" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AEF898D-9B9D-4ED5-A41A-1468C2962EA3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEF898D-9B9D-4ED5-A41A-1468C2962EA3}" => removed successfully
C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
ask: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File) => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D089A66-CE07-4A68-8D4D-41FEB114E5B2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D089A66-CE07-4A68-8D4D-41FEB114E5B2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94C690A0-2B27-4D04-9ED0-3CA29BEFD73D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94C690A0-2B27-4D04-9ED0-3CA29BEFD73D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CADEA4A-9631-4513-88B5-1EC748587B97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CADEA4A-9631-4513-88B5-1EC748587B97}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A03AAED-A183-4D7C-B6F9-A75AC6851FA1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A03AAED-A183-4D7C-B6F9-A75AC6851FA1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{915D70AD-0424-4AAC-8E2E-DC57B99DE54A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{915D70AD-0424-4AAC-8E2E-DC57B99DE54A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_mousekeyboardcenter_exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6}" => removed successfully
C:\WINDOWS\System32\Tasks\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"C:\ProgramData\A16PP890HDJM" Folder move:
C:\ProgramData\A16PP890HDJM => moved successfully
"C:\ProgramData\ZCTRQ9R1VKF3" Folder move:
C:\ProgramData\ZCTRQ9R1VKF3 => moved successfully
"C:\ProgramData\IObit" Folder move:
C:\ProgramData\IObit => moved successfully
"C:\Program Files (x86)\IObit" Folder move:
C:\Program Files (x86)\IObit => moved successfully
HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
HKLM\Software\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4767C015-C727-4E8B-9748-95FA8D67FFC7}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D1FC14FD-226D-4AB3-A13F-5E2270650DD5}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D0F24173-A50B-4050-9A45-94FD7EF3D22E}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F1B44328-DFF7-4BFE-9BDB-EAB5A0FB5232}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7A971262-8587-4AC5-933B-161996CBC5DB}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B73AC251-47A4-46E2-8201-64C10892924D}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{02A646D5-7754-449E-8771-CC94D2D5505A}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E7D4F65B-9339-4177-80A9-64700D694EC1}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F5732DE0-6379-4F93-B6C2-CA42AF23D666}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B1123F75-85A4-4D1A-82BB-339D482C4D92}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3268B5CF-9212-4D7F-A16D-33B2779A12D1}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{15DFCF0F-A5C5-490B-A49E-252FC2219EBF}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C6C71762-2B51-4D85-B1F5-E915489B21C9}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F6F3CAD5-EF4F-4909-8184-2AD5475596ED}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B80B2FEB-00EE-4A5A-BA11-7F987735978D}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4EE62843-1342-4F2D-931B-984423683161}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2F7A3DFF-291C-47D5-9EAD-107E46105CD4}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FEBB1EA9-2D9C-4CDA-A47C-AAD0CB1A3FD1}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{882CD998-AE9F-45C2-A4DB-E6327A61BC3A}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8427AA98-5BBA-4106-B2E0-CB3801F7CCB0}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F0EEFCCC-C47A-407C-BE5B-6A3A3A367EC8}C:\program files (x86)\java\jre-1.8\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{19AD830C-1746-430A-AAA9-857722E58671}C:\program files (x86)\java\jre-1.8\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{99BC3592-FD4A-4A75-BD7A-C3D276BCF221}C:\program files (x86)\java\jre-1.8\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B7F86751-9519-440C-BB9F-B513DA2D616B}C:\program files (x86)\java\jre-1.8\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{54C00AA3-9C25-4168-BE8B-CE01F9F45BFB}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{10DF8D2A-831D-4EE2-B58A-6F5C9BA49FD6}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8504802 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 8716452 B
Edge => 0 B
Chrome => 9961472 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 236 B
systemprofile32 => 236 B
LocalService => 671024 B
NetworkService => 672192 B
Marian => 41014284 B
RecycleBin => 0 B
EmptyTemp: => 67.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:05:51 ====
Ran by Marian (10-01-2025 19:05:43) Run:1
Running from D:\Programy\Malware
Loaded Profiles: Marian
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {b04efcab-53bc-11ed-bc94-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d0d56b69-23c0-11ef-bcee-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\...\MountPoints2: {d3a10da5-1adc-11ed-bc77-80ce623e8ed5} - "G:\HiSuiteDownLoader.exe"
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
ShortcutTarget: StartDriver.lnk -> C:\SignatureDriver\driver\bin\runSilent.vbs () [File not signed]
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => "C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe" (No File)
Task: {0AEF898D-9B9D-4ED5-A41A-1468C2962EA3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
ask: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {0D089A66-CE07-4A68-8D4D-41FEB114E5B2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => %systemroot%\system32\MusNotification.exe RebootDialog (No File)
Task: {94C690A0-2B27-4D04-9ED0-3CA29BEFD73D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (No File)
Task: {7CADEA4A-9631-4513-88B5-1EC748587B97} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (No File)
Task: {3A03AAED-A183-4D7C-B6F9-A75AC6851FA1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (No File)
Task: {F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (No File)
Task: {915D70AD-0424-4AAC-8E2E-DC57B99DE54A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (No File)
Task: {6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6} - System32\Tasks\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask => %SystemRoot%\System32\DataUsageLiveTileTask.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\ProgramData\A16PP890HDJM
C:\ProgramData\ZCTRQ9R1VKF3
C:\ProgramData\IObit
C:\Program Files (x86)\IObit
CustomCLSID: HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IEToEdge BHO -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> C:\Program Files (x86)\Microsoft\Edge\Application\131.0.2903.112\BHO\ie_to_edge_bho_64.dll => No File
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
FirewallRules: [UDP Query User{4767C015-C727-4E8B-9748-95FA8D67FFC7}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D1FC14FD-226D-4AB3-A13F-5E2270650DD5}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{D0F24173-A50B-4050-9A45-94FD7EF3D22E}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F1B44328-DFF7-4BFE-9BDB-EAB5A0FB5232}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe => No File
FirewallRules: [UDP Query User{7A971262-8587-4AC5-933B-161996CBC5DB}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B73AC251-47A4-46E2-8201-64C10892924D}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [UDP Query User{02A646D5-7754-449E-8771-CC94D2D5505A}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E7D4F65B-9339-4177-80A9-64700D694EC1}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F5732DE0-6379-4F93-B6C2-CA42AF23D666}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B1123F75-85A4-4D1A-82BB-339D482C4D92}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [UDP Query User{3268B5CF-9212-4D7F-A16D-33B2779A12D1}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{15DFCF0F-A5C5-490B-A49E-252FC2219EBF}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C6C71762-2B51-4D85-B1F5-E915489B21C9}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F6F3CAD5-EF4F-4909-8184-2AD5475596ED}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{B80B2FEB-00EE-4A5A-BA11-7F987735978D}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [UDP Query User{4EE62843-1342-4F2D-931B-984423683161}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2F7A3DFF-291C-47D5-9EAD-107E46105CD4}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FEBB1EA9-2D9C-4CDA-A47C-AAD0CB1A3FD1}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [TCP Query User{882CD998-AE9F-45C2-A4DB-E6327A61BC3A}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [UDP Query User{8427AA98-5BBA-4106-B2E0-CB3801F7CCB0}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F0EEFCCC-C47A-407C-BE5B-6A3A3A367EC8}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{19AD830C-1746-430A-AAA9-857722E58671}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [TCP Query User{99BC3592-FD4A-4A75-BD7A-C3D276BCF221}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B7F86751-9519-440C-BB9F-B513DA2D616B}C:\program files (x86)\java\jre-1.8\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre-1.8\bin\javaw.exe => No File
FirewallRules: [TCP Query User{54C00AA3-9C25-4168-BE8B-CE01F9F45BFB}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
FirewallRules: [UDP Query User{10DF8D2A-831D-4EE2-B58A-6F5C9BA49FD6}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe => No File
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b04efcab-53bc-11ed-bc94-80ce623e8ed5} => removed successfully
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0d56b69-23c0-11ef-bcee-80ce623e8ed5} => removed successfully
HKU\S-1-5-21-3576560084-3732143217-555266759-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3a10da5-1adc-11ed-bc77-80ce623e8ed5} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
C:\SignatureDriver\driver\bin\runSilent.vbs => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5160DD2-14F9-4C2D-9E6B-414E1F4D30B8}" => removed successfully
C:\WINDOWS\System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP\HP Hotkey Support\Start QLBController Process" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AEF898D-9B9D-4ED5-A41A-1468C2962EA3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEF898D-9B9D-4ED5-A41A-1468C2962EA3}" => removed successfully
C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
ask: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File) => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D089A66-CE07-4A68-8D4D-41FEB114E5B2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D089A66-CE07-4A68-8D4D-41FEB114E5B2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6ECC17BA-2F21-4D1D-A937-AF5B7E29ED7A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94C690A0-2B27-4D04-9ED0-3CA29BEFD73D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94C690A0-2B27-4D04-9ED0-3CA29BEFD73D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CADEA4A-9631-4513-88B5-1EC748587B97}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CADEA4A-9631-4513-88B5-1EC748587B97}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A03AAED-A183-4D7C-B6F9-A75AC6851FA1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A03AAED-A183-4D7C-B6F9-A75AC6851FA1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_Broker_Display" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA3CFE50-32F1-48A8-94B6-9A1A6207ECB1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2885DE0-BFC2-4FEE-9E16-DE84C4D38BDC}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{915D70AD-0424-4AAC-8E2E-DC57B99DE54A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{915D70AD-0424-4AAC-8E2E-DC57B99DE54A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_mousekeyboardcenter_exe" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D4CA7A1-634B-4F9F-9F96-36F9A49CE5F6}" => removed successfully
C:\WINDOWS\System32\Tasks\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\S-1-5-21-3576560084-3732143217-555266759-1003\DataSenseLiveTileTask" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"C:\ProgramData\A16PP890HDJM" Folder move:
C:\ProgramData\A16PP890HDJM => moved successfully
"C:\ProgramData\ZCTRQ9R1VKF3" Folder move:
C:\ProgramData\ZCTRQ9R1VKF3 => moved successfully
"C:\ProgramData\IObit" Folder move:
C:\ProgramData\IObit => moved successfully
"C:\Program Files (x86)\IObit" Folder move:
C:\Program Files (x86)\IObit => moved successfully
HKU\S-1-5-21-3576560084-3732143217-555266759-1003_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
HKLM\Software\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4767C015-C727-4E8B-9748-95FA8D67FFC7}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D1FC14FD-226D-4AB3-A13F-5E2270650DD5}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D0F24173-A50B-4050-9A45-94FD7EF3D22E}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F1B44328-DFF7-4BFE-9BDB-EAB5A0FB5232}C:\program files (x86)\java\jre1.8.0_341\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7A971262-8587-4AC5-933B-161996CBC5DB}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B73AC251-47A4-46E2-8201-64C10892924D}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{02A646D5-7754-449E-8771-CC94D2D5505A}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E7D4F65B-9339-4177-80A9-64700D694EC1}C:\program files (x86)\java\jre1.8.0_331\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F5732DE0-6379-4F93-B6C2-CA42AF23D666}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B1123F75-85A4-4D1A-82BB-339D482C4D92}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3268B5CF-9212-4D7F-A16D-33B2779A12D1}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{15DFCF0F-A5C5-490B-A49E-252FC2219EBF}C:\program files (x86)\java\jre1.8.0_321\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C6C71762-2B51-4D85-B1F5-E915489B21C9}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F6F3CAD5-EF4F-4909-8184-2AD5475596ED}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B80B2FEB-00EE-4A5A-BA11-7F987735978D}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4EE62843-1342-4F2D-931B-984423683161}C:\program files (x86)\java\jre1.8.0_351\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2F7A3DFF-291C-47D5-9EAD-107E46105CD4}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FEBB1EA9-2D9C-4CDA-A47C-AAD0CB1A3FD1}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{882CD998-AE9F-45C2-A4DB-E6327A61BC3A}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8427AA98-5BBA-4106-B2E0-CB3801F7CCB0}C:\program files (x86)\java\jre1.8.0_361\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F0EEFCCC-C47A-407C-BE5B-6A3A3A367EC8}C:\program files (x86)\java\jre-1.8\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{19AD830C-1746-430A-AAA9-857722E58671}C:\program files (x86)\java\jre-1.8\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{99BC3592-FD4A-4A75-BD7A-C3D276BCF221}C:\program files (x86)\java\jre-1.8\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B7F86751-9519-440C-BB9F-B513DA2D616B}C:\program files (x86)\java\jre-1.8\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{54C00AA3-9C25-4168-BE8B-CE01F9F45BFB}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{10DF8D2A-831D-4EE2-B58A-6F5C9BA49FD6}C:\program files (x86)\java\jre1.8.0_421\bin\javaw.exe" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8504802 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 8716452 B
Edge => 0 B
Chrome => 9961472 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 236 B
systemprofile32 => 236 B
LocalService => 671024 B
NetworkService => 672192 B
Marian => 41014284 B
RecycleBin => 0 B
EmptyTemp: => 67.8 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:05:51 ====
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vidar infostealer
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
letadloaero
- Návštěvník
- Příspěvky: 17
- Registrován: 21 čer 2011 05:45
Re: Vidar infostealer
Děkuji za pomoc, snad to bude v pořádku, kdyby něco tak se ozvu.
-
Rudy
- Site Admin
- Příspěvky: 119315
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vidar infostealer
OK. Jsme tu stále. Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?