Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

zavirovaný počítač - zřejmě malware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
tepan
Návštěvník
Návštěvník
Příspěvky: 248
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

zavirovaný počítač - zřejmě malware

#1 Příspěvek od tepan »

Dobrý den, cca před 14ti dny mi přestala nabíhat jedna webová stránka . Nepřikládal jsem tomu větší váhu. Nicméně , pak jsem se na ni přeci jen chtěl dostat, tak jsem postupoval podle návodů na netu

- výmaz cookies
- přenastavení DNS
-reset prohlížeče
- odinstalace prohlížeče

atd.

Nainstalování jiného antiviru - původně commodo , teď Awast a nic nepomohlo. V určitou chvíli mi to psalo, že se nedostanu ani na viry.cz.

Mohl by se prosím někdo podívat , zda nemám v compu nějakou havěť? Awast hlásí vše čisté. Ale těch stránek mi nefunguje čím dále více.

Děkuji Petr.

Přikládám log FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2025
Ran by Petr (administrator) on TEPAN (17-01-2025 18:58:16)
Running from C:\Users\Petr\OneDrive\Plocha\FRST64.exe
Loaded Profiles: Petr & DevToolsUser
Platform: Microsoft Windows 10 Home Version 22H2 19045.5371 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(DriverStore\FileRepository\u0407052.inf_amd64_84d15514ad17ffa0\B406619\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0407052.inf_amd64_84d15514ad17ffa0\B406619\atieclxx.exe
(explorer.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <6>
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <22>
(services.exe ->) () [File not signed] C:\Program Files\Allway Sync\Bin\SyncService.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0407052.inf_amd64_84d15514ad17ffa0\B406619\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\COMODO Secure Shopping\csssrv64.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe <2>
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_5f2cd636dbc40dd2\amdfendrsr.exe
(svchost.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (VS REVO GROUP OOD -> VS Revo Group Ltd.) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382880 2024-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [10140904 2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [427816 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45381424 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Run: [MicrosoftEdgeAutoLaunch_88D36A2D9DF9AF2106D8CF7538FE64F2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911208 2025-01-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --do-not-de-elevate --flag-switches-begin --flag-switches-end --e (the data entry has 134 more characters). [3911208 2025-01-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Policies\system: [DisableLockWorkstation] 1
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\MountPoints2: {3e50c832-6af1-11ea-9cdb-40b0765e7062} - "G:\setup.exe"
HKU\S-1-5-21-4148571483-3592684963-3718319802-1003\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\132.0.6834.84\Installer\chrmstp.exe [2025-01-17] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C73B053-7D88-4E34-B59C-FF0B2B55CBEF} - \MicrosoftEdgeUpdateTaskMachineCore{D0DFB006-57AC-41B0-8BC6-1664BF9976E1} -> No File <==== ATTENTION
Task: {A939CA15-5CA7-48A5-AC4D-8F354AD1AE17} - \MicrosoftEdgeUpdateTaskMachineUA{FCC6E053-D1DD-44E5-870D-B3DEC2F7FBAB} -> No File <==== ATTENTION
Task: {4BD85583-A235-4C1F-9851-A2770CD8F5D3} - System32\Tasks\Avast Software\Avast Antivirus Patcher => C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus.exe [8400680 2024-12-16] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {820154B6-1768-4911-9C52-54E8E917A467} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5214504 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {96F68D8A-1065-468C-ADB0-03D9E0E6643E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2564904 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {581321D8-76A8-416E-9054-5C890EEAB656} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "9f4e0c81-bc4a-4435-a484-251575a4f54d" --version "6.31.11415" --silent
Task: {1DDF55E8-F84E-4572-8628-BCFA063554C1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {A2AA7524-DF4A-4357-BE67-57B1A0BDE138} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {91F34A0A-249B-4C20-BCCB-ABEC18A46B47} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F4857843-CF0C-4823-8375-4FA58F81EB4B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F6CE90AF-CC8B-4A19-A317-AF7789E78BBE} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {8175F048-B512-4171-B833-01861426B0B0} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {53AB23AC-8EEC-4957-B2C6-6922771EE91E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {24928E5C-D159-4A5E-A0DD-F0DD52BF462D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{2518F99E-5A16-43D5-8AF3-077F30519F6E} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {BD510E21-151E-4D97-817F-4CD310D6EB74} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [78288 2025-01-13] (HP Inc. -> HP Inc.)
Task: {4F876563-21F5-4A73-B232-6CEDE9F57E0A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [78288 2025-01-13] (HP Inc. -> HP Inc.)
Task: {D8FEDA38-705C-455A-AB93-A2C78643649F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [336104 2024-11-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFFF7856-1392-4C35-9D26-4949052E44CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {962E83BF-4C15-4A32-8DB1-EF3889607677} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4EC0161E-4E5A-4526-A4F4-4803DF321B91} - System32\Tasks\VS Revo Group\RevoHelperFreeStartup => C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe [4053672 2024-12-10] (VS REVO GROUP OOD -> VS Revo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{9fddadb7-d77f-4285-9596-3a6f1ddef74d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a448b503-55ba-485e-a542-6bf1fd832d5e}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{a448b503-55ba-485e-a542-6bf1fd832d5e}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{a448b503-55ba-485e-a542-6bf1fd832d5e}: [DhcpDomain] home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-17]
Edge DownloadDir: Default -> C:\Users\Petr\OneDrive\Plocha\OSSZ
Edge HomePage: Default -> hxxp://seznam.cz/
Edge StartupUrls: Default -> "hxxp://seznam.cz/"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}
Edge Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-31]
Edge Extension: (Edge relevant text changes) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-14]
Edge Extension: (Custom Scrollbars) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lbndfndhkcagjkndlnpllplacpfmbpbk [2024-11-25]
Edge Extension: (uBlock Origin) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2025-01-02]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2025-01-17]
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam
CHR DefaultNewTabURL: Default -> hxxps://search.seznam.cz/newtab
CHR DefaultSuggestURL: Default -> hxxps://suggest.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-17]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7381288 2025-01-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [778536 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2372904 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1229608 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2025-01-17] (Avast Software s.r.o. -> AVAST Software)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [264192 2020-04-07] () [File not signed]
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1087792 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R2 CmdAgentProt; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2675504 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R2 csssrv; C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe [4054248 2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-01-13] (HP Inc. -> HP Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192320 2020-09-24] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2025-01-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-17] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\DriverStore\FileRepository\amdfendr.inf_amd64_5f2cd636dbc40dd2\amdfendrmgr.sys [25672 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [36928 2022-12-05] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 AMDRyzenMasterDriverV19; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2024-08-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S2 AMDRyzenMasterDriverV20; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2024-08-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S2 AMDRyzenMasterDriverV22; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2024-08-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_960126269e89c62e\amdsafd.sys [113880 2024-05-10] (Advanced Micro Devices -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0407052.inf_amd64_84d15514ad17ffa0\B406619\amdkmdag.sys [106596128 2024-09-04] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20560 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235088 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [383056 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [296016 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84560 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [28280 2025-01-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28728 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [275024 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [550992 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [98360 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69712 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [955960 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1424952 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204344 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381488 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17576 2019-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmdcss; C:\WINDOWS\system32\drivers\cmdcss.sys [125000 2018-02-28] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [38880 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [844000 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [47104 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [130256 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [63256 2018-08-29] (Comodo Security Solutions, Inc. -> COMODO)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-01-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 RevoProcessDetector; C:\WINDOWS\System32\DRIVERS\RevoProcessDetector.sys [19504 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [55872 2023-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [574872 2023-09-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-07] (Microsoft Windows -> Microsoft Corporation)
S3 epmspacedrv; \SystemRoot\system32\epmspacedrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-01-17 18:49 - 2025-01-17 18:51 - 002403328 _____ (Farbar) C:\Users\Petr\OneDrive\Plocha\FRST64.exe
2025-01-17 18:12 - 2025-01-17 18:12 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2025-01-17 18:02 - 2025-01-17 18:49 - 000000000 ____D C:\Users\Petr\AppData\Local\Malwarebytes
2025-01-17 18:02 - 2025-01-17 18:02 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-01-17 18:02 - 2025-01-17 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-01-17 18:02 - 2025-01-17 18:02 - 000000000 ____D C:\Program Files\Malwarebytes
2025-01-17 17:48 - 2025-01-17 17:48 - 000000000 ____D C:\Users\Petr\AppData\Local\Avast Software
2025-01-17 17:46 - 2025-01-17 18:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2025-01-17 17:46 - 2025-01-17 17:46 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Avast Software
2025-01-17 17:46 - 2025-01-17 17:45 - 000053048 _____ (Gen Digital Inc.) C:\WINDOWS\system32\icarus_rvrt.exe
2025-01-17 14:11 - 2025-01-17 14:11 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-01-17 14:09 - 2025-01-17 14:09 - 000000000 ____D C:\Users\Petr\AppData\Local\MicrosoftEdge
2025-01-17 14:07 - 2025-01-17 14:07 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-01-17 14:07 - 2025-01-17 14:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2025-01-17 14:07 - 2025-01-17 14:07 - 000000000 ____D C:\Program Files\Google
2025-01-15 10:00 - 2025-01-15 10:00 - 000000000 ___HD C:\$WinREAgent
2025-01-12 16:27 - 2025-01-12 16:27 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\Old Firefox Data
2025-01-06 16:42 - 2025-01-06 16:42 - 000003383 _____ C:\Users\Petr\OneDrive\Plocha\Fixlog.txt
2025-01-06 15:10 - 2025-01-06 15:10 - 000049112 _____ C:\Users\Petr\OneDrive\Plocha\Addition.txt
2025-01-06 15:09 - 2025-01-17 18:58 - 000026569 _____ C:\Users\Petr\OneDrive\Plocha\FRST.txt
2025-01-06 14:41 - 2025-01-06 14:44 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-01-06 14:41 - 2025-01-06 14:41 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-01-06 06:20 - 2025-01-06 06:20 - 000000000 ____D C:\WINDOWS\system32\InteL
2025-01-06 06:19 - 2025-01-06 06:19 - 000000000 ____D C:\Users\Public\Crack
2025-01-04 11:19 - 2025-01-12 16:26 - 000000000 ____D C:\Filmy
2024-12-31 14:48 - 2019-08-21 08:02 - 000454616 _____ (COMODO) C:\WINDOWS\system32\cssguard64.dll
2024-12-31 14:48 - 2019-08-21 08:02 - 000341224 _____ (COMODO) C:\WINDOWS\system32\cmdkbdcss64.dll
2024-12-31 14:48 - 2019-08-21 08:02 - 000337856 _____ (COMODO) C:\WINDOWS\SysWOW64\cssguard32.dll
2024-12-31 14:48 - 2019-08-21 08:02 - 000262376 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbdcss32.dll
2024-12-31 14:48 - 2018-02-28 07:11 - 000125000 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdcss.sys
2024-12-31 11:24 - 2024-12-31 11:24 - 000000000 ____D C:\Users\Petr\AppData\Local\unali-326156
2024-12-31 11:24 - 2024-12-31 11:24 - 000000000 ____D C:\Users\Petr\AppData\Local\unali-325968
2024-12-31 11:23 - 2024-12-31 11:23 - 000000000 ____D C:\Users\Petr\AppData\Local\unali-281140
2024-12-31 11:19 - 2024-12-31 11:19 - 000478392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-12-30 09:21 - 2024-12-30 09:21 - 000000000 ____D C:\hjkljh
2024-12-30 08:10 - 2024-12-30 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdom Come - Deliverance [GOG.com]
2024-12-30 07:47 - 2024-12-30 09:20 - 000000000 ____D C:\Program Files (x86)\Kingdom Come Deliverance
2024-12-30 07:03 - 2024-12-30 07:03 - 000000000 ____D C:\Users\Petr\AppData\Roaming\SystemAcCrux
2024-12-30 07:03 - 2024-12-30 07:03 - 000000000 ____D C:\Users\Petr\AppData\Local\EaseUS DupFiles Cleaner
2024-12-30 07:03 - 2024-12-30 07:03 - 000000000 ____D C:\Users\Petr\AppData\Local\DupFilesUI
2024-12-30 06:58 - 2024-12-31 11:24 - 000000000 ____D C:\Program Files (x86)\EaseUS
2024-12-30 06:58 - 2024-12-30 06:58 - 000000000 ____D C:\Users\Petr\AppData\Local\EuUpdater
2024-12-30 06:58 - 2024-12-30 06:58 - 000000000 ____D C:\ProgramData\SystemAcCrux
2024-12-26 12:39 - 2024-12-31 11:26 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-12-26 12:38 - 2024-12-30 07:01 - 000000000 ____D C:\Users\Petr\AppData\Local\SquirrelTemp
2024-12-25 23:38 - 2024-12-26 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-12-25 23:36 - 2024-12-26 12:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\VS Revo Group
2024-12-25 15:08 - 2024-12-26 13:17 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Disc-Soft
2024-12-25 15:08 - 2024-12-25 15:08 - 000000000 ____D C:\Users\Petr\AppData\Local\Disc_Soft_FZE_LLC
2024-12-25 15:07 - 2024-12-26 13:17 - 000000000 ____D C:\ProgramData\Disc-Soft
2024-12-22 11:31 - 2024-12-22 11:32 - 000000000 ____D C:\fotky
2024-12-22 11:18 - 2024-12-22 11:18 - 000000000 ____D C:\Users\Petr\AppData\Roaming\WinRAR
2024-12-22 10:40 - 2024-12-22 10:40 - 000000000 ____D C:\Users\Petr\AppData\LocalLow\AMD

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-01-17 18:58 - 2020-11-26 10:05 - 000000000 ____D C:\FRST
2025-01-17 18:49 - 2023-09-25 08:16 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\OSSZ
2025-01-17 18:12 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-01-17 18:07 - 2024-10-03 18:26 - 000000000 ____D C:\Program Files\WinRAR
2025-01-17 18:07 - 2020-09-21 15:45 - 000000000 ____D C:\Users\Petr\AppData\LocalLow\3098htrhpen8ifg0
2025-01-17 18:02 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-01-17 18:00 - 2022-07-05 11:48 - 000000000 ____D C:\programy
2025-01-17 17:48 - 2021-04-25 21:33 - 001701844 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-01-17 17:48 - 2019-12-07 15:41 - 000720026 _____ C:\WINDOWS\system32\perfh005.dat
2025-01-17 17:48 - 2019-12-07 15:41 - 000146232 _____ C:\WINDOWS\system32\perfc005.dat
2025-01-17 17:46 - 2020-09-30 07:55 - 000316200 ____N (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2025-01-17 17:46 - 2020-09-30 07:55 - 000000000 ____D C:\ProgramData\Avast Software
2025-01-17 17:46 - 2020-09-30 07:55 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2025-01-17 17:46 - 2020-09-30 07:55 - 000000000 ____D C:\Program Files\Avast Software
2025-01-17 17:45 - 2021-12-16 21:51 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-01-17 17:45 - 2019-10-11 20:30 - 000000000 ____D C:\Users\Petr\AppData\Local\D3DSCache
2025-01-17 17:43 - 2021-04-25 21:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-01-17 17:43 - 2020-09-21 14:37 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-17 17:43 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-01-17 17:43 - 2019-10-15 16:00 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2025-01-17 17:43 - 2019-10-11 20:29 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-01-17 17:40 - 2024-03-17 02:47 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\nove obr
2025-01-17 17:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-01-17 16:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-01-17 14:12 - 2019-10-11 20:23 - 000000000 ____D C:\Users\Petr\AppData\Local\Packages
2025-01-17 14:08 - 2021-04-25 21:26 - 000000000 ____D C:\Users\Petr
2025-01-17 14:07 - 2019-10-15 09:32 - 000000000 ____D C:\Program Files (x86)\Google
2025-01-17 14:07 - 2019-10-15 09:31 - 000000000 ____D C:\Users\Petr\AppData\Local\Google
2025-01-17 13:48 - 2020-02-06 06:41 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\g
2025-01-17 13:38 - 2021-04-25 21:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-01-16 16:55 - 2019-10-15 09:44 - 000000000 ____D C:\Users\Petr\AppData\Roaming\vlc
2025-01-16 13:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-01-15 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-01-15 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-01-15 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-01-15 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-01-15 10:10 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-01-15 10:07 - 2021-04-25 21:27 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-01-15 09:56 - 2019-03-19 05:49 - 000000167 _____ C:\WINDOWS\win.ini
2025-01-15 09:55 - 2019-10-11 20:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-01-15 09:52 - 2019-10-11 20:35 - 206927936 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-01-13 20:45 - 2023-06-14 15:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2025-01-13 20:45 - 2023-06-14 15:35 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2025-01-12 16:37 - 2022-05-06 10:00 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Mozilla
2025-01-12 16:37 - 2022-05-06 10:00 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-01-07 15:21 - 2019-10-15 10:23 - 000000000 ____D C:\Users\Petr\AppData\Local\ElevatedDiagnostics
2025-01-07 13:26 - 2019-11-24 03:03 - 000000000 ____D C:\Program Files\CCleaner
2025-01-06 14:41 - 2019-10-15 17:02 - 000000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2025-01-06 14:41 - 2019-10-15 10:45 - 000000000 ____D C:\Users\Petr\AppData\Roaming\uTorrent
2025-01-06 06:20 - 2022-10-25 08:32 - 000000000 ____D C:\Users\Petr\AppData\Roaming\RenPy
2025-01-06 06:20 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2025-01-04 10:33 - 2021-03-16 20:33 - 000000000 ____D C:\Users\Petr\AppData\Local\AMD_Common
2024-12-31 14:48 - 2019-10-15 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2024-12-31 11:25 - 2023-04-26 23:40 - 000000000 ____D C:\Program Files\EaseUS
2024-12-31 11:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2024-12-30 07:03 - 2023-04-26 23:41 - 000000000 ____D C:\Users\Petr\AppData\Roaming\EaseUS
2024-12-30 07:01 - 2024-10-03 13:30 - 000000000 ____D C:\Temp
2024-12-30 07:01 - 2022-06-27 13:16 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\PowerPoint
2024-12-30 07:01 - 2022-06-07 22:07 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2024-12-30 07:01 - 2020-05-09 03:21 - 000000000 ____D C:\Users\Petr\AppData\Local\Foxit Reader
2024-12-30 07:01 - 2020-05-08 15:43 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Excel
2024-12-30 07:01 - 2020-03-25 13:58 - 000000000 ____D C:\AdwCleaner
2024-12-30 07:01 - 2019-10-19 16:22 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\HTML Help
2024-12-30 07:01 - 2019-10-15 09:46 - 000000000 ____D C:\Users\Petr\AppData\Local\GHISLER
2024-12-30 07:01 - 2019-10-11 20:32 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\MMC
2024-12-30 07:01 - 2019-10-11 20:27 - 000000000 ____D C:\AMD
2024-12-30 07:01 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-12-30 07:00 - 2020-03-25 14:59 - 000000000 ____D C:\Users\Petr\AppData\Local\cache
2024-12-26 12:32 - 2020-11-12 10:09 - 000000000 ____D C:\Users\Petr\AppData\Local\VS Revo Group
2024-12-26 12:32 - 2020-09-22 05:49 - 000000000 ____D C:\Program Files\VS Revo Group
2024-12-25 23:36 - 2020-09-22 05:49 - 000000000 ____D C:\ProgramData\VS Revo Group
2024-12-22 23:18 - 2023-06-29 06:40 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\byt
2024-12-22 22:59 - 2023-09-26 10:22 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\Datovka
2024-12-21 05:16 - 2021-09-12 20:38 - 000000000 ____D C:\Program Files\Microsoft OneDrive

==================== Files in the root of some directories ========

2020-11-12 10:08 - 2020-10-12 14:33 - 017838873 _____ (VS Revo Group) C:\Program Files (x86)\Revo Uninstaller Pro 4.2.3.exe
2024-09-21 12:39 - 2024-09-21 12:39 - 000000036 _____ () C:\Users\Petr\AppData\Local\_LOCAL_GUID

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2025
Ran by Petr (17-01-2025 18:59:07)
Running from C:\Users\Petr\OneDrive\Plocha
Microsoft Windows 10 Home Version 22H2 19045.5371 (X64) (2021-04-25 20:32:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4148571483-3592684963-3718319802-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4148571483-3592684963-3718319802-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-4148571483-3592684963-3718319802-1003 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-4148571483-3592684963-3718319802-501 - Limited - Disabled)
Petr (S-1-5-21-4148571483-3592684963-3718319802-1001 - Administrator - Enabled) => C:\Users\Petr
WDAGUtilityAccount (S-1-5-21-4148571483-3592684963-3718319802-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: COMODO Antivirus (Disabled - Up to date) {05AFA9EE-1ABD-A226-D250-B41671D7635C}
FW: COMODO Firewall (Disabled) {3D9428CB-50D2-A37E-F90F-1D238F042427}
FW: Avast Antivirus (Disabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aiseesoft Video Converter Ultimate 10.6.28 (HKLM-x32\...\{BD446D04-7426-4a27-9B0B-33B0C386F71B}_is1) (Version: 10.6.28 - Aiseesoft Studio)
Allway Sync (HKLM\...\{6E2A6AEF-1397-4888-BD6F-4C0D4968014D}) (Version: 20.0.5 - Botkind Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.02.19.2221 - Advanced Micro Devices, Inc.)
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.22.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.9.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{260a52b1-dc81-4e22-b58d-5dd3b57a7b65}) (Version: 5.02.19.2221 - Advanced Micro Devices, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 24.12.9725.2387 - Gen Digital Inc.)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Call of Juarez Gunslinger (HKLM-x32\...\Call of Juarez Gunslinger_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 6.31 - Piriform)
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.)
COMODO Internet Security Premium (HKLM\...\{567591EE-85F7-4E4D-AE28-FD65FCF4F201}) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.) Hidden
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA478445}) (Version: 1.4.159.0 - COMODO) Hidden
COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.4.478445.159 - Comodo)
CyberLink Ultra HD Blu-ray Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.3201 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0948 - Disc Soft Ltd)
Driver Easy 6.1.1 (HKLM\...\DriverEasy_is1) (Version: 6.1.1 - Easeware)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.2.29539 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 132.0.6834.84 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.360 - Huawei Technologies Co., Ltd.)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
Kingdom Come: Deliverance - A Woman's Lot (HKLM-x32\...\1460218995_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance – Band of Bastards (HKLM-x32\...\1957357825_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance – From the Ashes (HKLM-x32\...\1201995925_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance - HD Sound Pack (HKLM-x32\...\1929089326_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance - HD Texture Pack (HKLM-x32\...\1597510471_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance – The Amorous Adventures of Bold Sir Hans Capon (HKLM-x32\...\1336069439_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance (HKLM-x32\...\1719198803_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance Treasures of the Past DLC (HKLM-x32\...\1300320746_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )
Kontrola stavu osobního počítače s Windows (HKLM\...\{95548B78-8547-4E91-B0DA-1CBB82150917}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
MalvaStyle USB Repair (HKLM-x32\...\{EDC3E1E5-FFFC-41BD-9D54-E008D5A99B2B}) (Version: 3.00.2000 - MalvaStyle)
Malwarebytes version 5.2.4.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.4.157 - Malwarebytes)
MediaHuman Audio Converter version 1.9.7.13 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.7.13 - MediaHuman)
Messenger (HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 195.0.515283081 - Facebook, Inc.)
Microsoft Access MUI (Czech) 2016 (HKLM\...\{90160000-0015-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Czech) 2016 (HKLM\...\{90160000-0090-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.146 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.146 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Czech) 2016 (HKLM\...\{90160000-0016-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Czech) 2016 (HKLM\...\{90160000-00BA-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Czech) 2016 (HKLM\...\{90160000-0044-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2016 (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM\...\{90160000-001F-0407-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Czech) 2016 (HKLM\...\{90160000-00E1-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Czech) 2016 (HKLM\...\{90160000-00E2-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing (Czech) 2016 (HKLM\...\{90160000-002C-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM\...\{90160000-001F-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Czech) 2016 (HKLM\...\{90160000-00C1-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2016 (HKLM\...\{90160000-006E-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft OneNote MUI (Czech) 2016 (HKLM\...\{90160000-00A1-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Czech) 2016 (HKLM\...\{90160000-001A-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Czech) 2016 (HKLM\...\{90160000-0018-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Czech) 2016 (HKLM\...\{90160000-0019-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Skype for Business MUI (Czech) 2016 (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word MUI (Czech) 2016 (HKLM\...\{90160000-001B-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2_is1) (Version: 1.0.1436.28 - Rockstar Games)
Revo Uninstaller 2.5.7 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
Revo Uninstaller Pro (HKLM\...\Revo Uninstaller Pro) (Version: - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.2 - Rockstar Games)
RyzenMasterSDK (HKLM\...\{4B4B44C4-19FF-4791-AAD4-1AE011803AE8}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Shadow of the Tomb Raider Cpy Čeština (HKLM-x32\...\{F233C280-925A-422A-91DD-F99B398A76E6}) (Version: 1.0.0 - cpy)
Someday Youll Return (HKLM-x32\...\Someday Youll Return_is1) (Version: - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
Unlocker (HKLM-x32\...\{5577A25D-E4FE-4BFB-A660-E0D766BC4EDD}) (Version: 1.9.2 - ajua Custom Installers)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version: - Microsoft)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-23] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_157.1.1186.0_x64__v10z8vjag6ke6 [2025-01-13] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-25] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_54.20907.567.0_x64__8wekyb3d8bbwe [2024-09-09] (Microsoft Corporation)
PC Health Check -> C:\Program Files\WindowsApps\Microsoft.Windows.PCHealthCheck_3.3.0.0_x64__cw5n1h2txyewy [2021-12-08] (Microsoft Windows)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-12-09] (Nik Rolls)
Video Converter and Compressor -> C:\Program Files\WindowsApps\8075Queenloft.VideoConverterCompressorMP43GPMKVMOV_1.1.18.0_x64__g5dqhteqemct8 [2024-10-25] (Queenloft)
Win Video Converter -> C:\Program Files\WindowsApps\49155WinMovieMaker.WinVideoConverter_9.8.3.0_x64__3fhs2d83s4f4r [2024-09-21] (Win Movie Maker)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ {E1403226-8785-4BCC-88F5-815DB04D2822}] -> {E1403226-8785-4BCC-88F5-815DB04D2822} => C:\Program Files\Common Files\Aiseesoft Studio\Aiseesoft Video Converter Ultimate Shell Extension.dll [2023-04-03] (RayShare Co.,Ltd -> Aiseesoft Studio)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [BotkindSyncShellExtension] -> {9E2E6460-89FF-452A-A9BA-E62EB80B8539} => C:\Program Files\Allway Sync\Bin\ShellExtension.dll [2020-04-07] () [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2024-08-19] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Horizon TV.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=khacdlnhpilifpplbbafdickbmihjoml

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho64.dll [2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2024-05-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho32.dll [2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2024-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\sktorrent.eu -> hxxps://sktorrent.eu

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2025-01-06 06:20 - 000000361 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 app.drivereasy.com
149.202.196.40 dow0.drivereasy.com
149.202.196.40 dow1.drivereasy.com
127.0.0.1 app.drivereasy.com
127.0.0.1 www.unlimitz.biz.com
127.0.0.1 sktorrent.eu
127.0.0.1 proxy.siambit.me
127.0.0.1 helltorrents.com
127.0.0.1 repository.eset.com
127.0.0.1 ex-torrenty.org

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-4148571483-3592684963-3718319802-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 1.1.1.1 - 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\SOFTWARE\Microsoft\Windows Security Health\State => (AppAndBrowser_StoreAppsSmartScreenOff: 0)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys

inspect: COMODO Internet Security Firewall Driver

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2D21074F-C974-41F4-A57D-1C1720D5B804}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6D1B36E6-56E5-43CA-9899-6F7E736770FD}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFE34C6B-A89C-4D44-94F0-6AC287B8C862}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A424A64C-8889-4CA6-A98C-9444586AA9B0}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3331E4A6-556E-46BF-BEEB-17506B7B692F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E0616D40-F28B-4098-9F26-7121D65B12C4}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0BDF124F-F167-472B-B53F-05236DE6E8C3}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{05579D82-1060-49F2-B7C7-D71E22AFEAF0}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16915D0A-1D79-4ACD-B292-6C0C4472B2E9}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{3D4E1B1A-B6C7-45AD-A7B8-3626A706BB1D}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{607960E7-B2D2-44D6-BF8D-C14EEA6A2D71}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{C6CB654F-1F87-4672-9AD1-E4B3DA197A55}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{C84DC667-9A83-4398-B7E0-F90395BE6208}] => (Allow) D:\Instalované hry\Red Dead Redemption 2\RDR2.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [{69E77A44-F365-4DED-B1C6-2C268123CB07}] => (Allow) D:\Instalované hry\Red Dead Redemption 2\RDR2.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [TCP Query User{45D5CCEC-A494-4593-B8E0-993EE1CF8ACC}C:\users\petr\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\petr\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Meta Platforms, Inc.)
FirewallRules: [UDP Query User{AD00E28D-20A8-4978-A821-F21D5D197C45}C:\users\petr\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\petr\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Meta Platforms, Inc.)
FirewallRules: [TCP Query User{9A992C96-AB54-4351-9CF7-CC1287D4D69D}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{7248C126-CE8F-4FB9-9819-FC664F67F480}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{73EE7EC4-87CB-4DDC-83DD-1BEAFF203F34}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8B322815-4438-4033-B31C-67C602294D68}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A63860E1-C78C-4277-8F0E-47F6455E424D}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{52497F10-C9D3-4636-AFE8-ECA93E7A4987}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/17/2025 05:45:33 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (01/17/2025 05:44:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\TEPAN$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 17 Jan 2025 16:44:02 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 27ed714b-a1e3-4e49-8831-491cdb697d57

Metoda: GET(375ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/17/2025 04:40:11 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (01/17/2025 04:38:12 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\TEPAN$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 17 Jan 2025 15:38:10 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d65a5091-18f8-439f-8d93-66ba297c295b

Metoda: GET(328ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/17/2025 04:35:42 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\TEPAN$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 17 Jan 2025 15:35:41 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 84e93865-35cd-4aaa-af72-03cdabe7e206

Metoda: GET(390ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/17/2025 04:32:20 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (01/17/2025 04:30:20 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\TEPAN$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 17 Jan 2025 15:30:20 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d3d02979-933e-480d-bb12-9a98193a4ce2

Metoda: GET(343ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/17/2025 04:23:56 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.


System errors:
=============
Error: (01/17/2025 06:00:01 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (01/17/2025 05:49:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (01/17/2025 05:49:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (01/17/2025 05:49:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (01/17/2025 05:49:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (01/17/2025 05:49:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (01/17/2025 05:49:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu

Error: (01/17/2025 05:49:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Služba Antivirová ochrana v programu Microsoft Defender byla ukončena s následující chybou:
Obecná chyba odepření přístupu


Windows Defender:
================
Date: 2023-09-07 12:19:24
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3E5F8158-A8CB-4F40-8C24-AD8E84FD5715}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-06-14 17:40:49
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A7CDE208-8DDA-4DFF-ADCB-CDF8BB2DA944}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-04-13 00:41:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FA56874F-D304-421A-AA92-2BE6C0B19868}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-01-11 23:25:12
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5EF301F4-ED5D-422E-84FE-366480871BEE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-29 03:44:54
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7F004D1B-7CF5-4CE2-A988-1A784E00985F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2023-04-13 00:40:11
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

Date: 2023-04-13 00:40:11
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

Date: 2023-04-13 00:40:11
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

Date: 2023-04-13 00:40:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

Date: 2023-04-13 00:39:59
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

CodeIntegrity:
===============
Date: 2025-01-17 18:58:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2025-01-17 18:58:55
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2025-01-17 18:51:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2025-01-17 18:51:23
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2025-01-17 18:51:23
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1804 07/29/2019
Motherboard: ASUSTeK COMPUTER INC. TUF B450M-PLUS GAMING
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 63%
Total physical RAM: 8128.51 MB
Available physical RAM: 2954.96 MB
Total Virtual: 13760.51 MB
Available Virtual: 7289.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.81 GB) (Free:8.46 GB) (Model: XPG GAMMIX S11 Pro) NTFS
Drive d: () (Fixed) (Total:447.13 GB) (Free:3.5 GB) (Model: KINGSTON SA400S37480G) NTFS

\\?\Volume{ee8193ba-61d5-11ed-b0b3-be910d70d1b4}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.14 GB) NTFS
\\?\Volume{ee8193bc-61d5-11ed-b0b3-be910d70d1b4}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 06F39101)
Partition 1: (Not Active) - (Size=447.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 06F3911C)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119313
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: zavirovaný počítač - zřejmě malware

#2 Příspěvek od Rudy »

Zdravím!
Stačí podat jeden post na jeden problém. Spusťte nejprve tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 248
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: zavirovaný počítač - zřejmě malware

#3 Příspěvek od tepan »

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-10-23.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-17-2025
# Duration: 00:00:00
# OS: Windows 10 (Build 19045.5371)
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\06b015c4bc7fec254734a71f20b43626
Deleted HKCU\SOFTWARE\10121eaaa4f25db53188e0b51e84a70bfe076c05
Deleted HKCU\SOFTWARE\CAC42A7BA47ED52A4F04

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt.xls - [1706 octets] - [25/03/2020 13:59:38]
AdwCleaner[C00].txt.xls - [1800 octets] - [25/03/2020 14:00:25]
AdwCleaner[S01].txt.xls - [1747 octets] - [07/04/2020 03:44:59]
AdwCleaner[C01].txt.xls - [1859 octets] - [07/04/2020 03:45:28]
AdwCleaner[S02].txt.xls - [1731 octets] - [19/04/2020 16:46:50]
AdwCleaner[S03].txt.xls - [1792 octets] - [19/04/2020 16:48:29]
AdwCleaner[S04].txt.xls - [1853 octets] - [20/04/2020 11:08:13]
AdwCleaner[C04].txt.xls - [2043 octets] - [20/04/2020 11:09:59]
AdwCleaner[S00].txt - [2138 octets] - [17/01/2025 20:20:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119313
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: zavirovaný počítač - zřejmě malware

#4 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 248
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: zavirovaný počítač - zřejmě malware

#5 Příspěvek od tepan »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2025
Ran by Petr (18-01-2025 00:19:09)
Running from C:\Users\Petr\OneDrive\Plocha
Microsoft Windows 10 Home Version 22H2 19045.5371 (X64) (2021-04-25 20:32:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4148571483-3592684963-3718319802-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4148571483-3592684963-3718319802-503 - Limited - Disabled)
DevToolsUser (S-1-5-21-4148571483-3592684963-3718319802-1003 - Limited - Enabled) => C:\Users\DevToolsUser
Guest (S-1-5-21-4148571483-3592684963-3718319802-501 - Limited - Disabled)
Petr (S-1-5-21-4148571483-3592684963-3718319802-1001 - Administrator - Enabled) => C:\Users\Petr
WDAGUtilityAccount (S-1-5-21-4148571483-3592684963-3718319802-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: COMODO Antivirus (Disabled - Up to date) {05AFA9EE-1ABD-A226-D250-B41671D7635C}
FW: COMODO Firewall (Disabled) {3D9428CB-50D2-A37E-F90F-1D238F042427}
FW: Avast Antivirus (Disabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}
FW: COMODO Firewall (Disabled) {3D87FB90-B561-70B4-3B0B-BCEFE7656ABC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aiseesoft Video Converter Ultimate 10.6.28 (HKLM-x32\...\{BD446D04-7426-4a27-9B0B-33B0C386F71B}_is1) (Version: 10.6.28 - Aiseesoft Studio)
Allway Sync (HKLM\...\{6E2A6AEF-1397-4888-BD6F-4C0D4968014D}) (Version: 20.0.5 - Botkind Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.02.19.2221 - Advanced Micro Devices, Inc.)
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.22.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.9.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{260a52b1-dc81-4e22-b58d-5dd3b57a7b65}) (Version: 5.02.19.2221 - Advanced Micro Devices, Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 24.12.9725.2387 - Gen Digital Inc.)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Call of Juarez Gunslinger (HKLM-x32\...\Call of Juarez Gunslinger_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 6.31 - Piriform)
COMODO Antivirus (HKLM\...\COMODO Internet Security) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.)
COMODO Internet Security Premium (HKLM\...\{567591EE-85F7-4E4D-AE28-FD65FCF4F201}) (Version: 12.2.2.8012 - COMODO Security Solutions Inc.) Hidden
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA478445}) (Version: 1.4.159.0 - COMODO) Hidden
COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.4.478445.159 - Comodo)
CyberLink Ultra HD Blu-ray Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.3201 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0948 - Disc Soft Ltd)
Driver Easy 6.1.1 (HKLM\...\DriverEasy_is1) (Version: 6.1.1 - Easeware)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.7.2.29539 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 132.0.6834.84 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.360 - Huawei Technologies Co., Ltd.)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.6.472587.185 - Comodo)
Kingdom Come: Deliverance - A Woman's Lot (HKLM-x32\...\1460218995_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance – Band of Bastards (HKLM-x32\...\1957357825_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance – From the Ashes (HKLM-x32\...\1201995925_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance - HD Sound Pack (HKLM-x32\...\1929089326_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance - HD Texture Pack (HKLM-x32\...\1597510471_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance – The Amorous Adventures of Bold Sir Hans Capon (HKLM-x32\...\1336069439_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance (HKLM-x32\...\1719198803_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
Kingdom Come: Deliverance Treasures of the Past DLC (HKLM-x32\...\1300320746_is1) (Version: 1.9.6-404-504czj3 - GOG.com)
KMSnano 24 (HKLM\...\KMSnano 24_is1) (Version: KMSnano 24 - )
Kontrola stavu osobního počítače s Windows (HKLM\...\{95548B78-8547-4E91-B0DA-1CBB82150917}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{E496AFB7-CB04-46CF-8FBB-5D665BC8811B}) (Version: 3.3.2110.22002 - Microsoft Corporation)
MalvaStyle USB Repair (HKLM-x32\...\{EDC3E1E5-FFFC-41BD-9D54-E008D5A99B2B}) (Version: 3.00.2000 - MalvaStyle)
Malwarebytes version 5.2.4.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.4.157 - Malwarebytes)
MediaHuman Audio Converter version 1.9.7.13 (HKLM-x32\...\MHAudioConverter_is1) (Version: 1.9.7.13 - MediaHuman)
Messenger (HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 195.0.515283081 - Facebook, Inc.)
Microsoft Access MUI (Czech) 2016 (HKLM\...\{90160000-0015-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Czech) 2016 (HKLM\...\{90160000-0090-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.146 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.146 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Czech) 2016 (HKLM\...\{90160000-0016-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Czech) 2016 (HKLM\...\{90160000-00BA-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Czech) 2016 (HKLM\...\{90160000-0044-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2016 (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM\...\{90160000-001F-0407-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Czech) 2016 (HKLM\...\{90160000-00E1-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Czech) 2016 (HKLM\...\{90160000-00E2-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing (Czech) 2016 (HKLM\...\{90160000-002C-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM\...\{90160000-001F-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Czech) 2016 (HKLM\...\{90160000-00C1-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2016 (HKLM\...\{90160000-006E-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft OneNote MUI (Czech) 2016 (HKLM\...\{90160000-00A1-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Czech) 2016 (HKLM\...\{90160000-001A-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Czech) 2016 (HKLM\...\{90160000-0018-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Czech) 2016 (HKLM\...\{90160000-0019-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Skype for Business MUI (Czech) 2016 (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word MUI (Czech) 2016 (HKLM\...\{90160000-001B-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2_is1) (Version: 1.0.1436.28 - Rockstar Games)
Revo Uninstaller 2.5.7 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
Revo Uninstaller Pro (HKLM\...\Revo Uninstaller Pro) (Version: - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.2 - Rockstar Games)
RyzenMasterSDK (HKLM\...\{4B4B44C4-19FF-4791-AAD4-1AE011803AE8}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Shadow of the Tomb Raider Cpy Čeština (HKLM-x32\...\{F233C280-925A-422A-91DD-F99B398A76E6}) (Version: 1.0.0 - cpy)
Someday Youll Return (HKLM-x32\...\Someday Youll Return_is1) (Version: - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
The Witcher 3 - Wild Hunt (HKLM-x32\...\1495134320_is1) (Version: 2.0.0.51 - GOG.com)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
Unlocker (HKLM-x32\...\{5577A25D-E4FE-4BFB-A660-E0D766BC4EDD}) (Version: 1.9.2 - ajua Custom Installers)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB5002567) 64-Bit Edition (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}_Office16.PROPLUS_{AC7565EF-E108-49D4-9F46-5A1AEC72B27B}) (Version: - Microsoft)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-23] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_157.1.1186.0_x64__v10z8vjag6ke6 [2025-01-13] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-25] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_54.20907.567.0_x64__8wekyb3d8bbwe [2024-09-09] (Microsoft Corporation)
PC Health Check -> C:\Program Files\WindowsApps\Microsoft.Windows.PCHealthCheck_3.3.0.0_x64__cw5n1h2txyewy [2021-12-08] (Microsoft Windows)
uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2019-12-09] (Nik Rolls)
Video Converter and Compressor -> C:\Program Files\WindowsApps\8075Queenloft.VideoConverterCompressorMP43GPMKVMOV_1.1.18.0_x64__g5dqhteqemct8 [2024-10-25] (Queenloft)
Win Video Converter -> C:\Program Files\WindowsApps\49155WinMovieMaker.WinVideoConverter_9.8.3.0_x64__3fhs2d83s4f4r [2024-09-21] (Win Movie Maker)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ {E1403226-8785-4BCC-88F5-815DB04D2822}] -> {E1403226-8785-4BCC-88F5-815DB04D2822} => C:\Program Files\Common Files\Aiseesoft Studio\Aiseesoft Video Converter Ultimate Shell Extension.dll [2023-04-03] (RayShare Co.,Ltd -> Aiseesoft Studio)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [BotkindSyncShellExtension] -> {9E2E6460-89FF-452A-A9BA-E62EB80B8539} => C:\Program Files\Allway Sync\Bin\ShellExtension.dll [2020-04-07] () [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2024-08-19] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-01-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Horizon TV.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=khacdlnhpilifpplbbafdickbmihjoml

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

URLSearchHook: [S-1-5-21-4148571483-3592684963-3718319802-1003] ATTENTION => Default URLSearchHook is missing
BHO: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho64.dll [2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2024-05-14] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho32.dll [2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2024-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2021-08-18] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\sktorrent.eu -> hxxps://sktorrent.eu

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2025-01-06 06:20 - 000000361 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 app.drivereasy.com
149.202.196.40 dow0.drivereasy.com
149.202.196.40 dow1.drivereasy.com
127.0.0.1 app.drivereasy.com
127.0.0.1 www.unlimitz.biz.com
127.0.0.1 sktorrent.eu
127.0.0.1 proxy.siambit.me
127.0.0.1 helltorrents.com
127.0.0.1 repository.eset.com
127.0.0.1 ex-torrenty.org

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\SOFTWARE\Microsoft\Windows Security Health\State => (AppAndBrowser_StoreAppsSmartScreenOff: 0)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys

inspect: COMODO Internet Security Firewall Driver

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2D21074F-C974-41F4-A57D-1C1720D5B804}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6D1B36E6-56E5-43CA-9899-6F7E736770FD}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFE34C6B-A89C-4D44-94F0-6AC287B8C862}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A424A64C-8889-4CA6-A98C-9444586AA9B0}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3331E4A6-556E-46BF-BEEB-17506B7B692F}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E0616D40-F28B-4098-9F26-7121D65B12C4}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0BDF124F-F167-472B-B53F-05236DE6E8C3}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{05579D82-1060-49F2-B7C7-D71E22AFEAF0}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{16915D0A-1D79-4ACD-B292-6C0C4472B2E9}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe => No File
FirewallRules: [{3D4E1B1A-B6C7-45AD-A7B8-3626A706BB1D}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe => No File
FirewallRules: [{607960E7-B2D2-44D6-BF8D-C14EEA6A2D71}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{C6CB654F-1F87-4672-9AD1-E4B3DA197A55}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{C84DC667-9A83-4398-B7E0-F90395BE6208}] => (Allow) D:\Instalované hry\Red Dead Redemption 2\RDR2.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [{69E77A44-F365-4DED-B1C6-2C268123CB07}] => (Allow) D:\Instalované hry\Red Dead Redemption 2\RDR2.exe (Rockstar Games, Inc. -> Rockstar Games) [File not signed]
FirewallRules: [TCP Query User{45D5CCEC-A494-4593-B8E0-993EE1CF8ACC}C:\users\petr\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\petr\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Meta Platforms, Inc.)
FirewallRules: [UDP Query User{AD00E28D-20A8-4978-A821-F21D5D197C45}C:\users\petr\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\petr\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Meta Platforms, Inc.)
FirewallRules: [TCP Query User{9A992C96-AB54-4351-9CF7-CC1287D4D69D}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{7248C126-CE8F-4FB9-9819-FC664F67F480}C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Block) C:\program files (x86)\kingdom come deliverance\bin\win64\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [{73EE7EC4-87CB-4DDC-83DD-1BEAFF203F34}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.146\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8B322815-4438-4033-B31C-67C602294D68}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A63860E1-C78C-4277-8F0E-47F6455E424D}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{52497F10-C9D3-4636-AFE8-ECA93E7A4987}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (01/17/2025 09:05:02 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\TEPAN$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 17 Jan 2025 20:05:00 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: adcf834f-d23b-4419-ad30-0e0d8f187235

Metoda: GET(484ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/17/2025 08:16:14 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\TEPAN$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 17 Jan 2025 19:16:13 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: e6eebddb-8ef0-4f5c-9fe7-9720d036d0c2

Metoda: GET(719ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/17/2025 05:45:33 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (01/17/2025 05:44:03 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\TEPAN$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 17 Jan 2025 16:44:02 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 27ed714b-a1e3-4e49-8831-491cdb697d57

Metoda: GET(375ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/17/2025 04:40:11 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (01/17/2025 04:38:12 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\TEPAN$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 17 Jan 2025 15:38:10 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d65a5091-18f8-439f-8d93-66ba297c295b

Metoda: GET(328ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/17/2025 04:35:42 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Inicializace registrace certifikátu SCEP pro WORKGROUP\TEPAN$ přes https://AMD-KeyId-578c545f796951421221a ... s/Aik/scep se nepovedla:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."}
HTTP/1.1 404 Not Found
Date: Fri, 17 Jan 2025 15:35:41 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 84e93865-35cd-4aaa-af72-03cdabe7e206

Metoda: GET(390ms)
Fáze: GetCACaps
Nenalezeno (404) 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (01/17/2025 04:32:20 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.


System errors:
=============
Error: (01/17/2025 09:06:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935

Error: (01/17/2025 09:06:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (01/17/2025 09:06:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Aktualizace Google (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (01/17/2025 09:06:44 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error (-2147020471 = Zabezpečené spouštění není v tomto počítači zapnuto.). For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (01/17/2025 09:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AMDRyzenMasterDriverV20 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/17/2025 09:04:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AMDRyzenMasterDriverV22 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (01/17/2025 09:04:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba luafv neuspěla při spuštění v důsledku následující chyby:
Načtení tohoto ovladače je blokováno.

Error: (01/17/2025 09:04:16 PM) (Source: DCOM) (EventID: 10010) (User: TEPAN)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2023-09-07 12:19:24
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3E5F8158-A8CB-4F40-8C24-AD8E84FD5715}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-06-14 17:40:49
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A7CDE208-8DDA-4DFF-ADCB-CDF8BB2DA944}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-04-13 00:41:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {FA56874F-D304-421A-AA92-2BE6C0B19868}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-01-11 23:25:12
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {5EF301F4-ED5D-422E-84FE-366480871BEE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-11-29 03:44:54
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7F004D1B-7CF5-4CE2-A988-1A784E00985F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:

Date: 2023-04-13 00:40:11
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

Date: 2023-04-13 00:40:11
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

Date: 2023-04-13 00:40:11
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

Date: 2023-04-13 00:40:04
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070643
Popis chyby: Při instalaci došlo k závažné chybě.

Date: 2023-04-13 00:39:59
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.385.1434.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.20100.6
Kód chyby: 0x80070070
Popis chyby: Na disku není dost místa.

CodeIntegrity:
===============
Date: 2025-01-18 00:17:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.

Date: 2025-01-18 00:17:34
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1804 07/29/2019
Motherboard: ASUSTeK COMPUTER INC. TUF B450M-PLUS GAMING
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 54%
Total physical RAM: 8128.51 MB
Available physical RAM: 3730.59 MB
Total Virtual: 13760.51 MB
Available Virtual: 8550.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.81 GB) (Free:8.37 GB) (Model: XPG GAMMIX S11 Pro) NTFS
Drive d: () (Fixed) (Total:447.13 GB) (Free:6.32 GB) (Model: KINGSTON SA400S37480G) NTFS

\\?\Volume{ee8193ba-61d5-11ed-b0b3-be910d70d1b4}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.14 GB) NTFS
\\?\Volume{ee8193bc-61d5-11ed-b0b3-be910d70d1b4}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 06F39101)
Partition 1: (Not Active) - (Size=447.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 06F3911C)

Partition: GPT.

==================== End of Addition.txt =======================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2025
Ran by Petr (administrator) on TEPAN (18-01-2025 00:18:09)
Running from C:\Users\Petr\OneDrive\Plocha\FRST64.exe
Loaded Profiles: Petr
Platform: Microsoft Windows 10 Home Version 22H2 19045.5371 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe
(DriverStore\FileRepository\u0407052.inf_amd64_84d15514ad17ffa0\B406619\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0407052.inf_amd64_84d15514ad17ffa0\B406619\atieclxx.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <18>
(services.exe ->) () [File not signed] C:\Program Files\Allway Sync\Bin\SyncService.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0407052.inf_amd64_84d15514ad17ffa0\B406619\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\COMODO Secure Shopping\csssrv64.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe
(services.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe <2>
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_5f2cd636dbc40dd2\amdfendrsr.exe
(svchost.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(svchost.exe ->) (Comodo Security Solutions, Inc. -> COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UtcDecoderHost.exe
(svchost.exe ->) (VS REVO GROUP OOD -> VS Revo Group Ltd.) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382880 2024-01-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [10140904 2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [427816 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [4187856 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45381424 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Run: [MicrosoftEdgeAutoLaunch_88D36A2D9DF9AF2106D8CF7538FE64F2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911208 2025-01-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --do-not-de-elevate --flag-switches-begin --flag-switches-end --e (the data entry has 134 more characters). [3911208 2025-01-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\Policies\system: [DisableLockWorkstation] 1
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\MountPoints2: {3e50c832-6af1-11ea-9cdb-40b0765e7062} - "G:\setup.exe"
HKU\S-1-5-21-4148571483-3592684963-3718319802-1003\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\132.0.6834.84\Installer\chrmstp.exe [2025-01-17] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C73B053-7D88-4E34-B59C-FF0B2B55CBEF} - \MicrosoftEdgeUpdateTaskMachineCore{D0DFB006-57AC-41B0-8BC6-1664BF9976E1} -> No File <==== ATTENTION
Task: {A939CA15-5CA7-48A5-AC4D-8F354AD1AE17} - \MicrosoftEdgeUpdateTaskMachineUA{FCC6E053-D1DD-44E5-870D-B3DEC2F7FBAB} -> No File <==== ATTENTION
Task: {4BD85583-A235-4C1F-9851-A2770CD8F5D3} - System32\Tasks\Avast Software\Avast Antivirus Patcher => C:\Program Files\Common Files\Avast Software\Icarus\avast-av\icarus.exe [8400680 2024-12-16] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {820154B6-1768-4911-9C52-54E8E917A467} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5214504 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {96F68D8A-1065-468C-ADB0-03D9E0E6643E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2564904 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {581321D8-76A8-416E-9054-5C890EEAB656} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5983536 2024-12-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "9f4e0c81-bc4a-4435-a484-251575a4f54d" --version "6.31.11415" --silent
Task: {1DDF55E8-F84E-4572-8628-BCFA063554C1} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {A2AA7524-DF4A-4357-BE67-57B1A0BDE138} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {91F34A0A-249B-4C20-BCCB-ABEC18A46B47} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F4857843-CF0C-4823-8375-4FA58F81EB4B} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {F6CE90AF-CC8B-4A19-A317-AF7789E78BBE} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {8175F048-B512-4171-B833-01861426B0B0} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [13190952 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {53AB23AC-8EEC-4957-B2C6-6922771EE91E} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [5758488 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
Task: {24928E5C-D159-4A5E-A0DD-F0DD52BF462D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{2518F99E-5A16-43D5-8AF3-077F30519F6E} => C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {BD510E21-151E-4D97-817F-4CD310D6EB74} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [78288 2025-01-13] (HP Inc. -> HP Inc.)
Task: {4F876563-21F5-4A73-B232-6CEDE9F57E0A} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [78288 2025-01-13] (HP Inc. -> HP Inc.)
Task: {D8FEDA38-705C-455A-AB93-A2C78643649F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [336104 2024-11-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {EFFF7856-1392-4C35-9D26-4949052E44CD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {962E83BF-4C15-4A32-8DB1-EF3889607677} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4EC0161E-4E5A-4526-A4F4-4803DF321B91} - System32\Tasks\VS Revo Group\RevoHelperFreeStartup => C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUninHelper.exe [4053672 2024-12-10] (VS REVO GROUP OOD -> VS Revo Group Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{9fddadb7-d77f-4285-9596-3a6f1ddef74d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a448b503-55ba-485e-a542-6bf1fd832d5e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a448b503-55ba-485e-a542-6bf1fd832d5e}: [DhcpNameServer] 10.0.1.138
Tcpip\..\Interfaces\{a448b503-55ba-485e-a542-6bf1fd832d5e}: [DhcpDomain] home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default [2025-01-17]
Edge DownloadDir: Default -> C:\Users\Petr\OneDrive\Plocha\OSSZ
Edge HomePage: Default -> hxxp://seznam.cz/
Edge StartupUrls: Default -> "hxxp://seznam.cz/"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}
Edge Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-31]
Edge Extension: (Edge relevant text changes) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-14]
Edge Extension: (Custom Scrollbars) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lbndfndhkcagjkndlnpllplacpfmbpbk [2024-11-25]
Edge Extension: (uBlock Origin) - C:\Users\Petr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2025-01-02]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-04-09] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2025-01-17]
CHR DefaultSearchURL: Default -> hxxps://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam
CHR DefaultNewTabURL: Default -> hxxps://search.seznam.cz/newtab
CHR DefaultSuggestURL: Default -> hxxps://suggest.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-01-17]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7381288 2025-01-17] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [778536 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2372904 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1229608 2025-01-17] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2025-01-17] (Avast Software s.r.o. -> AVAST Software)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [264192 2020-04-07] () [File not signed]
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1087792 2024-12-04] (Gen Digital Inc. -> Piriform Software Ltd)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R2 CmdAgentProt; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11334144 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2675504 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R2 csssrv; C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe [4054248 2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-01-13] (HP Inc. -> HP Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192320 2020-09-24] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [1044176 2019-01-29] (Comodo Security Solutions, Inc. -> COMODO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2025-01-17] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-01-17] (Malwarebytes Inc. -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-17] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdfendrmgr; C:\WINDOWS\System32\DriverStore\FileRepository\amdfendr.inf_amd64_5f2cd636dbc40dd2\amdfendrmgr.sys [25672 2024-04-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [36928 2022-12-05] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 AMDRyzenMasterDriverV19; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2024-08-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S2 AMDRyzenMasterDriverV20; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2024-08-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S2 AMDRyzenMasterDriverV22; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [48328 2024-08-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_960126269e89c62e\amdsafd.sys [113880 2024-05-10] (Advanced Micro Devices -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0407052.inf_amd64_84d15514ad17ffa0\B406619\amdkmdag.sys [106596128 2024-09-04] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20560 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235088 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [383056 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [296016 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84560 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [28280 2025-01-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28728 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [275024 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [550992 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [98360 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69712 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [955960 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1424952 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [204344 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381488 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S0 cmdboot; C:\WINDOWS\System32\DRIVERS\cmdboot.sys [17576 2019-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> COMODO)
R1 cmdcss; C:\WINDOWS\system32\drivers\cmdcss.sys [125000 2018-02-28] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [38880 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [844000 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 cmdhlp; C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [47104 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-10-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 inspect; C:\WINDOWS\system32\DRIVERS\inspect.sys [130256 2021-01-22] (Comodo Security Solutions, Inc. -> COMODO)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [63256 2018-08-29] (Comodo Security Solutions, Inc. -> COMODO)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [232024 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2025-01-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [201280 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [80448 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2025-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2025-01-17] (Malwarebytes Inc. -> Malwarebytes)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 RevoProcessDetector; C:\WINDOWS\System32\DRIVERS\RevoProcessDetector.sys [19504 2024-03-28] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [55872 2023-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [574872 2023-09-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-07] (Microsoft Windows -> Microsoft Corporation)
S3 epmspacedrv; \SystemRoot\system32\epmspacedrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-01-17 21:04 - 2025-01-17 21:04 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2025-01-17 20:17 - 2025-01-17 20:18 - 008790880 _____ (Malwarebytes) C:\Users\Petr\OneDrive\Plocha\AdwCleaner.exe
2025-01-17 18:49 - 2025-01-17 18:51 - 002403328 _____ (Farbar) C:\Users\Petr\OneDrive\Plocha\FRST64.exe
2025-01-17 18:12 - 2025-01-17 18:12 - 000002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2025-01-17 18:02 - 2025-01-17 22:30 - 000000000 ____D C:\Users\Petr\AppData\Local\Malwarebytes
2025-01-17 18:02 - 2025-01-17 18:02 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-01-17 18:02 - 2025-01-17 18:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-01-17 18:02 - 2025-01-17 18:02 - 000000000 ____D C:\Program Files\Malwarebytes
2025-01-17 17:48 - 2025-01-17 17:48 - 000000000 ____D C:\Users\Petr\AppData\Local\Avast Software
2025-01-17 17:46 - 2025-01-17 18:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2025-01-17 17:46 - 2025-01-17 17:46 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Avast Software
2025-01-17 17:46 - 2025-01-17 17:45 - 000053048 _____ (Gen Digital Inc.) C:\WINDOWS\system32\icarus_rvrt.exe
2025-01-17 14:11 - 2025-01-17 14:11 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-01-17 14:09 - 2025-01-17 14:09 - 000000000 ____D C:\Users\Petr\AppData\Local\MicrosoftEdge
2025-01-17 14:07 - 2025-01-17 14:07 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-01-17 14:07 - 2025-01-17 14:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2025-01-17 14:07 - 2025-01-17 14:07 - 000000000 ____D C:\Program Files\Google
2025-01-15 10:00 - 2025-01-15 10:00 - 000000000 ___HD C:\$WinREAgent
2025-01-12 16:27 - 2025-01-12 16:27 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\Old Firefox Data
2025-01-06 16:42 - 2025-01-06 16:42 - 000003383 _____ C:\Users\Petr\OneDrive\Plocha\Fixlog.txt
2025-01-06 15:10 - 2025-01-17 18:59 - 000051706 _____ C:\Users\Petr\OneDrive\Plocha\Addition.txt
2025-01-06 15:09 - 2025-01-18 00:18 - 000027842 _____ C:\Users\Petr\OneDrive\Plocha\FRST.txt
2025-01-06 14:41 - 2025-01-06 14:44 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2025-01-06 14:41 - 2025-01-06 14:41 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2025-01-06 06:20 - 2025-01-06 06:20 - 000000000 ____D C:\WINDOWS\system32\InteL
2025-01-06 06:19 - 2025-01-06 06:19 - 000000000 ____D C:\Users\Public\Crack
2025-01-04 11:19 - 2025-01-12 16:26 - 000000000 ____D C:\Filmy
2024-12-31 14:48 - 2019-08-21 08:02 - 000454616 _____ (COMODO) C:\WINDOWS\system32\cssguard64.dll
2024-12-31 14:48 - 2019-08-21 08:02 - 000341224 _____ (COMODO) C:\WINDOWS\system32\cmdkbdcss64.dll
2024-12-31 14:48 - 2019-08-21 08:02 - 000337856 _____ (COMODO) C:\WINDOWS\SysWOW64\cssguard32.dll
2024-12-31 14:48 - 2019-08-21 08:02 - 000262376 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbdcss32.dll
2024-12-31 14:48 - 2018-02-28 07:11 - 000125000 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdcss.sys
2024-12-31 11:24 - 2024-12-31 11:24 - 000000000 ____D C:\Users\Petr\AppData\Local\unali-326156
2024-12-31 11:24 - 2024-12-31 11:24 - 000000000 ____D C:\Users\Petr\AppData\Local\unali-325968
2024-12-31 11:23 - 2024-12-31 11:23 - 000000000 ____D C:\Users\Petr\AppData\Local\unali-281140
2024-12-31 11:19 - 2024-12-31 11:19 - 000478392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-12-30 09:21 - 2024-12-30 09:21 - 000000000 ____D C:\hjkljh
2024-12-30 08:10 - 2024-12-30 08:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdom Come - Deliverance [GOG.com]
2024-12-30 07:47 - 2024-12-30 09:20 - 000000000 ____D C:\Program Files (x86)\Kingdom Come Deliverance
2024-12-30 07:03 - 2024-12-30 07:03 - 000000000 ____D C:\Users\Petr\AppData\Roaming\SystemAcCrux
2024-12-30 07:03 - 2024-12-30 07:03 - 000000000 ____D C:\Users\Petr\AppData\Local\EaseUS DupFiles Cleaner
2024-12-30 07:03 - 2024-12-30 07:03 - 000000000 ____D C:\Users\Petr\AppData\Local\DupFilesUI
2024-12-30 06:58 - 2024-12-31 11:24 - 000000000 ____D C:\Program Files (x86)\EaseUS
2024-12-30 06:58 - 2024-12-30 06:58 - 000000000 ____D C:\Users\Petr\AppData\Local\EuUpdater
2024-12-30 06:58 - 2024-12-30 06:58 - 000000000 ____D C:\ProgramData\SystemAcCrux
2024-12-26 12:39 - 2024-12-31 11:26 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-12-26 12:38 - 2024-12-30 07:01 - 000000000 ____D C:\Users\Petr\AppData\Local\SquirrelTemp
2024-12-25 23:38 - 2024-12-26 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-12-25 23:36 - 2024-12-26 12:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\VS Revo Group
2024-12-25 15:08 - 2024-12-26 13:17 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Disc-Soft
2024-12-25 15:08 - 2024-12-25 15:08 - 000000000 ____D C:\Users\Petr\AppData\Local\Disc_Soft_FZE_LLC
2024-12-25 15:07 - 2024-12-26 13:17 - 000000000 ____D C:\ProgramData\Disc-Soft
2024-12-22 11:31 - 2024-12-22 11:32 - 000000000 ____D C:\fotky
2024-12-22 11:18 - 2024-12-22 11:18 - 000000000 ____D C:\Users\Petr\AppData\Roaming\WinRAR
2024-12-22 10:40 - 2024-12-22 10:40 - 000000000 ____D C:\Users\Petr\AppData\LocalLow\AMD

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-01-18 00:18 - 2020-11-26 10:05 - 000000000 ____D C:\FRST
2025-01-18 00:17 - 2021-12-16 21:51 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-01-17 22:35 - 2019-10-15 09:44 - 000000000 ____D C:\Users\Petr\AppData\Roaming\vlc
2025-01-17 21:55 - 2019-10-11 20:30 - 000000000 ____D C:\Users\Petr\AppData\Local\D3DSCache
2025-01-17 21:45 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-01-17 21:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-01-17 21:09 - 2021-04-25 21:33 - 001701844 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-01-17 21:09 - 2019-12-07 15:41 - 000720026 _____ C:\WINDOWS\system32\perfh005.dat
2025-01-17 21:09 - 2019-12-07 15:41 - 000146232 _____ C:\WINDOWS\system32\perfc005.dat
2025-01-17 21:04 - 2021-04-25 21:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-01-17 21:04 - 2020-09-30 07:55 - 000000000 ____D C:\ProgramData\Avast Software
2025-01-17 21:04 - 2020-09-21 14:37 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-17 21:04 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-01-17 21:04 - 2019-10-11 20:29 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2025-01-17 20:18 - 2023-09-25 08:16 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\OSSZ
2025-01-17 20:13 - 2023-03-03 10:52 - 000000000 ____D C:\Program Files (x86)\uTorrent
2025-01-17 18:12 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-01-17 18:07 - 2024-10-03 18:26 - 000000000 ____D C:\Program Files\WinRAR
2025-01-17 18:07 - 2020-09-21 15:45 - 000000000 ____D C:\Users\Petr\AppData\LocalLow\3098htrhpen8ifg0
2025-01-17 18:00 - 2022-07-05 11:48 - 000000000 ____D C:\programy
2025-01-17 17:46 - 2020-09-30 07:55 - 000316200 ____N (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2025-01-17 17:46 - 2020-09-30 07:55 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2025-01-17 17:46 - 2020-09-30 07:55 - 000000000 ____D C:\Program Files\Avast Software
2025-01-17 17:43 - 2019-10-15 16:00 - 001474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2025-01-17 17:40 - 2024-03-17 02:47 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\nove obr
2025-01-17 16:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-01-17 14:12 - 2019-10-11 20:23 - 000000000 ____D C:\Users\Petr\AppData\Local\Packages
2025-01-17 14:08 - 2021-04-25 21:26 - 000000000 ____D C:\Users\Petr
2025-01-17 14:07 - 2019-10-15 09:32 - 000000000 ____D C:\Program Files (x86)\Google
2025-01-17 14:07 - 2019-10-15 09:31 - 000000000 ____D C:\Users\Petr\AppData\Local\Google
2025-01-17 13:48 - 2020-02-06 06:41 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\g
2025-01-17 13:38 - 2021-04-25 21:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-01-16 13:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-01-15 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-01-15 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-01-15 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-01-15 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-01-15 10:10 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-01-15 10:07 - 2021-04-25 21:27 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-01-15 09:56 - 2019-03-19 05:49 - 000000167 _____ C:\WINDOWS\win.ini
2025-01-15 09:55 - 2019-10-11 20:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-01-15 09:52 - 2019-10-11 20:35 - 206927936 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-01-13 20:45 - 2023-06-14 15:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2025-01-13 20:45 - 2023-06-14 15:35 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2025-01-12 16:37 - 2022-05-06 10:00 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Mozilla
2025-01-12 16:37 - 2022-05-06 10:00 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-01-07 15:21 - 2019-10-15 10:23 - 000000000 ____D C:\Users\Petr\AppData\Local\ElevatedDiagnostics
2025-01-07 13:26 - 2019-11-24 03:03 - 000000000 ____D C:\Program Files\CCleaner
2025-01-06 14:41 - 2019-10-15 17:02 - 000000000 ____D C:\Users\Petr\AppData\Local\CrashDumps
2025-01-06 14:41 - 2019-10-15 10:45 - 000000000 ____D C:\Users\Petr\AppData\Roaming\uTorrent
2025-01-06 06:20 - 2022-10-25 08:32 - 000000000 ____D C:\Users\Petr\AppData\Roaming\RenPy
2025-01-06 06:20 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2025-01-04 10:33 - 2021-03-16 20:33 - 000000000 ____D C:\Users\Petr\AppData\Local\AMD_Common
2024-12-31 14:48 - 2019-10-15 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2024-12-31 11:25 - 2023-04-26 23:40 - 000000000 ____D C:\Program Files\EaseUS
2024-12-31 11:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2024-12-30 07:03 - 2023-04-26 23:41 - 000000000 ____D C:\Users\Petr\AppData\Roaming\EaseUS
2024-12-30 07:01 - 2024-10-03 13:30 - 000000000 ____D C:\Temp
2024-12-30 07:01 - 2022-06-27 13:16 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\PowerPoint
2024-12-30 07:01 - 2022-06-07 22:07 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2024-12-30 07:01 - 2020-05-09 03:21 - 000000000 ____D C:\Users\Petr\AppData\Local\Foxit Reader
2024-12-30 07:01 - 2020-05-08 15:43 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\Excel
2024-12-30 07:01 - 2020-03-25 13:58 - 000000000 ____D C:\AdwCleaner
2024-12-30 07:01 - 2019-10-19 16:22 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\HTML Help
2024-12-30 07:01 - 2019-10-15 09:46 - 000000000 ____D C:\Users\Petr\AppData\Local\GHISLER
2024-12-30 07:01 - 2019-10-11 20:32 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Microsoft\MMC
2024-12-30 07:01 - 2019-10-11 20:27 - 000000000 ____D C:\AMD
2024-12-30 07:01 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-12-30 07:00 - 2020-03-25 14:59 - 000000000 ____D C:\Users\Petr\AppData\Local\cache
2024-12-26 12:32 - 2020-11-12 10:09 - 000000000 ____D C:\Users\Petr\AppData\Local\VS Revo Group
2024-12-26 12:32 - 2020-09-22 05:49 - 000000000 ____D C:\Program Files\VS Revo Group
2024-12-25 23:36 - 2020-09-22 05:49 - 000000000 ____D C:\ProgramData\VS Revo Group
2024-12-22 23:18 - 2023-06-29 06:40 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\byt
2024-12-22 22:59 - 2023-09-26 10:22 - 000000000 ____D C:\Users\Petr\OneDrive\Plocha\Datovka
2024-12-21 05:16 - 2021-09-12 20:38 - 000000000 ____D C:\Program Files\Microsoft OneDrive

==================== Files in the root of some directories ========

2020-11-12 10:08 - 2020-10-12 14:33 - 017838873 _____ (VS Revo Group) C:\Program Files (x86)\Revo Uninstaller Pro 4.2.3.exe
2024-09-21 12:39 - 2024-09-21 12:39 - 000000036 _____ () C:\Users\Petr\AppData\Local\_LOCAL_GUID

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119313
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: zavirovaný počítač - zřejmě malware

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
FirewallRules: [{16915D0A-1D79-4ACD-B292-6C0C4472B2E9}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe => No File
FirewallRules: [{3D4E1B1A-B6C7-45AD-A7B8-3626A706BB1D}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe => No File
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\MountPoints2: {3e50c832-6af1-11ea-9cdb-40b0765e7062} - "G:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {2C73B053-7D88-4E34-B59C-FF0B2B55CBEF} - \MicrosoftEdgeUpdateTaskMachineCore{D0DFB006-57AC-41B0-8BC6-1664BF9976E1} -> No File <==== ATTENTION
Task: {A939CA15-5CA7-48A5-AC4D-8F354AD1AE17} - \MicrosoftEdgeUpdateTaskMachineUA{FCC6E053-D1DD-44E5-870D-B3DEC2F7FBAB} -> No File <==== ATTENTION
C:\hjkljh

EmptyTemp:
Hosts:
End

Uložte do C:\Users\Petr\OneDrive\Plocha jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 248
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: zavirovaný počítač - zřejmě malware

#7 Příspěvek od tepan »

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-01-2025
Ran by Petr (20-01-2025 10:00:08) Run:8
Running from C:\Users\Petr\OneDrive\Plocha
Loaded Profiles: Petr & DevToolsUser
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
FirewallRules: [{16915D0A-1D79-4ACD-B292-6C0C4472B2E9}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe => No File
FirewallRules: [{3D4E1B1A-B6C7-45AD-A7B8-3626A706BB1D}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe => No File
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\...\MountPoints2: {3e50c832-6af1-11ea-9cdb-40b0765e7062} - "G:\setup.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {2C73B053-7D88-4E34-B59C-FF0B2B55CBEF} - \MicrosoftEdgeUpdateTaskMachineCore{D0DFB006-57AC-41B0-8BC6-1664BF9976E1} -> No File <==== ATTENTION
Task: {A939CA15-5CA7-48A5-AC4D-8F354AD1AE17} - \MicrosoftEdgeUpdateTaskMachineUA{FCC6E053-D1DD-44E5-870D-B3DEC2F7FBAB} -> No File <==== ATTENTION
C:\hjkljh

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16915D0A-1D79-4ACD-B292-6C0C4472B2E9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D4E1B1A-B6C7-45AD-A7B8-3626A706BB1D}" => removed successfully
HKU\S-1-5-21-4148571483-3592684963-3718319802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e50c832-6af1-11ea-9cdb-40b0765e7062} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C73B053-7D88-4E34-B59C-FF0B2B55CBEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C73B053-7D88-4E34-B59C-FF0B2B55CBEF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineCore{D0DFB006-57AC-41B0-8BC6-1664BF9976E1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A939CA15-5CA7-48A5-AC4D-8F354AD1AE17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A939CA15-5CA7-48A5-AC4D-8F354AD1AE17}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineUA{FCC6E053-D1DD-44E5-870D-B3DEC2F7FBAB}" => removed successfully

"C:\hjkljh" Folder move:

C:\hjkljh => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49772047 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 265110 B
Edge => 0 B
Chrome => 24384282 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 265220 B
NetworkService => 265220 B
Petr => 6894320 B
DevToolsUser => 6894320 B

RecycleBin => 515292998 B
EmptyTemp: => 577.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:00:19 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119313
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: zavirovaný počítač - zřejmě malware

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 248
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: zavirovaný počítač - zřejmě malware

#9 Příspěvek od tepan »

vypadá to, že je to v pořádku.... Jste tu opravdu machři... moooc děkuji. Jen se ještě prosím zeptám... v čem byl zakopanej pes?
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119313
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: zavirovaný počítač - zřejmě malware

#10 Příspěvek od Rudy »

Stěžejní bylo to, co odstranil ASDW. FRST provedl pak vyčištění od zbytečností a zbytku šmejdů. Rádo se stalo! :-)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“