Dobrý den,
prosím o kontrolu logu, zase jsem si někde potáhnul malwar. Už jsem to jednou měl.
Vyskakují okna firefoxu s varováním o systému a virusu.
děkuji
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2025
Ran by Admin (administrator) on SUBOTNIKOVA (LENOVO 10NS000DMC) (06-04-2025 19:47:56)
Running from C:\Users\Admin\Desktop\FRST64.exe
Loaded Profiles: Admin
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5608 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (Piotr Pawlowski) [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\foobar2000.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxEM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <6>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <14>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_f222132bfa8270de\RstMwService.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_47a3c840f4f369ff\Intel_PIE_Service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2502.2.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2512.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677472 2020-06-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618080 2020-06-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [210688 2015-10-13] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" (No File)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-12-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\...\Run: [Microsoft Edge Update] => C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.49\MicrosoftEdgeUpdateCore.exe [268360 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\...\Run: [MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4418088 2025-04-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [22511496 2025-03-06] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2024-08-23] (Adobe Inc. -> Adobe Systems Inc)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {E6E93AF1-E89B-471F-9AD4-9F48414DDEFC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2024-12-18] (Adobe Inc. -> Adobe Inc.)
Task: {B6266A86-629C-4BB7-9138-4664933983AA} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled (No File)
Task: {4B8FDACC-D932-4A3B-BAF2-40A938330993} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (No File)
Task: {CE73D3C8-580A-4030-8119-047805B6E976} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [78288 2025-03-08] (HP Inc. -> HP Inc.)
Task: {7E189783-FE4E-4AEE-B722-92CFC0CD8019} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [78288 2025-03-08] (HP Inc. -> HP Inc.)
Task: {9C0F3D65-0FB9-4462-B5C5-76E61A2B22E8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5676E42E-83BC-4017-B61D-F2569C0E5D42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE0A42B0-3DE2-470D-959F-F5797ED08086} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {7BBF510E-6CC3-4EE9-B245-C6FEBAD6E920} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpCmdRun.exe [1745192 2025-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {748D99CF-02DD-4DA6-9C9B-19B4E9B567CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpCmdRun.exe [1745192 2025-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {55E60839-1453-459A-87A3-E9C5476C346E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpCmdRun.exe [1745192 2025-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F84F7E2F-650C-4D7C-AB4F-E61710CE2E85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpCmdRun.exe [1745192 2025-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {47517ABE-3A89-4F20-9C0E-412C4085E3FB} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3260051251-3003698751-2184876508-1001Core{345A1CD2-8F45-4CFA-9785-0D4EAC18957A} => C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205880 2023-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {51836913-F8DB-4088-B56B-1588D612C189} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3260051251-3003698751-2184876508-1001UA{152E6660-A07E-4644-B395-8FEB8768CA9A} => C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [205880 2023-12-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {6AFA0292-089B-4818-8090-11752BF4A6B0} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [694848 2025-04-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {F5CE98CF-A801-4C06-8C34-9E0214F21F95} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3260051251-3003698751-2184876508-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [694848 2025-04-01] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {9EB7F30F-C646-4670-85E7-45A4FEDAD5F5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-04-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {325D2C8B-4A3D-477F-974B-4B4AAF2CB6C2} - System32\Tasks\OneDrive Startup Task-S-1-5-21-3260051251-3003698751-2184876508-1001 => C:\Users\Admin\AppData\Local\Microsoft\OneDrive\25.041.0303.0002\OneDriveLauncher.exe [673064 2025-04-01] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 8.8.8.8 1.1.1.1
Tcpip\..\Interfaces\{6b3ac2e9-1049-4fb1-a102-8a589bddfa08}: [DhcpNameServer] 10.0.1.1 8.8.8.8 1.1.1.1
Tcpip\..\Interfaces\{811e7e7b-e0bb-40da-a1e5-f75ab7ab6376}: [DhcpNameServer] 10.0.1.1 8.8.8.8 1.1.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-06]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-04-04]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-04]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
FireFox:
========
FF DefaultProfile: wecs4sq7.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wecs4sq7.default [2024-11-19]
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s82nlhr8.default-release-1720340111013 [2025-04-06]
FF Homepage: Mozilla\Firefox\Profiles\s82nlhr8.default-release-1720340111013 -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\s82nlhr8.default-release-1720340111013 -> hxxps://www.blancheporte.cz; hxxps://csuange071bc738pvdcg.enhanceconnection.co.in; hxxps://csupkhu071bc739s22t0.enhanceconnection.co.in; hxxps://csuplv6071bc739s4n6g.enhanceprotocol.co.in; hxxps://csupmom071bc739s67b0.enhanceconnection.co.in; hxxps://84b7wjb8o9qv2g.enhanceconnection.co.in; hxxps://cvpbjq6071bc73ahmb0g.stabilizeconnection.co.in
FF Extension: (Advanced Image Search) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s82nlhr8.default-release-1720340111013\Extensions\{9191eef4-82e8-4da5-81a1-dbba6fc650ea}.xpi [2024-07-07]
FF Extension: (Dark Tranquillity Angels) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s82nlhr8.default-release-1720340111013\Extensions\{b106e190-78cc-404b-b621-2d37c7769801}.xpi [2024-07-07]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2024-12-18] (Adobe Inc. -> Adobe Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2020-06-02] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-03-08] (HP Inc. -> HP Inc.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [16084360 2025-03-06] (Logitech Inc -> Logitech, Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpDefenderCoreService.exe [1968320 2025-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559328 2025-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\NisSrv.exe [4464024 2025-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MsMpEng.exe [270040 2025-04-01] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [278960 2025-04-01] (Microsoft Windows -> Microsoft Corporation)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [23208 2017-11-13] (WDKTestCert Win10P64US,131547553407012624 -> Lenovo)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2024-09-21] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2024-04-15] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2024-09-21] (Logitech Inc -> Logitech)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20016 2025-04-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601520 2025-04-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-01] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-04-06 19:47 - 2025-04-06 19:48 - 000020196 _____ C:\Users\Admin\Desktop\FRST.txt
2025-04-06 19:45 - 2025-04-06 19:45 - 002404864 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2025-04-03 19:11 - 2025-04-06 10:28 - 003009180 _____ C:\Users\Admin\Desktop\Aspergerův syndrom.pptx
2025-04-01 15:14 - 2025-04-01 17:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-03-28 20:40 - 2025-03-28 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2025-03-24 20:28 - 2025-03-25 16:07 - 000000000 ____D C:\Users\Admin\Desktop\APARATH loga 2025
2025-03-12 17:15 - 2025-03-12 17:17 - 000000000 ____D C:\Users\Admin\Downloads\KIA
2025-03-12 09:23 - 2025-03-12 09:23 - 000000000 ___HD C:\$WinREAgent
2025-03-10 17:23 - 2025-03-10 17:23 - 000000000 ____D C:\Users\Admin\Documents\FontLab
2025-03-10 17:23 - 2025-03-10 17:23 - 000000000 ____D C:\Users\Admin\AppData\Local\FontLab
2025-03-10 17:22 - 2025-03-10 17:22 - 000001575 _____ C:\Users\Admin\Desktop\FontLab 8.exe – zástupce.lnk
2025-03-10 17:20 - 2025-03-10 17:20 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Fontlab
2025-03-10 17:20 - 2025-03-10 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fontlab
2025-03-10 17:20 - 2025-03-10 17:20 - 000000000 ____D C:\Program Files\Fontlab
2025-03-10 16:34 - 2025-03-10 16:38 - 000000000 ____D C:\Program Files (x86)\FontForgeBuilds
2025-03-07 09:24 - 2025-03-07 09:25 - 000000000 ____D C:\Program Files\LGHUB
2025-03-07 09:24 - 2025-03-07 09:24 - 000000856 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2025-03-07 09:24 - 2025-03-07 09:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-04-06 19:48 - 2024-11-19 18:00 - 000000000 ____D C:\FRST
2025-04-06 19:43 - 2023-12-01 15:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-04-06 19:09 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-04-06 18:59 - 2023-11-27 17:12 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-04-06 17:12 - 2023-11-27 16:16 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2025-04-06 13:45 - 2023-12-01 16:30 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Word
2025-04-06 13:38 - 2024-01-04 19:29 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Excel
2025-04-06 13:33 - 2023-11-27 16:16 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2025-04-06 10:28 - 2023-12-09 20:08 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\PowerPoint
2025-04-06 07:57 - 2024-04-15 18:53 - 000000000 ____D C:\Users\Admin\AppData\Local\LGHUB
2025-04-06 07:57 - 2023-11-27 17:12 - 000003640 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-04-06 07:57 - 2023-11-27 17:12 - 000003516 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-04-06 07:57 - 2023-11-27 16:38 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2025-04-05 19:04 - 2025-02-18 19:47 - 000046732 _____ C:\Users\Admin\Desktop\Bojler.xlsx
2025-04-05 18:13 - 2023-12-01 14:39 - 000003980 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3260051251-3003698751-2184876508-1001UA{152E6660-A07E-4644-B395-8FEB8768CA9A}
2025-04-05 18:13 - 2023-12-01 14:39 - 000003916 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3260051251-3003698751-2184876508-1001Core{345A1CD2-8F45-4CFA-9785-0D4EAC18957A}
2025-04-05 10:43 - 2023-12-01 16:30 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Office
2025-04-05 07:47 - 2023-11-27 17:12 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-05 07:47 - 2023-11-27 17:12 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-04-04 22:02 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-04-04 22:02 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2025-04-04 19:17 - 2024-01-26 15:49 - 000012135 _____ C:\Users\Admin\Desktop\Voda.xlsx
2025-04-03 08:05 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2025-04-02 14:33 - 2024-06-27 07:05 - 000000000 ____D C:\Users\Admin\Downloads\Tyršova 402
2025-04-02 13:39 - 2024-01-29 15:42 - 000000000 ____D C:\Users\Admin\Downloads\Hi Audio
2025-04-02 11:49 - 2023-12-04 17:11 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Mp3tag
2025-04-02 11:46 - 2023-12-01 16:45 - 000000000 ____D C:\ProgramData\TEMP
2025-04-01 17:07 - 2023-12-01 15:17 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-04-01 17:07 - 2023-12-01 15:17 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2025-04-01 17:07 - 2023-12-01 15:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-04-01 11:45 - 2023-11-27 16:21 - 001694140 _____ C:\Windows\system32\PerfStringBackup.INI
2025-04-01 11:45 - 2019-12-07 16:43 - 000717008 _____ C:\Windows\system32\perfh005.dat
2025-04-01 11:45 - 2019-12-07 16:43 - 000145186 _____ C:\Windows\system32\perfc005.dat
2025-04-01 11:40 - 2023-11-27 17:12 - 000008192 ___SH C:\DumpStack.log.tmp
2025-04-01 11:40 - 2023-11-27 17:12 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-04-01 11:40 - 2023-05-05 14:28 - 000000000 ____D C:\Windows\SystemTemp
2025-04-01 11:40 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2025-04-01 11:40 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2025-04-01 11:21 - 2025-02-06 21:59 - 000003576 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-3260051251-3003698751-2184876508-1001
2025-04-01 11:21 - 2023-11-27 16:18 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3260051251-3003698751-2184876508-1001
2025-04-01 11:21 - 2023-11-27 16:18 - 000003372 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3260051251-3003698751-2184876508-1001
2025-04-01 11:21 - 2023-11-27 16:16 - 000002422 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-04-01 07:53 - 2023-11-27 17:12 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-04-01 07:53 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2025-03-31 18:00 - 2023-12-01 16:30 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Šablony
2025-03-31 17:14 - 2024-09-11 09:59 - 000000000 ____D C:\Users\Admin\Downloads\APARATH
2025-03-31 17:06 - 2023-12-19 00:15 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2025-03-28 20:40 - 2023-12-04 17:11 - 000000000 ____D C:\Program Files\Mp3tag
2025-03-25 15:58 - 2024-05-15 08:38 - 000000000 ____D C:\Users\Admin\Downloads\PROG
2025-03-20 18:09 - 2023-12-26 23:04 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2025-03-13 14:15 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2025-03-13 10:42 - 2023-11-27 16:16 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2025-03-12 17:15 - 2025-02-11 21:03 - 000000000 ____D C:\Users\Admin\Downloads\ROJEK+bojler
2025-03-12 17:13 - 2024-10-03 13:50 - 000000000 ____D C:\Users\Admin\Downloads\tesla
2025-03-12 17:07 - 2025-02-19 10:07 - 000000000 ____D C:\Program Files\HP
2025-03-12 11:45 - 2023-11-27 17:12 - 000437928 _____ C:\Windows\system32\FNTCACHE.DAT
2025-03-12 11:45 - 2019-12-07 16:44 - 000000000 ____D C:\Windows\system32\OpenSSH
2025-03-12 11:45 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-03-12 11:45 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2025-03-12 11:45 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2025-03-12 11:44 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-03-12 11:44 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-03-12 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2025-03-12 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2025-03-12 11:44 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2025-03-12 11:44 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2025-03-12 09:27 - 2023-11-27 16:14 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-03-10 16:26 - 2023-11-27 16:22 - 000000000 ____D C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder
2025-03-10 09:15 - 2025-03-06 21:40 - 000001277 _____ C:\Users\Admin\Desktop\APARATH logo2 – zástupce.lnk
2025-03-10 02:10 - 2023-11-27 16:16 - 000000000 ____D C:\Users\Admin
2025-03-08 22:02 - 2023-12-28 21:27 - 000000000 ____D C:\Windows\system32\Tasks\HP
2025-03-08 22:02 - 2023-12-28 21:27 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2025-03-07 09:25 - 2024-04-15 18:53 - 000000000 ____D C:\Users\Admin\AppData\Roaming\lghub
2025-03-07 09:25 - 2024-04-15 18:53 - 000000000 ____D C:\Users\Admin\AppData\Roaming\G HUB
==================== Files in the root of some directories ========
2023-12-01 17:48 - 2023-12-01 17:48 - 000000410 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log
2024-02-12 23:28 - 2024-02-12 23:28 - 000000017 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-04-2025
Ran by Admin (06-04-2025 19:49:16)
Running from C:\Users\Admin\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.5608 (X64) (2023-11-27 14:14:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Admin (S-1-5-21-3260051251-3003698751-2184876508-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3260051251-3003698751-2184876508-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3260051251-3003698751-2184876508-503 - Limited - Disabled)
Guest (S-1-5-21-3260051251-3003698751-2184876508-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3260051251-3003698751-2184876508-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 24.003.20054 - Adobe)
Adobe Audition 2023 (HKLM-x32\...\AUDT_23_3) (Version: 23.3 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_4_1) (Version: 25.4.1 - Adobe Inc.)
Adobe Photoshop 2024 (HKLM-x32\...\PHSP_25_1) (Version: 25.1.0.120 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601108}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Dolby Audio X2 Windows API SDK (HKLM\...\{FA0735B6-9E18-437A-A1CD-9152650FC52B}) (Version: 0.8.8.90 - Dolby Laboratories, Inc.)
EZ CD Audio Converter (HKLM-x32\...\EZ CD Audio Converter) (Version: 11.0.2 - Poikosoft)
FontLab 8 (64-bit) (HKLM-x32\...\{F7851B69-FE71-44D2-9698-7E9BF5AF390F}_is1) (Version: 8.0 - FontLab)
Integrated Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10120.11107 - Realtek Semiconductor Corp.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4708 - Intel Corporation)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2025.2.687008 - Logitech)
Microsoft Access MUI (Czech) 2016 (HKLM\...\{90160000-0015-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft DCF MUI (Czech) 2016 (HKLM\...\{90160000-0090-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 134.0.3124.93 - Microsoft Corporation) Hidden
Microsoft Excel MUI (Czech) 2016 (HKLM\...\{90160000-0016-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Groove MUI (Czech) 2016 (HKLM\...\{90160000-00BA-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (Czech) 2016 (HKLM\...\{90160000-0044-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2016 (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM\...\{90160000-001F-0407-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (Czech) 2016 (HKLM\...\{90160000-00E1-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (Czech) 2016 (HKLM\...\{90160000-00E2-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing (Czech) 2016 (HKLM\...\{90160000-002C-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2016 - English (HKLM\...\{90160000-001F-0409-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Czech) 2016 (HKLM\...\{90160000-00C1-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2016 (HKLM\...\{90160000-006E-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\...\OneDriveSetup.exe) (Version: 25.041.0303.0002 - Microsoft Corporation)
Microsoft OneNote MUI (Czech) 2016 (HKLM\...\{90160000-00A1-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (Czech) 2016 (HKLM\...\{90160000-001A-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (Czech) 2016 (HKLM\...\{90160000-0018-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (Czech) 2016 (HKLM\...\{90160000-0019-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Skype for Business MUI (Czech) 2016 (HKLM\...\{90160000-012B-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Word MUI (Czech) 2016 (HKLM\...\{90160000-001B-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MixMeister BPM Analyzer 1.0 (HKLM-x32\...\MixMeister BPM Analyzer_is1) (Version: - MixMeister Technology LLC)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 137.0 (x64 cs)) (Version: 137.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla)
Mp3tag v3.29 (HKLM\...\Mp3tag) (Version: 3.29 - Florian Heidenreich)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Navigation Updater (HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\...\{cc421fe9-06b3-474a-809a-80908170203b}) (Version: 2.2.3.8 - HYUNDAI MOTOR GROUP)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.16299.31239 - Realtek Semiconductor Corp.)
TIDAL (HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\...\TIDAL) (Version: 2.36.2 - TIDAL Music AS)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
WinRAR 6.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.20.0 - win.rar GmbH)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-02] (HP Inc.)
Spotify – hudba a podcasty -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0 [2025-03-27] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2512.2.0_x64__cv1g1gvanyjgm [2025-03-29] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2ABD6384-2E18-40E8-8439-F06D21E0B03D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.43\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2FDB3305-19B8-4FE2-972B-ED5E97CBBD6E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{41B09861-5409-4D44-8CA4-D49FBFAA2E6F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.49\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{4FFB4BD8-A109-4F25-A4DB-313678B19417}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.49\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{5FC44EBC-3A1F-4FBB-85E5-34405788C8D7}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.49\psuser_64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{BC4C72EF-3055-4A6D-86E1-AE4D24DB63CA}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.35\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{F46A78BD-06FC-442C-88DF-0500F08F2379}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-12-04] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-12-04] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-12-04] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-12-04] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll [2022-09-23] (Poikosoft -> Poikosoft)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2025-03-28] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-01-17] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-01-17] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2025-03-28] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers4: [EzCd] -> {E46D6DC6-9707-43a9-BDBB-0BDBDD096F90} => C:\Program Files\EZ CD Audio Converter\ezcd64.dll [2022-09-23] (Poikosoft -> Poikosoft)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell64.dll [2025-03-28] (Florian Heidenreich -> Florian Heidenreich)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxDTCM.dll [2017-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-12-04] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-01-17] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-01-17] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2023-12-05 19:34 - 2013-03-10 03:35 - 000946176 _____ () [File not signed] [File is in use] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_uie_wsh_panel_mod\foo_uie_wsh_panel_mod.dll
2023-12-05 19:34 - 2013-07-15 22:49 - 000204800 _____ () [File not signed] \\?\X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_wave_seekbar\frontend_direct2d.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000274432 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_albumlist.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000214528 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_cdda.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000524800 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_converter.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000102400 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_dsp_eq.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000155136 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_dsp_std.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000235520 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_fileops.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000177664 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_freedb2.dll
2019-05-06 15:05 - 2019-05-06 15:05 - 001413120 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_input_std.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000287744 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_rgscan.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 001034240 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_ui_std.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000185344 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\components\foo_unpack.dll
2019-05-06 15:04 - 2019-05-06 15:04 - 000116736 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\shared.dll
2023-12-05 19:34 - 2013-01-24 16:01 - 001864704 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_dop\foo_dop.dll
2023-12-05 19:34 - 2010-09-23 03:34 - 000090624 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_jesus\foo_jesus.dll
2023-12-05 19:34 - 2013-03-10 03:33 - 000230912 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_playcount\foo_playcount.dll
2023-12-05 19:34 - 2013-02-13 00:16 - 000334848 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_quicksearch\foo_quicksearch.dll
2023-12-05 19:34 - 2013-01-24 16:01 - 000369152 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_run\foo_run.dll
2023-12-05 19:34 - 2013-03-10 01:41 - 000167424 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_skip\foo_skip.dll
2023-12-05 19:34 - 2013-01-24 16:01 - 001608192 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_ui_columns\foo_ui_columns.dll
2023-12-05 19:34 - 2013-02-04 01:07 - 000452608 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_uie_elplaylist\foo_uie_elplaylist.dll
2023-12-05 19:34 - 2013-01-24 16:01 - 000586240 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_uie_graphical_browser\foo_uie_graphical_browser.dll
2023-12-05 19:34 - 2013-01-24 16:01 - 000327680 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_uie_library_tree\foo_uie_library_tree.dll
2023-12-05 19:34 - 2012-06-15 19:59 - 000802816 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_uie_lyrics3\foo_uie_lyrics3.dll
2023-12-05 19:34 - 2009-12-10 01:16 - 000356352 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_uie_panel_splitter\foo_uie_panel_splitter.dll
2023-12-05 19:34 - 2013-01-24 16:01 - 000241664 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_uie_vis_channel_spectrum\foo_uie_vis_channel_spectrum.dll
2023-12-05 19:34 - 2013-01-24 16:01 - 000259584 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_utils\foo_utils.dll
2017-10-09 13:59 - 2017-10-09 13:59 - 000071680 _____ () [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\zlib1.dll
2019-03-20 13:11 - 2019-03-20 13:11 - 000807936 _____ (FFmpeg Project) [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\avcodec-fb2k-57.dll
2019-03-20 13:11 - 2019-03-20 13:11 - 000556544 _____ (FFmpeg Project) [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\avutil-fb2k-55.dll
2023-12-05 19:34 - 2013-07-15 22:49 - 002352640 _____ (Zao) [File not signed] X:\TECHDAT\jukebox\Program File HDD\foobar2000\user-components\foo_wave_seekbar\foo_wave_seekbar.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:8934AEBA [138]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2024-11-20 11:31 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 10.0.1.1 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Intel(R) Dual Band Wireless-AC 8265 -> Netwtw06.sys
Ethernet: Intel(R) Ethernet Connection (5) I219-LM -> e1d68x64.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtsCM"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B"
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\...\StartupApproved\Run: => "Microsoft Edge Update"
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C7FB50D1-BC78-4825-88D4-3E09FA63E69F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A6E10C3A-A21B-408F-9C8F-1B69042A1EC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{540B133E-829B-4D85-BAEE-5BC28B52D6D6}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{62D4249A-6E78-4F84-9004-21FAE461849E}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF74FB05-0D42-45B3-A267-CD31C1F97F82}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6FB41EE1-8A74-499A-8265-73ABDB6EC6DC}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E0C8B92-196C-4E04-B5A2-2CC4897A2AFB}] => (Block) C:\Program Files\Adobe\Adobe Photoshop 2024\Photoshop.exe (Adobe Inc. -> Adobe) [File not signed]
FirewallRules: [{DB04B26E-B4DE-495E-B254-F5396EEB2C7F}] => (Block) C:\Program Files\Adobe\Adobe Photoshop 2024\Photoshop.exe (Adobe Inc. -> Adobe) [File not signed]
FirewallRules: [TCP Query User{0C3CA86C-FB5C-41D6-8BE5-9E2C01E5A1F0}C:\users\admin\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\admin\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{0EC0C7DD-376C-499B-865D-FD3569A107F7}C:\users\admin\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\admin\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [{7F06F154-D562-479D-ABBA-688B5550A8AB}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{26169149-D6EE-4CB6-9982-F574CE060612}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{615ABAB5-389E-4E92-B1EC-9DE0321A0E74}] => (Block) C:\Program Files\Adobe\Adobe Audition 2023\Adobe Audition.exe (Adobe Inc. -> Adobe)
FirewallRules: [{614A2360-1566-428E-AFBC-656D47A9EDB2}] => (Block) C:\Program Files\Adobe\Adobe Audition 2023\Adobe Audition.exe (Adobe Inc. -> Adobe)
FirewallRules: [{F1E80103-3E86-4AE2-83B6-6F2CAD12FE78}] => (Block) C:\Program Files\Adobe\Adobe Audition 2023\AdobeCrashReport.exe (Adobe Inc. -> Adobe)
FirewallRules: [{85739B14-C9B9-4B42-A9F6-5F146381920D}] => (Block) C:\Program Files\Adobe\Adobe Audition 2023\AdobeCrashReport.exe (Adobe Inc. -> Adobe)
FirewallRules: [{F40957CA-C45C-4EA9-82D1-69F4C6AE7DD2}] => (Block) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Inc.)
FirewallRules: [{A36C7630-3F11-4D8B-A669-F45A93CC2AA4}] => (Block) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Inc.)
FirewallRules: [TCP Query User{28A5E507-0A58-4EC5-ADA7-B73D962F9A6A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{61B900CC-DBF2-4937-9E07-DCF1372A7801}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1A5C4AD-34CC-404A-BF6C-6552A75324BA}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{88A9B3FC-FE86-491A-996E-C54BB956DF51}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{21D5BF93-665C-4E01-8B6D-681FDC12D93E}] => (Allow) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{5A7638CC-5C35-435C-8704-C9740234DDD0}] => (Block) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe (Adobe Inc. -> Adobe Systems Incorporated)
FirewallRules: [{17CA1E79-46DA-4772-B78A-A1EEF354F1B4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{95BD69DF-971D-4148-8710-F147C7644B8B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0D53F75D-25A5-42EE-AA69-926A94CD0DEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0AAB919C-7A47-47CB-8723-7C61CB4216E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7CBC5776-A47F-4C72-8D38-12C12CFA01B3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D505BADB-BB9F-4F38-B40B-0029A6F37A50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3B444081-DB28-4682-831D-64B2B56398A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{56BD4A1A-3A9F-4FB5-A135-1880FF946DE0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C82BCFA6-0EE3-48E2-B6B3-41C2EDE1BB3A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{34882191-3FC8-43D3-A282-B313ED41FD04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.260.564.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2E2284E9-F640-4073-A832-9BA7B2B18EFC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.93\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{58AA28FD-8118-4D4E-9E47-B8232FDA3802}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{37B18289-9EEB-419C-B063-88E427799C19}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F8EC839A-C7ED-4708-AE6E-6B71FE312E8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F036C63D-79A1-4339-8539-DC298D20884A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
19-03-2025 17:58:01 Naplánovaný kontrolní bod
28-03-2025 17:46:14 Naplánovaný kontrolní bod
01-04-2025 07:53:00 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/02/2025 10:52:29 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na darkane (X:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (03/31/2025 05:06:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Photoshop.exe, verze: 25.2.0.196, časové razítko: 0x655d14e5
Název chybujícího modulu: Photoshop.exe, verze: 25.2.0.196, časové razítko: 0x655d14e5
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000302279a
ID chybujícího procesu: 0x305c
Čas spuštění chybující aplikace: 0x01dba24d954d4c87
Cesta k chybující aplikaci: C:\Program Files\Adobe\Adobe Photoshop 2024\Photoshop.exe
Cesta k chybujícímu modulu: C:\Program Files\Adobe\Adobe Photoshop 2024\Photoshop.exe
ID zprávy: 2df046ff-9f0c-47d8-a63b-00875772fddb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (03/26/2025 11:02:32 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na darkane (X:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (03/19/2025 08:43:52 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na darkane (X:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (03/12/2025 08:26:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TextInputHost.exe, verze: 124.26100.0.0, časové razítko: 0x66e9fa01
Název chybujícího modulu: CoreMessaging.dll, verze: 10.0.19041.5486, časové razítko: 0xb509a2d6
Kód výjimky: 0xc000027b
Posun chyby: 0x000000000006ab4c
ID chybujícího procesu: 0x21e0
Čas spuštění chybující aplikace: 0x01db934b53bb5481
Cesta k chybující aplikaci: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\CoreMessaging.dll
ID zprávy: d23f96c1-de33-42a3-a146-b47b8a3a55ff
Úplný název chybujícího balíčku: MicrosoftWindows.Client.CBS_1000.19061.1000.0_x64__cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: InputApp
Error: (03/12/2025 09:24:56 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na darkane (X:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (03/12/2025 08:58:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.19041.4355, časové razítko: 0x9ce47784
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.3636, časové razítko: 0x81cf5d89
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000001273c
ID chybujícího procesu: 0x1d48
Čas spuštění chybující aplikace: 0x01db931c30a4bd4b
Cesta k chybující aplikaci: C:\Windows\System32\svchost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ucrtbase.dll
ID zprávy: 45e5caf4-d8cf-4287-9b73-21294619fcf8
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (03/10/2025 08:18:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: FontLab 8.exe, verze: 8.2.0.3, časové razítko: 0x62bead37
Název chybujícího modulu: Qt5Gui.dll, verze: 5.15.9.0, časové razítko: 0x6246888e
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000067360
ID chybujícího procesu: 0x16f8
Čas spuštění chybující aplikace: 0x01db91e67d1770e6
Cesta k chybující aplikaci: C:\Program Files\Fontlab\FontLab 8\FontLab 8.exe
Cesta k chybujícímu modulu: C:\Program Files\Fontlab\FontLab 8\Qt5Gui.dll
ID zprávy: 01059c8a-fab0-4da1-b74c-5c33b3ecd6aa
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (04/04/2025 03:13:43 PM) (Source: DCOM) (EventID: 10010) (User: SUBOTNIKOVA)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.
Error: (04/04/2025 03:13:42 PM) (Source: DCOM) (EventID: 10010) (User: SUBOTNIKOVA)
Description: Server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider se v daném časovém limitu neregistroval u služby DCOM.
Error: (04/01/2025 11:42:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935
Error: (04/01/2025 11:39:53 AM) (Source: DCOM) (EventID: 10010) (User: SUBOTNIKOVA)
Description: Server MicrosoftWindows.Client.CBS_1000.19061.1000.0_x64__cw5n1h2txyewy!Global.DesktopSpotlight.AppXmakp9w4re9tj70pp8mcdrt273xajen0x.mca se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/31/2025 09:45:11 PM) (Source: DCOM) (EventID: 10010) (User: SUBOTNIKOVA)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/31/2025 09:45:11 PM) (Source: DCOM) (EventID: 10010) (User: SUBOTNIKOVA)
Description: Server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/29/2025 11:04:54 PM) (Source: DCOM) (EventID: 10010) (User: SUBOTNIKOVA)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.
Error: (03/29/2025 11:04:54 PM) (Source: DCOM) (EventID: 10010) (User: SUBOTNIKOVA)
Description: Server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2025-04-06 08:17:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-05 08:11:21
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-04 08:19:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-03 08:17:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-01 08:19:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2025-04-01 07:52:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO M1BKT39A 06/21/2018
Motherboard: LENOVO 3110
Processor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
Percentage of memory in use: 59%
Total physical RAM: 8085.54 MB
Available physical RAM: 3271.33 MB
Total Virtual: 10161.93 MB
Available Virtual: 4724.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.85 GB) (Free:35.52 GB) (Model: SAMSUNG MZVLB256HAHQ-000L7) NTFS
Drive x: (darkane) (Fixed) (Total:3725.9 GB) (Free:1087.79 GB) NTFS
\\?\Volume{8144f54e-3bbb-42c6-83fd-da2c9438b167}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{d2e7f574-4665-4502-9997-dfa479443cd8}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 4596D9D7)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu-malware
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu-malware
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
Task: {B6266A86-629C-4BB7-9138-4664933983AA} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled (No File)
Task: {4B8FDACC-D932-4A3B-BAF2-40A938330993} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (No File)
C:\DumpStack.log.tmp
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2ABD6384-2E18-40E8-8439-F06D21E0B03D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.43\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2FDB3305-19B8-4FE2-972B-ED5E97CBBD6E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{4FFB4BD8-A109-4F25-A4DB-313678B19417}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{5FC44EBC-3A1F-4FBB-85E5-34405788C8D7}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{BC4C72EF-3055-4A6D-86E1-AE4D24DB63CA}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.35\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{F46A78BD-06FC-442C-88DF-0500F08F2379}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:8934AEBA [138]
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu-malware
Fix result of Farbar Recovery Scan Tool (x64) Version: 01-04-2025
Ran by Admin (06-04-2025 21:26:27) Run:4
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {B6266A86-629C-4BB7-9138-4664933983AA} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled (No File)
Task: {4B8FDACC-D932-4A3B-BAF2-40A938330993} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (No File)
C:\DumpStack.log.tmp
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2ABD6384-2E18-40E8-8439-F06D21E0B03D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.43\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2FDB3305-19B8-4FE2-972B-ED5E97CBBD6E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{4FFB4BD8-A109-4F25-A4DB-313678B19417}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{5FC44EBC-3A1F-4FBB-85E5-34405788C8D7}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{BC4C72EF-3055-4A6D-86E1-AE4D24DB63CA}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.35\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{F46A78BD-06FC-442C-88DF-0500F08F2379}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:8934AEBA [138]
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6266A86-629C-4BB7-9138-4664933983AA}" => not found
"C:\Windows\System32\Tasks\AdobeGCInvoker-1.0" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B8FDACC-D932-4A3B-BAF2-40A938330993}" => not found
"C:\Windows\System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe-Genuine-Software-Integrity-Scheduler-1.0" => not found
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2ABD6384-2E18-40E8-8439-F06D21E0B03D} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2FDB3305-19B8-4FE2-972B-ED5E97CBBD6E} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{4FFB4BD8-A109-4F25-A4DB-313678B19417} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{5FC44EBC-3A1F-4FBB-85E5-34405788C8D7} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{BC4C72EF-3055-4A6D-86E1-AE4D24DB63CA} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{F46A78BD-06FC-442C-88DF-0500F08F2379} => not found
"C:\ProgramData\TEMP" => ":8934AEBA" ADS not found.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6306816 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Admin => 115210798 B
RecycleBin => 1913281862 B
EmptyTemp: => 1.9 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 06-04-2025 21:28:38)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 21:28:38 ====
Ran by Admin (06-04-2025 21:26:27) Run:4
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
Task: {B6266A86-629C-4BB7-9138-4664933983AA} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled (No File)
Task: {4B8FDACC-D932-4A3B-BAF2-40A938330993} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (No File)
C:\DumpStack.log.tmp
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2ABD6384-2E18-40E8-8439-F06D21E0B03D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.43\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2FDB3305-19B8-4FE2-972B-ED5E97CBBD6E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.39\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{4FFB4BD8-A109-4F25-A4DB-313678B19417}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{5FC44EBC-3A1F-4FBB-85E5-34405788C8D7}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.187.41\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{BC4C72EF-3055-4A6D-86E1-AE4D24DB63CA}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.35\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{F46A78BD-06FC-442C-88DF-0500F08F2379}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:8934AEBA [138]
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6266A86-629C-4BB7-9138-4664933983AA}" => not found
"C:\Windows\System32\Tasks\AdobeGCInvoker-1.0" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B8FDACC-D932-4A3B-BAF2-40A938330993}" => not found
"C:\Windows\System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe-Genuine-Software-Integrity-Scheduler-1.0" => not found
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2ABD6384-2E18-40E8-8439-F06D21E0B03D} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{2FDB3305-19B8-4FE2-972B-ED5E97CBBD6E} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{4FFB4BD8-A109-4F25-A4DB-313678B19417} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{5FC44EBC-3A1F-4FBB-85E5-34405788C8D7} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{BC4C72EF-3055-4A6D-86E1-AE4D24DB63CA} => not found
HKU\S-1-5-21-3260051251-3003698751-2184876508-1001_Classes\CLSID\{F46A78BD-06FC-442C-88DF-0500F08F2379} => not found
"C:\ProgramData\TEMP" => ":8934AEBA" ADS not found.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6306816 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Admin => 115210798 B
RecycleBin => 1913281862 B
EmptyTemp: => 1.9 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 06-04-2025 21:28:38)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 21:28:38 ====
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu-malware
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu-malware
Mockrát děkuji, vše v pořádku, nic se neobjevuje, prohlížeč v klidu. 
Děkuji
Jarda
Děkuji
Jarda
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu-malware
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?