PC má v sobě parazita, blokuje antivirové programy a stránky odkazující na software s antiviry a malware detektory..
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2025
Ran by Jaroslav Reichel (30-04-2025 19:41:38)
Running from C:\Users\Jaroslav Reichel\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) (2021-03-27 16:21:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2966077403-802055689-1139997306-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2966077403-802055689-1139997306-503 - Limited - Disabled)
Guest (S-1-5-21-2966077403-802055689-1139997306-501 - Limited - Disabled)
Jaroslav Reichel (S-1-5-21-2966077403-802055689-1139997306-1001 - Administrator - Enabled) => C:\Users\Jaroslav Reichel
WDAGUtilityAccount (S-1-5-21-2966077403-802055689-1139997306-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 25.001.20474 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.8.0.0 - GIGABYTE Technology Co.,Inc.)
Call of Duty 4 - Modern Warfare verze 1.7 (HKLM-x32\...\{826D7727-6105-4C5D-A049-E4BADBC8BAAB}_is1) (Version: 1.7 - tomi2k9)
Call Of Duty(R) 2 (HKLM-x32\...\{DBECFA83-42DC-4585-A970-A764AB01A956}) (Version: 1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 6.11 - Piriform)
CPUID CPU-Z 1.91 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.91 - CPUID, Inc.)
Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
Driver Booster 9 (HKLM-x32\...\Driver Booster_is1) (Version: 9.1.0 - IObit)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.165 - Google Inc.) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Deskjet 3540 series Nápověda (HKLM-x32\...\{13EFEB9B-FB50-40C6-9F18-C3F38AAE81D1}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
K-Lite Mega Codec Pack 14.5.2 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.2 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.98 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.98 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.18623.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\OneDriveSetup.exe) (Version: 23.214.1015.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.10.25017 (HKLM\...\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.10.25017 (HKLM\...\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25017 (HKLM-x32\...\{68306422-7C57-373F-8860-D26CE4BA2A15}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25017 (HKLM-x32\...\{582EA838-9199-3518-A05C-DB09462F68EC}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 560.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.94 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.5 - Power Software Ltd)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.0 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Skype verze 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Studie vylepšování produktu HP Deskjet 3540 series (HKLM\...\{377A8182-90CD-4AD8-BF1C-B757EC83724E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.65.4 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1022 - McAfee, LLC)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 3540 series (HKLM\...\{4CCA7410-4D72-4720-87C2-DBB75486E991}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC [2024-12-12] ()
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.3011.1.0_x64__kgqvnymyfvs32 [2025-04-30] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.26.3000.0_x64__rz1tebttyb220 [2025-03-21] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2024-12-31] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-05] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-27] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-26] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-04-29] ()
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\nvshext.dll [2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2025-04-30 18:46 - 2025-04-30 18:46 - 000029480 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2020-04-19 01:53 - 2020-04-19 01:53 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-19 01:53 - 2020-04-19 01:53 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 09:31 - 2023-11-12 20:56 - 000001633 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 get-seeders.com
127.0.0.1 tracker.cgpeers.to
127.0.0.1 proxy.siambit.me
127.0.0.1 tracker.iptorrent.com
127.0.0.1 zb-ann.com
127.0.0.1 www.eset.com
127.0.0.1 iploc.eset.com
127.0.0.1 repository.eset.com
127.0.0.1 www.avast.com
127.0.0.1 www.malwarebytes.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.edf.eset.com
127.0.0.1 www.update.eset.com
127.0.0.1 www.kaspersky.co.th
127.0.0.1 www.kaspersky.com.br
127.0.0.1 usa.kaspersky.com
127.0.0.1 ark.mwbsys.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 telemetry.malwarebytes.com
127.0.0.1 keystone.mwbsys.com
127.0.0.1 iavs9x.avg.u.avcdn.net
127.0.0.1 shepherd.ff.avast.com
127.0.0.1 iavs9x.u.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 www.avg.com
127.0.0.1 www.bitdefender.com
127.0.0.1 www.avira.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi 2: Qualcomm Atheros 11G USB Wireless Network Adapter -> athuwbx.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{8C447807-E6DE-4380-B43C-A3A9E3A1726C}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{49151329-B8F7-434B-85B1-F8AEA937E7DD}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{750646EF-A8BC-4465-BB8D-DF2AFBFE95FA}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{B6980FE1-78D0-402B-BB96-E57B3DBE2F6A}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{7956B952-3647-434E-8890-BC82644C2401}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{CDE04448-1F89-40E0-BDFE-9ED00B5E930B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E91A13F7-2221-44A1-BE72-55DAD6F6FD0B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CEFBB698-D78B-4EAD-8B4B-EECCE4138A28}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1016C69-7560-41A5-8AC6-76D7816AC948}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0257DE4B-7CE9-4C7C-AB95-60FBDB8BABB4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9B08EAC9-03CC-43AC-A3F4-58341A1CB7DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AAC02CA-E53E-40B7-9BE3-9C9E7A0A5088}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.98\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60173047-D48D-4FA6-9866-136AAA29C233}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C86E6DE4-B2B5-4F87-8B35-3EDE19C1DD9C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B3CF8EA-EBA8-4D3F-82EB-6569649941D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{278E5BF7-B6BE-48DD-9EF2-6413FCFEE6BD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{35F69948-16BC-42A8-8BED-3F5C6B639C86}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
==================== Restore Points =========================
12-04-2025 09:03:48 Instalační služba modulů systému Windows
23-04-2025 19:38:42 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/30/2025 07:10:09 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_perf.dll (kód chyby Win32 126).
Error: (04/30/2025 07:10:09 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll (kód chyby Win32 126).
Error: (04/30/2025 06:47:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (04/30/2025 06:47:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (04/30/2025 06:47:32 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Získání licence koncového uživatele se nezdařilo. hr=0xC004C060
ID SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
Error: (04/30/2025 06:47:32 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Podrobnosti chyby získávání licence
hr=0xC004C060
Error: (04/30/2025 06:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TeamViewer_Service.exe, verze: 15.1.3937.0, časové razítko: 0x5df7a8c5
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.5737, časové razítko: 0x2f8c0a5c
Kód výjimky: 0xc0000005
Posun chyby: 0x0005fb03
ID chybujícího procesu: 0x115c
Čas spuštění chybující aplikace: 0x01dbb914d2425e72
Cesta k chybující aplikaci: C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 436eff6c-5f98-42e4-bd37-279dbbd7d9bf
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (04/30/2025 06:25:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (04/30/2025 06:48:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935
Error: (04/30/2025 06:48:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (04/30/2025 06:48:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).
Error: (04/30/2025 06:45:59 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: not terminated, too long or invalid number of separators
Error: (04/30/2025 01:50:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7ROS5EQ)
Description: Server {7E203817-236D-4E25-B5C9-EC22048B2B6D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (04/29/2025 04:43:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Zprostředkovatel monitorování Ochrany System Guard v režimu runtime byla ukončena s následující chybou:
%%3489660935
Error: (04/29/2025 04:43:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (04/29/2025 04:43:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).
Windows Defender:
================
Date: 2025-04-25 13:17:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-19 19:35:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-17 15:24:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-15 08:57:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-12 16:34:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
CodeIntegrity:
===============
Date: 2024-11-12 16:38:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.
Date: 2024-11-12 16:38:18
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2023-11-25 18:48:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-11-05 12:33:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3602 03/26/2018
Motherboard: ASUSTeK COMPUTER INC. H81M-C
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 64%
Total physical RAM: 8127.95 MB
Available physical RAM: 2863.74 MB
Total Virtual: 9407.95 MB
Available Virtual: 2856.63 MB
==================== Drives ================================
Drive c: (Systém) (Fixed) (Total:360.27 GB) (Free:289.56 GB) (Model: ST2000DX001-1CM164) NTFS
Drive d: (Data) (Fixed) (Total:1501.69 GB) (Free:414.36 GB) (Model: ST2000DX001-1CM164) NTFS
\\?\Volume{50fb8be9-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{50fb8be9-0000-0000-0000-d0335a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 50FB8BE9)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=360.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=527 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1501.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2025
Ran by Jaroslav Reichel (administrator) on DESKTOP-7ROS5EQ (ASUS All Series) (30-04-2025 19:44:39)
Running from C:\Users\Jaroslav Reichel\Downloads\FRST64.exe
Loaded Profiles: Jaroslav Reichel
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> ) C:\Program Files\TeamViewer\crashpad_handler.exe <3>
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(C:\Program Files\WinRAR\WinRAR.exe ->) (NoVirusThanks Company Srl) [File not signed] C:\Users\Jaroslav Reichel\AppData\Local\Temp\Rar$EXa1492.49584\PORTABLE\NMR.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(explorer.exe ->) (win.rar GmbH -> Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(wscript.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2019-09-15] (Power Software Limited -> Power Software Ltd)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG -> Nero AG)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40412984 2023-04-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4419624 2025-04-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Print\Monitors\HP C711 Status Monitor: C:\Windows\system32\hpinkstsC711LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3540 series): C:\Windows\system32\HPDiscoPMC711.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb [2012-05-29]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\135.0.7049.116\Installer\chrmstp.exe [2025-04-29] (Google LLC -> Google LLC)
Startup: C:\Users\Jaroslav Reichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dll.js [2023-11-12] () [File not signed]
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {C576CEB8-EBF8-4D65-BEAF-9EBFDCCF8C77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {DEB9035E-9EE5-4AA4-B5EF-F2F72381D302} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7129.0{CAA1991C-8AC8-4790-964E-C3F5B310679E} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7129.0\updater.exe [7375968 2025-04-17] (Google LLC -> Google LLC)
Task: {F56ED2D2-0B90-4379-9E3E-1599DDB05BF4} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B003309-CEC0-4813-8320-08884F1744FF} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {699D5652-4FEC-4F9A-A7DF-60D2CC330FB0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {988443E6-BD3C-4AAB-84DD-75D4D8C2AF5A} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68360 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A236DBA4-9CF6-4D6A-9D24-D2D3B4175981} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9132D345-36F8-4440-88B2-61CDCE2870EA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C075B164-567A-474D-B8AB-57906650AEDC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {522A0C3D-D05E-40D1-B102-6D8BA5F5C15F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [204400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {58D3CC20-4144-4B93-A146-3739A9CEE889} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6863381B-68B9-42CD-8115-37BC23B70964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6ACC3C9-4186-40A3-9CD0-0EA7FC7BAF01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C96F53B-234A-4430-937D-44BD2AA81262} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}\255696368656C6F546F6D616F5B6C696D6E6564713: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{950c552e-0b41-4321-a994-df8bd6290d1d}: [DhcpNameServer] 192.168.255.1 192.168.255.101 172.16.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-30]
Edge Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bobgdmjpamhpbiobbklajbdkgmmmbcja [2024-05-16]
Edge Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-06]
Edge Extension: (Edge relevant text changes) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]
Edge HKLM\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKLM-x32\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2025-04-30] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default [2025-04-30]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-04-25]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-04-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-21]
CHR Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbjhdkjmpgjgcbcdlhkokkckpjmedgc [2025-04-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13863152 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [943216 2025-04-30] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [23743792 2025-04-16] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [109504 2019-01-10] (Alcorlink Corp. -> )
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-01-11] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-10] (Martin Malik - REALiX -> REALiX(tm))
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
U5 rtp_filesystem_filter; C:\Windows\System32\Drivers\rtp_filesystem_filter.sys [219448 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
U5 rtp_process_monitor; C:\Windows\System32\Drivers\rtp_process_monitor.sys [199992 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [605576 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
PC napaden, nejde spustit avast, ESET, ani ONLINE ESET
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
djkarer1994
- Návštěvník
- Příspěvky: 16
- Registrován: 02 srp 2016 20:27
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET
Zkuste spustit tuto utilitu:
Pokud by to nešlo v normálním režimu, vyzkoušejte nouzový.Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
djkarer1994
- Návštěvník
- Příspěvky: 16
- Registrován: 02 srp 2016 20:27
Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET
# -------------------------------
# Malwarebytes AdwCleaner 8.5.1.601
# -------------------------------
# Build: 03-26-2025
# Database: 2025-04-04.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-01-2025
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.5737)
# Cleaned: 12
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\Jaroslav Reichel\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Jaroslav Reichel\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2405 octets] - [01/05/2025 10:39:23]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# Malwarebytes AdwCleaner 8.5.1.601
# -------------------------------
# Build: 03-26-2025
# Database: 2025-04-04.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-01-2025
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.5737)
# Cleaned: 12
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Users\Jaroslav Reichel\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Jaroslav Reichel\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
Deleted C:\Windows\System32\REGISTRYDEFRAGBOOTTIME.EXE
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2405 octets] - [01/05/2025 10:39:23]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET
OK, něco bylo smazáno. Teď dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
djkarer1994
- Návštěvník
- Příspěvky: 16
- Registrován: 02 srp 2016 20:27
Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-05-2025
Ran by Jaroslav Reichel (administrator) on DESKTOP-7ROS5EQ (ASUS All Series) (02-05-2025 19:42:53)
Running from C:\Users\Jaroslav Reichel\Downloads\FRST64.exe
Loaded Profiles: Jaroslav Reichel
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(C:\Program Files\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> ) C:\Program Files\TeamViewer\crashpad_handler.exe <2>
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(explorer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(wscript.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2019-09-15] (Power Software Limited -> Power Software Ltd)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG -> Nero AG)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40412984 2023-04-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4419624 2025-04-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Print\Monitors\HP C711 Status Monitor: C:\Windows\system32\hpinkstsC711LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3540 series): C:\Windows\system32\HPDiscoPMC711.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb [2012-05-29]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\135.0.7049.116\Installer\chrmstp.exe [2025-04-29] (Google LLC -> Google LLC)
Startup: C:\Users\Jaroslav Reichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dll.js [2023-11-12] () [File not signed]
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {C576CEB8-EBF8-4D65-BEAF-9EBFDCCF8C77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {DEB9035E-9EE5-4AA4-B5EF-F2F72381D302} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7129.0{CAA1991C-8AC8-4790-964E-C3F5B310679E} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7129.0\updater.exe [7375968 2025-04-17] (Google LLC -> Google LLC)
Task: {F56ED2D2-0B90-4379-9E3E-1599DDB05BF4} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B003309-CEC0-4813-8320-08884F1744FF} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {699D5652-4FEC-4F9A-A7DF-60D2CC330FB0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {988443E6-BD3C-4AAB-84DD-75D4D8C2AF5A} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68360 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A236DBA4-9CF6-4D6A-9D24-D2D3B4175981} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9132D345-36F8-4440-88B2-61CDCE2870EA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C075B164-567A-474D-B8AB-57906650AEDC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {522A0C3D-D05E-40D1-B102-6D8BA5F5C15F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [204400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {58D3CC20-4144-4B93-A146-3739A9CEE889} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6863381B-68B9-42CD-8115-37BC23B70964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6ACC3C9-4186-40A3-9CD0-0EA7FC7BAF01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C96F53B-234A-4430-937D-44BD2AA81262} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}\255696368656C6F546F6D616F5B6C696D6E6564713: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{950c552e-0b41-4321-a994-df8bd6290d1d}: [DhcpNameServer] 192.168.255.1 192.168.255.101 172.16.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-01]
Edge Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bobgdmjpamhpbiobbklajbdkgmmmbcja [2024-05-16]
Edge Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-06]
Edge Extension: (Edge relevant text changes) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]
Edge HKLM\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKLM-x32\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2025-04-30] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default [2025-05-02]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-05-02]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-04-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-21]
CHR Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbjhdkjmpgjgcbcdlhkokkckpjmedgc [2025-04-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13863152 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [943216 2025-04-30] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [23743792 2025-04-16] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [109504 2019-01-10] (Alcorlink Corp. -> )
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-01-11] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-10] (Martin Malik - REALiX -> REALiX(tm))
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
U5 rtp_filesystem_filter; C:\Windows\System32\Drivers\rtp_filesystem_filter.sys [219448 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
U5 rtp_process_monitor; C:\Windows\System32\Drivers\rtp_process_monitor.sys [199992 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [605576 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-05-02 19:42 - 2025-05-02 19:42 - 002405376 _____ (Farbar) C:\Users\Jaroslav Reichel\Downloads\FRST64.exe
2025-05-02 19:42 - 2025-05-02 19:42 - 000000000 ____D C:\Users\Jaroslav Reichel\Downloads\FRST-OlderVersion
2025-05-01 10:40 - 2025-05-01 10:40 - 000002373 _____ C:\Users\Jaroslav Reichel\Desktop\AdwCleaner[C00].txt
2025-05-01 10:38 - 2025-05-01 10:39 - 000000000 ____D C:\AdwCleaner
2025-05-01 10:32 - 2025-05-01 10:32 - 009568256 _____ (Malwarebytes) C:\Users\Jaroslav Reichel\Desktop\adwcleaner.exe
2025-04-30 19:35 - 2025-04-30 19:52 - 000039439 _____ C:\Users\Jaroslav Reichel\Downloads\Addition.txt
2025-04-30 19:30 - 2025-05-02 19:45 - 000021844 _____ C:\Users\Jaroslav Reichel\Downloads\FRST.txt
2025-04-30 19:28 - 2025-05-02 19:44 - 000000000 ____D C:\FRST
2025-04-30 19:20 - 2025-04-30 19:20 - 000000000 ____D C:\Users\Jaroslav Reichel\Desktop\HijackThisPortable
2025-04-30 19:18 - 2025-04-30 19:18 - 002092160 _____ (PortableApps.com) C:\Users\Jaroslav Reichel\Desktop\HijackThisPortable_2.10.0.10.paf.exe
2025-04-30 19:11 - 2025-04-30 19:11 - 001549314 _____ C:\Users\Jaroslav Reichel\Desktop\nmr_portable.zip
2025-04-30 19:09 - 2025-04-30 19:09 - 000000000 ____D C:\Program Files\Malwarebytes
2025-04-30 19:08 - 2025-04-30 19:08 - 002834160 _____ (Malwarebytes) C:\Users\Jaroslav Reichel\Desktop\MBSetup.exe
2025-04-30 18:56 - 2025-04-30 18:56 - 010687344 _____ (ESET) C:\Users\Jaroslav Reichel\Desktop\eset_smart_security_premium_live_installer.exe
2025-04-30 18:43 - 2025-04-30 18:43 - 000000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2025-04-30 18:43 - 2025-04-30 18:43 - 000000887 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2025-04-30 18:42 - 2025-05-01 10:35 - 000000000 ____D C:\Program Files\TeamViewer
2025-04-30 18:38 - 2025-04-30 18:42 - 076670760 _____ (TeamViewer Germany GmbH) C:\Users\Jaroslav Reichel\Downloads\TeamViewer_Setup_x64.exe
2025-04-29 11:29 - 2025-04-29 11:29 - 003182665 _____ C:\Users\Jaroslav Reichel\Downloads\PFG_Komis._s_Kněževes_Reichel_podepsaná.pdf
2025-04-29 11:27 - 2025-04-29 11:27 - 003873861 _____ C:\Users\Jaroslav Reichel\Downloads\Kupní_smlouva_Košut_Kněževes-konverze.pdf
2025-04-29 11:27 - 2025-04-29 11:27 - 003068472 _____ C:\Users\Jaroslav Reichel\Downloads\ZP_Kněževes_u_Prahy.pdf
2025-04-29 11:26 - 2025-04-29 11:26 - 001576096 _____ C:\Users\Jaroslav Reichel\Downloads\PFG_invest_A4.pdf
2025-04-29 09:55 - 2025-04-29 09:55 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-04-29 09:53 - 2025-04-29 09:53 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2025-04-29 09:53 - 2025-04-29 09:53 - 000002130 _____ C:\Users\Public\Desktop\Acrobat Reader.lnk
2025-04-12 16:45 - 2025-04-12 16:50 - 046304064 _____ (Samsung Electronics) C:\Users\Jaroslav Reichel\Downloads\Smart.Switch.PC_Setup.exe
2025-04-12 16:19 - 2022-09-30 05:24 - 000174112 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2025-04-12 16:19 - 2022-09-30 05:23 - 000167440 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2025-04-12 16:18 - 2025-04-12 16:18 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2025-04-12 09:08 - 2025-04-12 09:08 - 000000000 ___HD C:\$WinREAgent
2025-04-05 09:24 - 2025-04-05 09:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-05-02 19:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-02 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-05-02 19:39 - 2020-01-18 16:11 - 000000000 ____D C:\ProgramData\NVIDIA
2025-05-02 12:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-01 10:41 - 2021-03-27 18:13 - 001619426 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-05-01 10:41 - 2019-12-07 16:43 - 000686884 _____ C:\WINDOWS\system32\perfh005.dat
2025-05-01 10:41 - 2019-12-07 16:43 - 000139312 _____ C:\WINDOWS\system32\perfc005.dat
2025-05-01 10:41 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Roaming\IObit
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\LocalLow\IObit
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\ProgramData\IObit
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\Program Files (x86)\IObit
2025-05-01 10:34 - 2024-09-11 20:16 - 000008192 ___SH C:\DumpStack.log.tmp
2025-05-01 10:34 - 2021-03-27 18:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-05-01 10:34 - 2021-03-27 17:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-04-30 18:46 - 2021-03-27 17:55 - 000288656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-04-30 18:46 - 2019-11-15 14:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2025-04-30 18:44 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-04-30 18:43 - 2019-11-15 14:59 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Local\TeamViewer
2025-04-30 18:37 - 2019-11-15 14:59 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Roaming\TeamViewer
2025-04-29 21:31 - 2021-12-18 10:12 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-04-29 21:31 - 2019-01-10 19:38 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-04-29 16:42 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-04-29 16:42 - 2018-12-13 19:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2025-04-27 02:58 - 2020-07-16 07:42 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-27 02:58 - 2020-07-16 07:42 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-04-23 19:41 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-23 09:40 - 2019-01-10 18:30 - 000000000 ____D C:\Program Files\Microsoft Office
2025-04-12 17:55 - 2024-07-13 14:49 - 000000000 ____D C:\WINDOWS\system32\compatrel
2025-04-12 17:55 - 2019-12-07 16:44 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-12 17:54 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-12 09:47 - 2021-03-27 17:58 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-04-10 03:25 - 2018-12-14 02:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-04-07 11:34 - 2020-01-26 20:24 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Local\CrashDumps
2025-04-06 09:52 - 2023-11-17 16:26 - 000003716 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{5DF12039-6AFC-40B9-BE36-B40A6306EFE6}
2025-04-06 09:52 - 2023-11-17 16:26 - 000003592 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{B7D08817-B02B-43EF-9C91-D4017A77167F}
==================== Files in the root of some directories ========
2020-01-18 16:20 - 2020-01-18 16:20 - 000280796 _____ () C:\Users\Jaroslav Reichel\AppData\Roaming\we8_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2019-11-15 14:21 - 2019-11-15 14:21 - 000007605 _____ () C:\Users\Jaroslav Reichel\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2025
Ran by Jaroslav Reichel (02-05-2025 19:46:49)
Running from C:\Users\Jaroslav Reichel\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) (2021-03-27 16:21:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2966077403-802055689-1139997306-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2966077403-802055689-1139997306-503 - Limited - Disabled)
Guest (S-1-5-21-2966077403-802055689-1139997306-501 - Limited - Disabled)
Jaroslav Reichel (S-1-5-21-2966077403-802055689-1139997306-1001 - Administrator - Enabled) => C:\Users\Jaroslav Reichel
WDAGUtilityAccount (S-1-5-21-2966077403-802055689-1139997306-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 25.001.20474 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.8.0.0 - GIGABYTE Technology Co.,Inc.)
Call of Duty 4 - Modern Warfare verze 1.7 (HKLM-x32\...\{826D7727-6105-4C5D-A049-E4BADBC8BAAB}_is1) (Version: 1.7 - tomi2k9)
Call Of Duty(R) 2 (HKLM-x32\...\{DBECFA83-42DC-4585-A970-A764AB01A956}) (Version: 1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 6.11 - Piriform)
CPUID CPU-Z 1.91 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.91 - CPUID, Inc.)
Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
Driver Booster 9 (HKLM-x32\...\Driver Booster_is1) (Version: 9.1.0 - IObit)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.165 - Google Inc.) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Deskjet 3540 series Nápověda (HKLM-x32\...\{13EFEB9B-FB50-40C6-9F18-C3F38AAE81D1}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
K-Lite Mega Codec Pack 14.5.2 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.2 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.98 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.98 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.18623.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\OneDriveSetup.exe) (Version: 23.214.1015.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.10.25017 (HKLM\...\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.10.25017 (HKLM\...\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25017 (HKLM-x32\...\{68306422-7C57-373F-8860-D26CE4BA2A15}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25017 (HKLM-x32\...\{582EA838-9199-3518-A05C-DB09462F68EC}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 560.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.94 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.5 - Power Software Ltd)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.0 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Skype verze 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Studie vylepšování produktu HP Deskjet 3540 series (HKLM\...\{377A8182-90CD-4AD8-BF1C-B757EC83724E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.65.4 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1022 - McAfee, LLC)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 3540 series (HKLM\...\{4CCA7410-4D72-4720-87C2-DBB75486E991}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC [2024-12-12] ()
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.3011.1.0_x64__kgqvnymyfvs32 [2025-04-30] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.26.3000.0_x64__rz1tebttyb220 [2025-03-21] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2024-12-31] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-05] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-27] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-26] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-04-29] ()
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\nvshext.dll [2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 09:31 - 2023-11-12 20:56 - 000001633 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 get-seeders.com
127.0.0.1 tracker.cgpeers.to
127.0.0.1 proxy.siambit.me
127.0.0.1 tracker.iptorrent.com
127.0.0.1 zb-ann.com
127.0.0.1 www.eset.com
127.0.0.1 iploc.eset.com
127.0.0.1 repository.eset.com
127.0.0.1 www.avast.com
127.0.0.1 www.malwarebytes.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.edf.eset.com
127.0.0.1 www.update.eset.com
127.0.0.1 www.kaspersky.co.th
127.0.0.1 www.kaspersky.com.br
127.0.0.1 usa.kaspersky.com
127.0.0.1 ark.mwbsys.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 telemetry.malwarebytes.com
127.0.0.1 keystone.mwbsys.com
127.0.0.1 iavs9x.avg.u.avcdn.net
127.0.0.1 shepherd.ff.avast.com
127.0.0.1 iavs9x.u.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 www.avg.com
127.0.0.1 www.bitdefender.com
127.0.0.1 www.avira.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi 2: Qualcomm Atheros 11G USB Wireless Network Adapter -> athuwbx.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{8C447807-E6DE-4380-B43C-A3A9E3A1726C}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{49151329-B8F7-434B-85B1-F8AEA937E7DD}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{750646EF-A8BC-4465-BB8D-DF2AFBFE95FA}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{B6980FE1-78D0-402B-BB96-E57B3DBE2F6A}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{7956B952-3647-434E-8890-BC82644C2401}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{CDE04448-1F89-40E0-BDFE-9ED00B5E930B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E91A13F7-2221-44A1-BE72-55DAD6F6FD0B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CEFBB698-D78B-4EAD-8B4B-EECCE4138A28}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1016C69-7560-41A5-8AC6-76D7816AC948}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0257DE4B-7CE9-4C7C-AB95-60FBDB8BABB4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9B08EAC9-03CC-43AC-A3F4-58341A1CB7DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AAC02CA-E53E-40B7-9BE3-9C9E7A0A5088}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.98\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60173047-D48D-4FA6-9866-136AAA29C233}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C86E6DE4-B2B5-4F87-8B35-3EDE19C1DD9C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B3CF8EA-EBA8-4D3F-82EB-6569649941D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{278E5BF7-B6BE-48DD-9EF2-6413FCFEE6BD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{35F69948-16BC-42A8-8BED-3F5C6B639C86}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
==================== Restore Points =========================
12-04-2025 09:03:48 Instalační služba modulů systému Windows
23-04-2025 19:38:42 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (05/02/2025 07:40:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (05/02/2025 07:40:42 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Získání licence koncového uživatele se nezdařilo. hr=0xC004C060
ID SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
Error: (05/02/2025 07:40:42 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Podrobnosti chyby získávání licence
hr=0xC004C060
Error: (05/02/2025 07:40:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (05/02/2025 07:40:32 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Získání licence koncového uživatele se nezdařilo. hr=0xC004C060
ID SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
Error: (05/02/2025 07:40:32 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Podrobnosti chyby získávání licence
hr=0xC004C060
Error: (05/02/2025 07:40:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=5
Error: (05/02/2025 12:11:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (05/01/2025 08:16:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7ROS5EQ)
Description: Server {7E203817-236D-4E25-B5C9-EC22048B2B6D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1 milisekund: Restartovat službu.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ASUS Com Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ICEsound Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Windows Defender:
================
Date: 2025-04-25 13:17:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-19 19:35:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-17 15:24:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-15 08:57:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-12 16:34:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
CodeIntegrity:
===============
Date: 2024-11-12 16:38:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.
Date: 2024-11-12 16:38:18
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2023-11-25 18:48:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-11-05 12:33:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3602 03/26/2018
Motherboard: ASUSTeK COMPUTER INC. H81M-C
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 51%
Total physical RAM: 8127.95 MB
Available physical RAM: 3980 MB
Total Virtual: 9407.95 MB
Available Virtual: 4594.32 MB
==================== Drives ================================
Drive c: (Systém) (Fixed) (Total:360.27 GB) (Free:288.32 GB) (Model: ST2000DX001-1CM164) NTFS
Drive d: (Data) (Fixed) (Total:1501.69 GB) (Free:414.36 GB) (Model: ST2000DX001-1CM164) NTFS
\\?\Volume{50fb8be9-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{50fb8be9-0000-0000-0000-d0335a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 50FB8BE9)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=360.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=527 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1501.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
Ran by Jaroslav Reichel (administrator) on DESKTOP-7ROS5EQ (ASUS All Series) (02-05-2025 19:42:53)
Running from C:\Users\Jaroslav Reichel\Downloads\FRST64.exe
Loaded Profiles: Jaroslav Reichel
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(C:\Program Files\TeamViewer\TeamViewer.exe ->) (TeamViewer Germany GmbH -> ) C:\Program Files\TeamViewer\crashpad_handler.exe <2>
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe
(explorer.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(wscript.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269352 2019-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [456160 2019-09-15] (Power Software Limited -> Power Software Ltd)
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG -> Nero AG)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40412984 2023-04-26] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4419624 2025-04-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Print\Monitors\HP C711 Status Monitor: C:\Windows\system32\hpinkstsC711LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3540 series): C:\Windows\system32\HPDiscoPMC711.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64
HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb [2012-05-29]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\135.0.7049.116\Installer\chrmstp.exe [2025-04-29] (Google LLC -> Google LLC)
Startup: C:\Users\Jaroslav Reichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dll.js [2023-11-12] () [File not signed]
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {C576CEB8-EBF8-4D65-BEAF-9EBFDCCF8C77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {DEB9035E-9EE5-4AA4-B5EF-F2F72381D302} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7129.0{CAA1991C-8AC8-4790-964E-C3F5B310679E} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7129.0\updater.exe [7375968 2025-04-17] (Google LLC -> Google LLC)
Task: {F56ED2D2-0B90-4379-9E3E-1599DDB05BF4} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B003309-CEC0-4813-8320-08884F1744FF} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {699D5652-4FEC-4F9A-A7DF-60D2CC330FB0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {988443E6-BD3C-4AAB-84DD-75D4D8C2AF5A} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68360 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {A236DBA4-9CF6-4D6A-9D24-D2D3B4175981} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {9132D345-36F8-4440-88B2-61CDCE2870EA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {C075B164-567A-474D-B8AB-57906650AEDC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {522A0C3D-D05E-40D1-B102-6D8BA5F5C15F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [204400 2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {58D3CC20-4144-4B93-A146-3739A9CEE889} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6863381B-68B9-42CD-8115-37BC23B70964} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6ACC3C9-4186-40A3-9CD0-0EA7FC7BAF01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8C96F53B-234A-4430-937D-44BD2AA81262} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}: [DhcpNameServer] 172.16.0.1 172.16.0.1
Tcpip\..\Interfaces\{551d8299-2908-416b-a8bc-aa9d7e86b015}\255696368656C6F546F6D616F5B6C696D6E6564713: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{950c552e-0b41-4321-a994-df8bd6290d1d}: [DhcpNameServer] 192.168.255.1 192.168.255.101 172.16.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-01]
Edge Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bobgdmjpamhpbiobbklajbdkgmmmbcja [2024-05-16]
Edge Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-06]
Edge Extension: (Edge relevant text changes) - C:\Users\Jaroslav Reichel\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]
Edge HKLM\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
Edge HKLM-x32\...\Edge\Extension: [bobgdmjpamhpbiobbklajbdkgmmmbcja]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2025-04-30] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default [2025-05-02]
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2025-05-02]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2025-04-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-21]
CHR Extension: (DualSafe Password Manager & Digital Vault) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbjhdkjmpgjgcbcdlhkokkckpjmedgc [2025-04-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jaroslav Reichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-2966077403-802055689-1139997306-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [lgbjhdkjmpgjgcbcdlhkokkckpjmedgc]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13863152 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [943216 2025-04-30] (McAfee, LLC -> McAfee, LLC)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG -> Nero AG)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559304 2025-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [23743792 2025-04-16] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdTools64; C:\WINDOWS\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [109504 2019-01-10] (Alcorlink Corp. -> )
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2019-07-21] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-01-11] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2019-01-10] (Martin Malik - REALiX -> REALiX(tm))
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
U5 rtp_filesystem_filter; C:\Windows\System32\Drivers\rtp_filesystem_filter.sys [219448 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
U5 rtp_process_monitor; C:\Windows\System32\Drivers\rtp_process_monitor.sys [199992 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [165392 2017-08-01] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [605576 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [X]
S3 IUProcessFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [X]
S3 IURegistryFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-05-02 19:42 - 2025-05-02 19:42 - 002405376 _____ (Farbar) C:\Users\Jaroslav Reichel\Downloads\FRST64.exe
2025-05-02 19:42 - 2025-05-02 19:42 - 000000000 ____D C:\Users\Jaroslav Reichel\Downloads\FRST-OlderVersion
2025-05-01 10:40 - 2025-05-01 10:40 - 000002373 _____ C:\Users\Jaroslav Reichel\Desktop\AdwCleaner[C00].txt
2025-05-01 10:38 - 2025-05-01 10:39 - 000000000 ____D C:\AdwCleaner
2025-05-01 10:32 - 2025-05-01 10:32 - 009568256 _____ (Malwarebytes) C:\Users\Jaroslav Reichel\Desktop\adwcleaner.exe
2025-04-30 19:35 - 2025-04-30 19:52 - 000039439 _____ C:\Users\Jaroslav Reichel\Downloads\Addition.txt
2025-04-30 19:30 - 2025-05-02 19:45 - 000021844 _____ C:\Users\Jaroslav Reichel\Downloads\FRST.txt
2025-04-30 19:28 - 2025-05-02 19:44 - 000000000 ____D C:\FRST
2025-04-30 19:20 - 2025-04-30 19:20 - 000000000 ____D C:\Users\Jaroslav Reichel\Desktop\HijackThisPortable
2025-04-30 19:18 - 2025-04-30 19:18 - 002092160 _____ (PortableApps.com) C:\Users\Jaroslav Reichel\Desktop\HijackThisPortable_2.10.0.10.paf.exe
2025-04-30 19:11 - 2025-04-30 19:11 - 001549314 _____ C:\Users\Jaroslav Reichel\Desktop\nmr_portable.zip
2025-04-30 19:09 - 2025-04-30 19:09 - 000000000 ____D C:\Program Files\Malwarebytes
2025-04-30 19:08 - 2025-04-30 19:08 - 002834160 _____ (Malwarebytes) C:\Users\Jaroslav Reichel\Desktop\MBSetup.exe
2025-04-30 18:56 - 2025-04-30 18:56 - 010687344 _____ (ESET) C:\Users\Jaroslav Reichel\Desktop\eset_smart_security_premium_live_installer.exe
2025-04-30 18:43 - 2025-04-30 18:43 - 000000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2025-04-30 18:43 - 2025-04-30 18:43 - 000000887 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2025-04-30 18:42 - 2025-05-01 10:35 - 000000000 ____D C:\Program Files\TeamViewer
2025-04-30 18:38 - 2025-04-30 18:42 - 076670760 _____ (TeamViewer Germany GmbH) C:\Users\Jaroslav Reichel\Downloads\TeamViewer_Setup_x64.exe
2025-04-29 11:29 - 2025-04-29 11:29 - 003182665 _____ C:\Users\Jaroslav Reichel\Downloads\PFG_Komis._s_Kněževes_Reichel_podepsaná.pdf
2025-04-29 11:27 - 2025-04-29 11:27 - 003873861 _____ C:\Users\Jaroslav Reichel\Downloads\Kupní_smlouva_Košut_Kněževes-konverze.pdf
2025-04-29 11:27 - 2025-04-29 11:27 - 003068472 _____ C:\Users\Jaroslav Reichel\Downloads\ZP_Kněževes_u_Prahy.pdf
2025-04-29 11:26 - 2025-04-29 11:26 - 001576096 _____ C:\Users\Jaroslav Reichel\Downloads\PFG_invest_A4.pdf
2025-04-29 09:55 - 2025-04-29 09:55 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-04-29 09:53 - 2025-04-29 09:53 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2025-04-29 09:53 - 2025-04-29 09:53 - 000002130 _____ C:\Users\Public\Desktop\Acrobat Reader.lnk
2025-04-12 16:45 - 2025-04-12 16:50 - 046304064 _____ (Samsung Electronics) C:\Users\Jaroslav Reichel\Downloads\Smart.Switch.PC_Setup.exe
2025-04-12 16:19 - 2022-09-30 05:24 - 000174112 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2025-04-12 16:19 - 2022-09-30 05:23 - 000167440 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2025-04-12 16:18 - 2025-04-12 16:18 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2025-04-12 09:08 - 2025-04-12 09:08 - 000000000 ___HD C:\$WinREAgent
2025-04-05 09:24 - 2025-04-05 09:24 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-05-02 19:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-02 19:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-05-02 19:39 - 2020-01-18 16:11 - 000000000 ____D C:\ProgramData\NVIDIA
2025-05-02 12:11 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-01 10:41 - 2021-03-27 18:13 - 001619426 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-05-01 10:41 - 2019-12-07 16:43 - 000686884 _____ C:\WINDOWS\system32\perfh005.dat
2025-05-01 10:41 - 2019-12-07 16:43 - 000139312 _____ C:\WINDOWS\system32\perfc005.dat
2025-05-01 10:41 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Roaming\IObit
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\LocalLow\IObit
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\ProgramData\IObit
2025-05-01 10:39 - 2019-01-10 18:41 - 000000000 ____D C:\Program Files (x86)\IObit
2025-05-01 10:34 - 2024-09-11 20:16 - 000008192 ___SH C:\DumpStack.log.tmp
2025-05-01 10:34 - 2021-03-27 18:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-05-01 10:34 - 2021-03-27 17:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-04-30 18:46 - 2021-03-27 17:55 - 000288656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-04-30 18:46 - 2019-11-15 14:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2025-04-30 18:44 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-04-30 18:43 - 2019-11-15 14:59 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Local\TeamViewer
2025-04-30 18:37 - 2019-11-15 14:59 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Roaming\TeamViewer
2025-04-29 21:31 - 2021-12-18 10:12 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-04-29 21:31 - 2019-01-10 19:38 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-04-29 16:42 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-04-29 16:42 - 2018-12-13 19:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2025-04-27 02:58 - 2020-07-16 07:42 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-27 02:58 - 2020-07-16 07:42 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-04-23 19:41 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-23 09:40 - 2019-01-10 18:30 - 000000000 ____D C:\Program Files\Microsoft Office
2025-04-12 17:55 - 2024-07-13 14:49 - 000000000 ____D C:\WINDOWS\system32\compatrel
2025-04-12 17:55 - 2019-12-07 16:44 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2025-04-12 17:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-12 17:54 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-04-12 17:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-12 09:47 - 2021-03-27 17:58 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-04-10 03:25 - 2018-12-14 02:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-04-07 11:34 - 2020-01-26 20:24 - 000000000 ____D C:\Users\Jaroslav Reichel\AppData\Local\CrashDumps
2025-04-06 09:52 - 2023-11-17 16:26 - 000003716 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{5DF12039-6AFC-40B9-BE36-B40A6306EFE6}
2025-04-06 09:52 - 2023-11-17 16:26 - 000003592 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{B7D08817-B02B-43EF-9C91-D4017A77167F}
==================== Files in the root of some directories ========
2020-01-18 16:20 - 2020-01-18 16:20 - 000280796 _____ () C:\Users\Jaroslav Reichel\AppData\Roaming\we8_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2019-11-15 14:21 - 2019-11-15 14:21 - 000007605 _____ () C:\Users\Jaroslav Reichel\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2025
Ran by Jaroslav Reichel (02-05-2025 19:46:49)
Running from C:\Users\Jaroslav Reichel\Downloads
Microsoft Windows 10 Pro Version 22H2 19045.5737 (X64) (2021-03-27 16:21:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2966077403-802055689-1139997306-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2966077403-802055689-1139997306-503 - Limited - Disabled)
Guest (S-1-5-21-2966077403-802055689-1139997306-501 - Limited - Disabled)
Jaroslav Reichel (S-1-5-21-2966077403-802055689-1139997306-1001 - Administrator - Enabled) => C:\Users\Jaroslav Reichel
WDAGUtilityAccount (S-1-5-21-2966077403-802055689-1139997306-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 25.001.20474 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.8.0.0 - GIGABYTE Technology Co.,Inc.)
Call of Duty 4 - Modern Warfare verze 1.7 (HKLM-x32\...\{826D7727-6105-4C5D-A049-E4BADBC8BAAB}_is1) (Version: 1.7 - tomi2k9)
Call Of Duty(R) 2 (HKLM-x32\...\{DBECFA83-42DC-4585-A970-A764AB01A956}) (Version: 1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 6.11 - Piriform)
CPUID CPU-Z 1.91 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.91 - CPUID, Inc.)
Dream Aquarium (HKLM-x32\...\Dream Aquarium_is1) (Version: 1.0700 - )
Driver Booster 9 (HKLM-x32\...\Driver Booster_is1) (Version: 9.1.0 - IObit)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 135.0.7049.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.165 - Google Inc.) Hidden
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Deskjet 3540 series Nápověda (HKLM-x32\...\{13EFEB9B-FB50-40C6-9F18-C3F38AAE81D1}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Intel(R) Chipset Device Software (HKLM\...\{12CB6BC1-4E71-4890-AA0E-26CED6AD7EDD}) (Version: 10.1.1.13 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5063 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan)
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
K-Lite Mega Codec Pack 14.5.2 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.5.2 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.98 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.98 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProplusRetail - cs-cz) (Version: 16.0.18623.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\OneDriveSetup.exe) (Version: 23.214.1015.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.10.25017 (HKLM\...\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.10.25017 (HKLM\...\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25017 (HKLM-x32\...\{68306422-7C57-373F-8860-D26CE4BA2A15}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25017 (HKLM-x32\...\{582EA838-9199-3518-A05C-DB09462F68EC}) (Version: 14.10.25017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421029}) (Version: 7.02.9752 - Nero AG)
neroxml (HKLM-x32\...\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}) (Version: 1.0.0 - Nero AG) Hidden
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 560.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 560.94 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.5 - Power Software Ltd)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.0 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Skype verze 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
Studie vylepšování produktu HP Deskjet 3540 series (HKLM\...\{377A8182-90CD-4AD8-BF1C-B757EC83724E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.65.4 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.1022 - McAfee, LLC)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
Základní software zařízení HP Deskjet 3540 series (HKLM\...\{4CCA7410-4D72-4720-87C2-DBB75486E991}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC [2024-12-12] ()
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.3011.1.0_x64__kgqvnymyfvs32 [2025-04-30] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.26.3000.0_x64__rz1tebttyb220 [2025-03-21] (Dolby Laboratories)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2024-12-31] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-05] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-27] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-27] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-26] (NVIDIA Corp.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-04-29] ()
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_0afec3f2050014a0\nvshext.dll [2024-09-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-09-15] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-11-15] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-09-15 09:31 - 2023-11-12 20:56 - 000001633 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 get-seeders.com
127.0.0.1 tracker.cgpeers.to
127.0.0.1 proxy.siambit.me
127.0.0.1 tracker.iptorrent.com
127.0.0.1 zb-ann.com
127.0.0.1 www.eset.com
127.0.0.1 iploc.eset.com
127.0.0.1 repository.eset.com
127.0.0.1 www.avast.com
127.0.0.1 www.malwarebytes.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.edf.eset.com
127.0.0.1 www.update.eset.com
127.0.0.1 www.kaspersky.co.th
127.0.0.1 www.kaspersky.com.br
127.0.0.1 usa.kaspersky.com
127.0.0.1 ark.mwbsys.com
127.0.0.1 settings-win.data.microsoft.com
127.0.0.1 telemetry.malwarebytes.com
127.0.0.1 keystone.mwbsys.com
127.0.0.1 iavs9x.avg.u.avcdn.net
127.0.0.1 shepherd.ff.avast.com
127.0.0.1 iavs9x.u.avast.com
127.0.0.1 v7event.stats.avast.com
127.0.0.1 www.avg.com
127.0.0.1 www.bitdefender.com
127.0.0.1 www.avira.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi 2: Qualcomm Atheros 11G USB Wireless Network Adapter -> athuwbx.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_41D030032786FFC48599CF981922C637"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{8C447807-E6DE-4380-B43C-A3A9E3A1726C}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{49151329-B8F7-434B-85B1-F8AEA937E7DD}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{750646EF-A8BC-4465-BB8D-DF2AFBFE95FA}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [UDP Query User{B6980FE1-78D0-402B-BB96-E57B3DBE2F6A}C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe] => (Block) C:\program files\hp\hp deskjet 3540 series\bin\hpnetworkcommunicatorcom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{7956B952-3647-434E-8890-BC82644C2401}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{CDE04448-1F89-40E0-BDFE-9ED00B5E930B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E91A13F7-2221-44A1-BE72-55DAD6F6FD0B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CEFBB698-D78B-4EAD-8B4B-EECCE4138A28}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E1016C69-7560-41A5-8AC6-76D7816AC948}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0257DE4B-7CE9-4C7C-AB95-60FBDB8BABB4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9B08EAC9-03CC-43AC-A3F4-58341A1CB7DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3214.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6AAC02CA-E53E-40B7-9BE3-9C9E7A0A5088}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.98\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60173047-D48D-4FA6-9866-136AAA29C233}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C86E6DE4-B2B5-4F87-8B35-3EDE19C1DD9C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B3CF8EA-EBA8-4D3F-82EB-6569649941D2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{278E5BF7-B6BE-48DD-9EF2-6413FCFEE6BD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{35F69948-16BC-42A8-8BED-3F5C6B639C86}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
==================== Restore Points =========================
12-04-2025 09:03:48 Instalační služba modulů systému Windows
23-04-2025 19:38:42 Instalační služba modulů systému Windows
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (05/02/2025 07:40:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (05/02/2025 07:40:42 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Získání licence koncového uživatele se nezdařilo. hr=0xC004C060
ID SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
Error: (05/02/2025 07:40:42 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Podrobnosti chyby získávání licence
hr=0xC004C060
Error: (05/02/2025 07:40:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (05/02/2025 07:40:32 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Získání licence koncového uživatele se nezdařilo. hr=0xC004C060
ID SKU=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c
Error: (05/02/2025 07:40:32 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Podrobnosti chyby získávání licence
hr=0xC004C060
Error: (05/02/2025 07:40:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=5
Error: (05/02/2025 12:11:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
hr=0x80004005
Argument příkazového řádku:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
System errors:
=============
Error: (05/01/2025 08:16:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7ROS5EQ)
Description: Server {7E203817-236D-4E25-B5C9-EC22048B2B6D} se v daném časovém limitu neregistroval u služby DCOM.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1 milisekund: Restartovat službu.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ASUS Com Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba ICEsound Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (05/01/2025 10:39:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.
Windows Defender:
================
Date: 2025-04-25 13:17:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-19 19:35:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-17 15:24:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-15 08:57:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-12 16:34:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2025-01-18 09:53:34
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.1382.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antivirový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Date: 2023-11-17 10:27:20
Description:
Antivirová ochrana v programu Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.401.654.0
Update Source: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Security intelligence Type: Antispywarový program
Update Type: Úplné
Current Engine Version:
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070020
Error description: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
CodeIntegrity:
===============
Date: 2024-11-12 16:38:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.
Date: 2024-11-12 16:38:18
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2023-11-25 18:48:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-11-05 12:33:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3602 03/26/2018
Motherboard: ASUSTeK COMPUTER INC. H81M-C
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 51%
Total physical RAM: 8127.95 MB
Available physical RAM: 3980 MB
Total Virtual: 9407.95 MB
Available Virtual: 4594.32 MB
==================== Drives ================================
Drive c: (Systém) (Fixed) (Total:360.27 GB) (Free:288.32 GB) (Model: ST2000DX001-1CM164) NTFS
Drive d: (Data) (Fixed) (Total:1501.69 GB) (Free:414.36 GB) (Model: ST2000DX001-1CM164) NTFS
\\?\Volume{50fb8be9-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{50fb8be9-0000-0000-0000-d0335a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 50FB8BE9)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=360.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=527 MB) - (Type=27)
Partition 4: (Not Active) - (Size=1501.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\Users\Jaroslav Reichel\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\Program Files (x86)\IObit
C:\DumpStack.log.tmp
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
EmptyTemp:
Hosts:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
djkarer1994
- Návštěvník
- Příspěvky: 16
- Registrován: 02 srp 2016 20:27
Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-05-2025
Ran by Jaroslav Reichel (04-05-2025 14:46:15) Run:1
Running from C:\Users\Jaroslav Reichel\Downloads
Loaded Profiles: Jaroslav Reichel
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\Program Files (x86)\IObit
C:\DumpStack.log.tmp
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-2966077403-802055689-1139997306-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RKWETEJG4L" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC56957F-56E9-45EB-ABE6-1253BF559853}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC56957F-56E9-45EB-ABE6-1253BF559853}" => removed successfully
C:\WINDOWS\System32\Tasks\Skype => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skype" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"C:\Program Files (x86)\IObit" Folder move:
C:\Program Files (x86)\IObit => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{ee10d625-cc60-30a4-b3df-4b349785be6b} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 918775160 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 452183198 B
Edge => 0 B
Chrome => 108511003 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 198 B
LocalService => 1709650 B
NetworkService => 12260894 B
Jaroslav Reichel => 76697791 B
RecycleBin => 198870836 B
EmptyTemp: => 1.6 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-05-2025 14:53:40)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 14:53:40 ====
Ran by Jaroslav Reichel (04-05-2025 14:46:15) Run:1
Running from C:\Users\Jaroslav Reichel\Downloads
Loaded Profiles: Jaroslav Reichel
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2966077403-802055689-1139997306-1001\...\Run: [RKWETEJG4L] => C:\Users\Jaroslav Reichel\AppData\Local\Temp\dll.js [86058 2023-11-12] () [File not signed] <==== ATTENTION
Task: {CC56957F-56E9-45EB-ABE6-1253BF559853} - System32\Tasks\Skype => C:\Users\Jaroslav [1726 2023-11-17] () [File not signed] <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\Program Files (x86)\IObit
C:\DumpStack.log.tmp
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKU\S-1-5-21-2966077403-802055689-1139997306-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RKWETEJG4L" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC56957F-56E9-45EB-ABE6-1253BF559853}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC56957F-56E9-45EB-ABE6-1253BF559853}" => removed successfully
C:\WINDOWS\System32\Tasks\Skype => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skype" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"C:\Program Files (x86)\IObit" Folder move:
C:\Program Files (x86)\IObit => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{ee10d625-cc60-30a4-b3df-4b349785be6b} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenu => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 918775160 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 452183198 B
Edge => 0 B
Chrome => 108511003 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 198 B
LocalService => 1709650 B
NetworkService => 12260894 B
Jaroslav Reichel => 76697791 B
RecycleBin => 198870836 B
EmptyTemp: => 1.6 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-05-2025 14:53:40)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 14:53:40 ====
-
Rudy
- Site Admin
- Příspěvky: 119309
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: PC napaden, nejde spustit avast, ESET, ani ONLINE ESET
Smazáno. Změnilo se něcvo k lepšímu?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?