Musim vysvetlit o co vlastne jde.
70 lety pan majitel jedne firmy,podvedli ho tim zpusobem jako tady litaji ty financni podvodne reklamy s Babisem apod. o super investici.
mno takze ho podvodnik prvne prippravil o 50000 ktere pan vlozil a pote ho podvodnik primel,v odkazu ktery mu poslal aby tam vyplnil svuj bank.ucet i s heslama.
Pote mu vyprazdnil onen ucet a bohuzel pan mel i firemni ucet se stejnym heslem takze mu vyprazdnil i ten.
A ma dokonce i nejaky hackerskym zpusobem pristup k tomuto pocitaci viz.screen .
Cely system bych nejradsi preinstaloval ale pan tu ma dulezite veci ,ale bojim se udelat zalohy abych nezalohoval taky nejak tu havet.
Tak prosim o kontrolu LOGU z FRST
Ale odkaz na RSIT nefunguje......
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2025
Ran by Ucetni (administrator) on DESKTOP-QRJP0SN (Dell Inc. Vostro 3500) (14-06-2025 19:26:19)
Running from C:\Users\Ucetni\Desktop\FRST64.exe
Loaded Profiles: Ucetni
Platform: Microsoft Windows 11 Pro Version 24H2 26100.4349 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2025
Ran by Ucetni (14-06-2025 19:28:31)
Running from C:\Users\Ucetni\Desktop
Microsoft Windows 11 Pro Version 24H2 26100.4349 (X64) (2025-01-31 07:36:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1058928459-3102352049-2094433404-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1058928459-3102352049-2094433404-503 - Limited - Disabled)
Guest (S-1-5-21-1058928459-3102352049-2094433404-501 - Limited - Disabled)
Ucetni (S-1-5-21-1058928459-3102352049-2094433404-1001 - Administrator - Enabled) => C:\Users\Ucetni
WDAGUtilityAccount (S-1-5-21-1058928459-3102352049-2094433404-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 25.001.20531 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Dell Digital Delivery Services (HKLM-x32\...\{E9CD23E0-FC9B-4AE6-83A1-067FC62A39E7}) (Version: 5.5.0.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{396C54DB-3C24-4AD5-B514-F9FCEC2B7637}) (Version: 4.8.2.29006 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{F5391400-4596-46A6-9D3C-9D7647230679}) (Version: 5.5.13.0 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2b5a1544-c837-4b31-acb8-cb096c96013f}) (Version: 5.5.13.0 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{D3EFD276-F67A-45CD-B8A3-7CE38B2FF434}) (Version: 5.5.13.0 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{c7ccf084-ab05-431c-8474-6b66df04f996}) (Version: 5.5.13.0 - Dell Inc.)
Dell Update for Windows Universal (HKLM\...\{DD342307-7348-4643-9646-7CD06D2B206A}) (Version: 5.3.0 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{0AFA46DB-6E86-479E-BF66-B25C29324A5F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
File Viewer Plus 4 (HKLM-x32\...\{5C61A881-C34E-405E-8C33-800821A618CF}_is1) (Version: 4.3.0 - Sharpened Productions)
Fusion Service (HKLM\...\{93D141B9-9B5E-485B-8ED1-97DE741EE768}) (Version: 2.1.31.0 - Dell.Inc) Hidden
Fusion Service (HKLM-x32\...\{ffc059c4-83f8-496f-951c-6fadf33c8e89}) (Version: 2.1.31.0 - Dell.Inc)
Goodix Fingerprint Driver (HKLM\...\{60FAB781-18F2-4D2B-A8E7-B3AADD327955}_is1) (Version: 3.0.38.600 - Goodix, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 137.0.7151.104 - Google LLC)
Intel Software Package (HKLM-x32\...\{e1d93543-7ba0-4927-aa7f-09c5fc7f25df}) (Version: 8.7.10600.20700 - Intel) Hidden
Intel(R) Dynamic Tuning (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.7.10600.20700 - Intel Corporation)
Intel(R) LMS (HKLM\...\{81B9108D-91B3-4E6A-B5A4-28C67EBFC12A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) LMS (HKLM\...\{A47874B5-99CC-4506-B0A0-D5E142FD17A5}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2141.15.0.2511 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{97C59670-D20F-4FF0-AB3D-9F58938D45B9}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{F0B4B693-5A70-48F4-B50F-F1E3FB226A82}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Software Installer (HKLM-x32\...\{bbc40478-54e7-4914-965f-de8043a2ed0e}) (Version: 22.100.0.3 - Intel Corporation) Hidden
KONICA MINOLTA C759_C658_C368_C287_C3851Series (HKLM\...\KONICA MINOLTA C759_C658_C368_C287_C3851Series Installer) (Version: - KONICA MINOLTA)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.33 (x64) (HKLM\...\{8584855C-3B2B-4F95-BE1D-CCA5B6DE2815}) (Version: 48.132.18378 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.20 (x64) (HKLM\...\{76FA02FF-603F-48BB-9E3F-17ED5DB861E8}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.33 (x64) (HKLM\...\{62A8E894-9FD1-45A0-A4D0-BD9FA854818D}) (Version: 48.132.18378 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.20 (x64) (HKLM\...\{6CE8AD8C-E6D5-4BF7-91C3-7F8106A5CD93}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x64) (HKLM-x32\...\{403b0cfe-5969-462d-8eb2-aafde344360e}) (Version: 6.0.20.32620 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.33 (x64) (HKLM\...\{07BE9B02-0247-471C-B06F-A3B1A8FA9216}) (Version: 48.132.18378 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18827.20140 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18827.20140 - Microsoft Corporation)
Microsoft 365 - hu-hu (HKLM\...\O365HomePremRetail - hu-hu) (Version: 16.0.18827.20140 - Microsoft Corporation)
Microsoft 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 16.0.18827.20140 - Microsoft Corporation)
Microsoft 365 - sk-sk (HKLM\...\O365HomePremRetail - sk-sk) (Version: 16.0.18827.20140 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 137.0.3296.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 137.0.3296.68 - Microsoft Corporation) Hidden
Microsoft Office 2019 pro domácnosti a podnikatele - cs-cz (HKLM\...\HomeBusiness2019Retail - cs-cz) (Version: 16.0.18827.20140 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.095.0518.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 (HKLM\...\{7D0B74C2-C3F8-4AF1-940F-CD79AB4B2DCE}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 (HKLM\...\{EEA66967-97E2-4561-A999-5C22E3CDE428}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.33 (x64) (HKLM\...\{A59F43A6-AADB-42EB-883B-2FE4E3AA3A69}) (Version: 48.132.18374 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.33 (x64) (HKLM-x32\...\{ecb94bc3-963d-412a-b141-8b7c32ef103f}) (Version: 6.0.33.33916 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
Mozilla Firefox ESR (x64 cs) (HKLM\...\Mozilla Firefox 128.11.0 ESR (x64 cs)) (Version: 128.11.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.14.0 - Mozilla)
Navitel Navigator update center (HKLM-x32\...\Navitel Navigator update center) (Version: 2.4.0.63 - Center of Navigation Technologies)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20140 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0415-1000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Popisovač CD/DVD 4.2 (HKLM-x32\...\Popisovač CD/DVD_is1) (Version: - PS Media s.r.o.)
PSČ - poštovní směrovací čísla verze 1.5 (HKLM-x32\...\PSČ - poštovní směrovací čísla_is1) (Version: 1.5 - )
RAALTRANS 8.552 (HKLM-x32\...\RAALTRANS 8.552) (Version: - )
RAALTRANS 9.066 (HKLM-x32\...\RAALTRANS 9.066) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.19042.31267 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.57.330.2022 - Realtek)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.59.0 - Samsung Electronics Co., Ltd.)
ScreenConnect Client (7cf054d651808158) (HKLM-x32\...\{3E5DF50F-C29E-A89F-448B-BF3BF6B67EFB}) (Version: 24.1.6.8875 - ScreenConnect Software)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.22112.1 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.22112.1 - Samsung Electronics Co., Ltd.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.00 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Wondershare PDFelement ( Version 9.3.5 ) (HKLM\...\{BC2AC233-DEF1-4D05-B6B8-6B46AA69E885}_is1) (Version: 9.3.5 - Wondershare)
Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-06-11] ()
@{MicrosoftWindows.Client.CoreAI_1000.26100.4061.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CoreAI/AIXHost/ClickToDo/AppDisplayName} -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-11] (Microsoft Windows)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-06-11] ()
Akce kliknutím (náhled) -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-06-11] (Microsoft Windows)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Balíček prostředí funkcí systému Windows -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.54792954.Filons_cw5n1h2txyewy [2025-06-11] (Microsoft Windows)
Balíček prostředí funkcí systému Windows -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.56978801.Voiess_cw5n1h2txyewy [2025-06-11] (Microsoft Windows)
Balíček prostředí funkcí systému Windows -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.57058570.Speion_cw5n1h2txyewy [2025-06-11] (Microsoft Windows)
Balíček prostředí funkcí systému Windows -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.57074914.Livtop_cw5n1h2txyewy [2025-06-11] (Microsoft Windows)
Dell Customer Connect -> C:\Program Files\WindowsApps\DellInc.DellCustomerConnect_5.5.5.0_x64__htrsf667h5kn2 [2024-10-29] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.5.0.0_x64__htrsf667h5kn2 [2025-02-06] (Dell Inc)
Dell Mobile Connect 3.3 -> C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0 [2024-10-29] (Screenovate Technologies) [Startup Task]
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_4.8.1.0_x64__htrsf667h5kn2 [2025-04-14] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_5.3.44.0_x86__htrsf667h5kn2 [2024-05-06] (Dell Inc)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-01-11] (Microsoft Corporation)
File Viewer Plus 4 -> C:\Program Files\WindowsApps\SharpenedProductions.FileViewerPlus4_4.3.2.0_x86__xkt78gamzntbr [2024-10-29] (Sharpened Productions)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1042.0_x64__8j3eq9eme6ctt [2025-04-24] (INTEL CORP)
KONICA MINOLTA Print Experience -> C:\Program Files\WindowsApps\KONICAMINOLTAINC.KONICAMINOLTAPrintExperience_2.4.0.0_neutral__s63fsn2sety0r [2024-03-05] (KONICA MINOLTA INC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-09-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-09-30] (Microsoft Corporation) [MS Ad]
Microsoft.Edge.GameAssist -> C:\Program Files\WindowsApps\Microsoft.Edge.GameAssist_1.0.3336.0_x64__8wekyb3d8bbwe [2025-05-30] (Microsoft Corporation)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.41.3.0_x64__8wekyb3d8bbwe [2025-06-12] (Microsoft Corporation)
My Dell -> C:\Program Files\WindowsApps\DellInc.MyDell_2.2.6.0_x64__htrsf667h5kn2 [2024-10-29] (Dell Inc)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-06-10] ()
Partner Promo -> C:\Program Files\WindowsApps\DellInc.PartnerPromo_1.0.21.0_x64__htrsf667h5kn2 [2023-09-28] (Dell Inc)
RIG Truck Parking -> C:\Program Files\WindowsApps\34259GameCanvas.RIGTruckParking_1.2.0.1_x86__69qvq4vcm5k9t [2023-03-29] (Game Canvas)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.150.3125.0_x64__kzf8qxf38zg5c [2025-05-07] (Skype)
Speech Pack - English (Australia) -> C:\Program Files\WindowsApps\MicrosoftWindows.Speech.en-AU.1_1.0.13.0_x64__cw5n1h2txyewy [2025-04-07] (Microsoft Windows)
Trash Truck Simulator -> C:\Program Files\WindowsApps\SkisoSoft.TrashTruckSimulator_1.5.0.0_x64__bdkna9a3jrn5p [2023-03-29] (SkisoSoft)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2523.1.0_x64__cv1g1gvanyjgm [2025-06-12] (WhatsApp Inc.) [Startup Task]
Widget Launcher -> C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_5.0.7.0_x64__agy8jafheqhng [2025-05-30] (Chan Software Solutions) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1058928459-3102352049-2094433404-1001_Classes\CLSID\{04271989-C4D2-5B76-454C-69E132D8D441} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1058928459-3102352049-2094433404-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-1058928459-3102352049-2094433404-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [PDFelement.ContextMenu] -> {ea6c980d-7823-3752-88ac-d43b3a873d20} => C:\Program Files\Common Files\Wondershare\PDFelement9\Shell Extensions\PEShellContextMenu4.exe [2023-01-13] (Wondershare Technology Group Co.,Ltd -> Wondershare)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_d51acc8493d6b911\OptaneShellExt.dll [2022-10-27] (Intel Corporation -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncShell64.dll [2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2022-07-15 19:00 - 2022-07-15 19:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2021-06-22 14:20 - 2021-06-22 14:20 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2021-06-22 14:20 - 2021-06-22 14:20 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (7cf054d651808158) => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2022-06-30 07:07 - 2023-10-02 12:32 - 000000612 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1058928459-3102352049-2094433404-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Wi-Fi: Intel(R) Wireless-AC 9462 -> Netwtw10.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-1058928459-3102352049-2094433404-1001\...\StartupApproved\Run: => "Service for Navitel Navigator Update Center"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{081BE4FA-92E9-49B5-9743-89C2166B82F8}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{65A9303A-6D0B-4418-B043-FF5D6859C6AB}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D5DE6B3B-3978-429D-A37B-CA2746871482}C:\raal\rtw9066\klient\rtw9.exe] => (Allow) C:\raal\rtw9066\klient\rtw9.exe (ComArr s.r.o.) [File not signed]
FirewallRules: [TCP Query User{4E74C225-2121-410A-A741-825FF935E711}C:\raal\rtw9066\klient\rtw9.exe] => (Allow) C:\raal\rtw9066\klient\rtw9.exe (ComArr s.r.o.) [File not signed]
FirewallRules: [UDP Query User{0CE222C9-1681-4D1F-B2E5-B2A1767B5902}C:\raal\rtw9066\klient\rtw9.exe] => (Allow) C:\raal\rtw9066\klient\rtw9.exe (ComArr s.r.o.) [File not signed]
FirewallRules: [TCP Query User{0A325BC5-7352-4BFA-BE43-F6B23DCB26D6}C:\raal\rtw9066\klient\rtw9.exe] => (Allow) C:\raal\rtw9066\klient\rtw9.exe (ComArr s.r.o.) [File not signed]
FirewallRules: [{32E2368D-9843-411B-AB18-087F42079538}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DA437C03-F2F2-49FF-9036-DC368FB7B893}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{287F77CF-841E-40D5-A2D6-D234B9E84C1F}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [{6A7489BD-F8DA-4836-BD65-6CD6AB7C6171}] => (Allow) C:\Program Files\WindowsApps\ScreenovateTechnologies.DellMobileConnect_3.3.9809.0_x64__0vhbc3ng4wbp0\app\DellMobileConnectClient.exe (6B081F61-C764-4F21-995F-B463D0640577 -> Screenovate Technologies Ltd.)
FirewallRules: [TCP Query User{67281DA0-3E4E-43A6-B342-A810D483D88E}C:\raal\raal\rtw8552\klient\rtw8.exe] => (Allow) C:\raal\raal\rtw8552\klient\rtw8.exe (ComArr s.r.o.) [File not signed]
FirewallRules: [UDP Query User{BE30162E-EF14-4102-8E8D-BC31F22445A5}C:\raal\raal\rtw8552\klient\rtw8.exe] => (Allow) C:\raal\raal\rtw8552\klient\rtw8.exe (ComArr s.r.o.) [File not signed]
FirewallRules: [{8878EB21-80DE-45DA-A4E4-2D2A16D10362}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B411E7B-0363-4520-BAD4-E469D3894151}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24335.208.3315.1951_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{399F96CA-8EA8-4AF1-9E61-122AF5D8AE94}] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0E554A9F-22FC-44CE-A47F-A2867E49A509}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{526D9B7B-435C-4DFA-AF6B-9CAC3CE599C3}] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{33979DCA-EA2A-440E-B748-AF77D0A374EA}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\137.0.3296.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F0DEF19-E508-4B22-B5D8-BA0B04D154CD}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{49441D2A-C81C-43AE-B94C-8443E9BE6C80}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E6316EC9-8FB6-432A-A49D-4FBF06D880DC}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8C982661-465B-4E22-B58B-BE98CCE89660}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9B01E95B-943F-4397-95AA-8389ADBDB489}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2D18D8CA-A1B2-4DB6-85D6-50FF7D94188C}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{42235425-0112-4C03-B62A-14A6C2491084}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1A544FF1-E9E5-4F2F-91E3-C41C779C7C0C}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9AC7B8FB-1C27-4A24-97B1-D48D852E4926}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{90CEFB12-D92A-468D-A95D-D2FB7EBE095F}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{BFCE6EF0-5842-4C3C-B370-621BCDD29F32}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{452DDF1B-B40E-4EF9-B44E-65F648C9AD16}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4F89289C-76C3-4ABD-B27E-09E9E5B3E2E7}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{8EEA14FC-CDD4-42B9-AF87-3F30FF2D7712}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{4AC8376B-783C-489B-B737-753B02F9F647}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{A19ABF33-B734-4518-8554-BD7866ED60AA}] => (Allow) C:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{660E4688-4847-4433-A969-CF00B7648F1C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:458.61 GB) (Free:344.32 GB) (75%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/14/2025 12:54:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {1a484662-6e08-4187-b3c8-63e9c3b026fb}
Error: (06/14/2025 12:36:48 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {1a484662-6e08-4187-b3c8-63e9c3b026fb}
Error: (06/12/2025 02:07:30 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {1a484662-6e08-4187-b3c8-63e9c3b026fb}
Error: (06/12/2025 01:36:50 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {1a484662-6e08-4187-b3c8-63e9c3b026fb}
Error: (06/11/2025 01:49:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {4cb33a7d-9e2a-4a57-88c3-3660c0df45b8}
Error: (06/11/2025 01:31:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {4cb33a7d-9e2a-4a57-88c3-3660c0df45b8}
Error: (06/11/2025 01:30:18 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {589344d7-4a0a-48a8-b72b-77e91c714fa5}
Error: (06/11/2025 01:15:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen..To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.
Operace:
Shromažďování dat modulu pro zápis
Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {589344d7-4a0a-48a8-b72b-77e91c714fa5}
System errors:
=============
Error: (06/13/2025 08:12:54 PM) (Source: Microsoft-Windows-HAL) (EventID: 21) (User: NT AUTHORITY)
Description: Hardwarové hodiny v reálném čase nebyly nastaveny, protože selhalo vyhodnocení metody ACPI Time and Alarm Device. Stav: 3221225659.
Error: (06/13/2025 08:12:54 PM) (Source: Microsoft-Windows-HAL) (EventID: 20) (User: NT AUTHORITY)
Description: Hardwarové hodiny v reálném čase nebyly dotazovány, protože selhalo vyhodnocení metody ACPI Time and Alarm Device. Stav: 3221225659.
Error: (06/13/2025 08:12:54 PM) (Source: Microsoft-Windows-HAL) (EventID: 21) (User: NT AUTHORITY)
Description: Hardwarové hodiny v reálném čase nebyly nastaveny, protože selhalo vyhodnocení metody ACPI Time and Alarm Device. Stav: 3221225659.
Error: (06/13/2025 08:12:54 PM) (Source: Microsoft-Windows-HAL) (EventID: 20) (User: NT AUTHORITY)
Description: Hardwarové hodiny v reálném čase nebyly dotazovány, protože selhalo vyhodnocení metody ACPI Time and Alarm Device. Stav: 3221225659.
Error: (06/13/2025 08:11:54 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Na miniportu Microsoft Wi-Fi Direct Virtual Adapter #2, {11466b95-d5d7-4517-88a0-b48f96679b1b}, došlo k události 74.
Error: (06/13/2025 06:28:37 AM) (Source: Microsoft-Windows-HAL) (EventID: 21) (User: NT AUTHORITY)
Description: Hardwarové hodiny v reálném čase nebyly nastaveny, protože selhalo vyhodnocení metody ACPI Time and Alarm Device. Stav: 3221225659.
Error: (06/13/2025 06:28:37 AM) (Source: Microsoft-Windows-HAL) (EventID: 20) (User: NT AUTHORITY)
Description: Hardwarové hodiny v reálném čase nebyly dotazovány, protože selhalo vyhodnocení metody ACPI Time and Alarm Device. Stav: 3221225659.
Error: (06/13/2025 06:28:35 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-QRJP0SN)
Description: Server {544C4C52-DE0B-4D14-9510-21745381D5CA} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
================
Date: 2025-06-14 10:39:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
KOntrola ID: {7C81A179-0B5E-45F2-97AC-4B922238CA26}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Důvod zastavení: Şсħęđüłєð ščдñ шåš śκīрρėď вэċäûšě τћě ℓãšŧ ŝџçčĕśѕƒŭŀ šçãņ ωąŝ ŵìťĥīñ тћє łàśŧ 7 δàўş
Date: 2025-06-13 20:22:27
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
KOntrola ID: {3DD08F06-83FB-429A-9F79-1A2F9A06CBC9}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Důvod zastavení: Şсħęđüłєð ščдñ шåš śκīрρėď вэċäûšě τћě ℓãšŧ ŝџçčĕśѕƒŭŀ šçãņ ωąŝ ŵìťĥīñ тћє łàśŧ 7 δàўş
Date: 2025-06-10 10:30:54
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
KOntrola ID: {92DB49BC-910D-4BE7-A4B4-60776B541015}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Důvod zastavení: Şсħęđüłєð ščдñ шåš śκīрρėď вэċäûšě τћě ℓãšŧ ŝџçčĕśѕƒŭŀ šçãņ ωąŝ ŵìťĥīñ тћє łàśŧ 7 δàўş
Date: 2025-06-09 12:22:26
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
KOntrola ID: {45286863-92B9-4DA4-89C2-047DC16B0B14}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Důvod zastavení: Şсħęđüłєð ščдñ шåš śκīрρėď вэċäûšě τћě ℓãšŧ ŝџçčĕśѕƒŭŀ šçãņ ωąŝ ŵìťĥīñ тћє łàśŧ 7 δàўş
Date: 2025-06-08 10:42:08
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
KOntrola ID: {37A2415C-4205-48EA-B32F-5BEF2BFFD7FF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Důvod zastavení: Şсħęđüłєð ščдñ шåš śκīрρėď вэċäûšě τћě ℓãšŧ ŝџçčĕśѕƒŭŀ šçãņ ωąŝ ŵìťĥīñ тћє łàśŧ 7 δàўş
Event[0]
Date: 2025-04-12 00:52:28
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.427.190.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.25030.1
Kód chyby: 0x8024402c
Popis chyby: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2025-04-07 06:43:22
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.427.24.0
Zdroj aktualizace: Microsoft Malware Protection Center
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.25030.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-04-07 06:43:22
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.427.24.0
Zdroj aktualizace: Microsoft Malware Protection Center
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.25030.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-04-07 06:43:22
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.427.24.0
Zdroj aktualizace: Microsoft Malware Protection Center
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.25030.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2025-04-07 06:43:22
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.427.24.0
Zdroj aktualizace: Microsoft Malware Protection Center
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.25030.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
CodeIntegrity:
===============
Date: 2025-06-12 00:30:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\lsass.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.WindowsAuthenticationPackage.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. 1.37.0 02/27/2025
Motherboard: Dell Inc. 0GGCMJ
Processor: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40GHz
Percentage of memory in use: 80%
Total physical RAM: 7914.79 MB
Available physical RAM: 1537.39 MB
Total Virtual: 11370.79 MB
Available Virtual: 2746.69 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:458.61 GB) (Free:344.32 GB) (Model: NVMe PM991a NVMe Samsung 512GB) NTFS
\\?\Volume{0d737aeb-d27a-4d9e-a82b-27c31c1f6101}\ () (Fixed) (Total:1.27 GB) (Free:0.08 GB) NTFS
\\?\Volume{0833af87-27e0-4c43-b981-6d7711681da7}\ (Image) (Fixed) (Total:15.27 GB) (Free:0.17 GB) NTFS
\\?\Volume{41512d47-7bd1-4b26-93c4-03f53c852826}\ (DELLSUPPORT) (Fixed) (Total:1.4 GB) (Free:0.38 GB) NTFS
\\?\Volume{036b1d81-2de1-48a8-9419-23001abf86f6}\ (ESP) (Fixed) (Total:0.24 GB) (Free:0.16 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 513B8622)
Partition: GPT.
==================== End of Addition.txt =======================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.ClientService.exe ->) (Connectwise, LLC -> ScreenConnect Software) C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.WindowsClient.exe
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.Update.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.CoreServices.Client.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b20183c0e1a9d643\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b20183c0e1a9d643\igfxEMN.exe
(explorer.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Program Files\Wondershare\PDFelement9\PENotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Connectwise, LLC -> ) C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.ClientService.exe
(services.exe ->) (Dell Inc -> Dell Inc.) C:\Program Files\Dell\Fusion\FusionService.exe
(services.exe ->) (Dell Inc. -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Technologies Inc. -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Technologies Inc. -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Intel Corporation -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_564a6f565b40bd5f\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b20183c0e1a9d643\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_8a3f88e34f6b8385\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_15c9ea6001a5206d\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a66e3c7509fdda6f\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_b966ea70c5407e74\WMIRegistrationService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Shenzhen Goodix Technology Co., Ltd. -> Goodix) C:\Windows\System32\drivers\SessionService.exe
(sihost.exe ->) (61773884-FD83-4DAD-91D2-1ECD4DCEF5D4 -> WindowsWidgets.WinUI) C:\Program Files\WindowsApps\48405AmbientSoftware.WidgetsFree_5.0.7.0_x64__agy8jafheqhng\WindowsWidgets.WinUI.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25042.38.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.41.3.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsCopilotRuntimeActions.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" [90353984 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966728 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966728 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1058928459-3102352049-2094433404-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966728 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1058928459-3102352049-2094433404-1001\...\Run: [Service for Navitel Navigator Update Center] => C:\Program Files (x86)\CNT\Navitel Navigator update center\NavitelUpdaterService.exe [1676824 2022-06-27] (NAVITEL s.r.o. -> )
HKU\S-1-5-21-1058928459-3102352049-2094433404-1001\...\Run: [MicrosoftEdgeAutoLaunch_14B4059CF14848EF21F43338E26265C3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141136 2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\C3851SeriesPCL Language Monitor: C:\WINDOWS\system32\KOAXPJ_L.DLL [25704 2019-05-08] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\WINDOWS\system32\PEPrinterMonitor.dll [285232 2022-11-29] (Wondershare Technology Co.,Ltd -> Wondershare Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\137.0.7151.104\Installer\chrmstp.exe [2025-06-13] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{6FF59A85-BC37-4CD4-5189-AFA427494699}] -> C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.WindowsCredentialProvider.dll [2024-04-19] (Connectwise, LLC -> )
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Lsa: [Authentication Packages] msv1_0 C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.WindowsAuthenticationPackage.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wondershare PEScreenshot.lnk [2023-02-10]
ShortcutTarget: Wondershare PEScreenshot.lnk -> C:\Program Files\Wondershare\PDFelement9\PENotify.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wondershare PEToolbox.lnk [2023-02-10]
ShortcutTarget: Wondershare PEToolbox.lnk -> C:\Program Files\Wondershare\PDFelement9\PENotify.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4267154D-B16C-4344-84EE-A036ACCFFA47} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {00990758-F985-4A1F-8265-6157E8D99363} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [1256104 2025-04-04] (Dell Technologies Inc. -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {5DD4E06E-C39C-4346-BCA3-2BE480EBCABF} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem138.0.7194.0{29754CAC-588B-4D8F-B50D-2A5705D8CF34} => C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe [7080032 2025-05-22] (Google LLC -> Google LLC)
Task: {6394D0F7-7675-4673-AE96-EA8E43BA65CB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955368 2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA9639ED-241C-4047-9280-F7D89B6C058A} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\opushutil.exe [68344 2025-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF557CBB-5DE0-4E73-B11A-860E7D836476} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955368 2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {3D6455FD-955D-4DA3-84F4-1128E439C88D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {08D29008-9F37-4A1A-8CA2-E5F4D17A69BC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {A00D3B16-2015-4235-A8FF-E2C000B435EB} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [225992 2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {0960F3FE-CB2B-4DC7-8A0F-C7841D6555FE} - System32\Tasks\Microsoft\Office\Office Startup Boost => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {F138BF0C-B883-4DBE-9069-9312B7B004EF} - System32\Tasks\Microsoft\Office\Office Startup Boost Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {E5B229F0-0519-4740-8972-8E96AB61AC30} - System32\Tasks\Microsoft\Windows\Hotpatch\Monitoring => C:\WINDOWS\system32\cmd.exe [376832 2025-06-11] (Microsoft Windows -> Microsoft Corporation) -> /d /c %systemroot%\system32\hpatchmonTask.cmd
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {DBD14734-90C8-4F2E-A126-F909078A4C82} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {BF6E6ACD-A76A-40FD-88F1-754F3D3C5F56} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {A63FE113-C692-49C7-A995-00B4D7D8E696} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {16C3E9BD-98A7-43B2-A5D5-6E381F9428D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E5B8386F-82CE-4B0F-A91D-D2E508D9D724} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F49533FA-BAE0-4380-A5E0-D7247BAB7491} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {756CB61A-F1AD-4B7A-A5F9-C7D9ECD48D33} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {54049E02-D439-4553-8F02-5EC104DBD189} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676416 2025-05-27] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {A5028FA9-E8A2-45D0-9393-813910F296D4} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1058928459-3102352049-2094433404-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676416 2025-05-27] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {625E8534-880F-4AE7-96B7-E87B4D28712C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34368 2025-05-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {73856A5C-5019-478C-8E93-B8EC1A028F6E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {FDF3B052-6ED0-4864-AC3B-F72CCA7DA29E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1058928459-3102352049-2094433404-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {D41A2ABB-9509-4693-877F-4AFB227B40E9} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1058928459-3102352049-2094433404-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A9F48B3-239E-4C1A-8324-A6BE488E8CFC} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1058928459-3102352049-2094433404-1001 => C:\Program Files\Microsoft OneDrive\25.095.0518.0002\OneDriveLauncher.exe [684344 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{623d28dd-b479-421a-9aa5-5a79ddf6e27e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{623d28dd-b479-421a-9aa5-5a79ddf6e27e}\45F6E6461675946494: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{623d28dd-b479-421a-9aa5-5a79ddf6e27e}\7416C6168797021413530253740244937323: [DhcpNameServer] 192.168.25.53
Tcpip\..\Interfaces\{623d28dd-b479-421a-9aa5-5a79ddf6e27e}\B616E636C6D277966696: [DhcpNameServer] 185.151.255.6 193.32.92.32
Edge:
=======
Edge Profile: C:\Users\Ucetni\AppData\Local\Microsoft\Edge\User Data\Default [2025-06-14]
Edge Extension: (Dokumenty Google offline) - C:\Users\Ucetni\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-10]
Edge Extension: (Edge relevant text changes) - C:\Users\Ucetni\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
FireFox:
========
FF DefaultProfile: 05mp9zaa.default
FF ProfilePath: C:\Users\Ucetni\AppData\Roaming\Mozilla\Firefox\Profiles\05mp9zaa.default [2021-09-29]
FF ProfilePath: C:\Users\Ucetni\AppData\Roaming\Mozilla\Firefox\Profiles\qcx2qh5b.default-esr [2025-06-14]
FF Homepage: Mozilla\Firefox\Profiles\qcx2qh5b.default-esr -> hxxps://www.google.cz/
FF Extension: (To Google Translate) - C:\Users\Ucetni\AppData\Roaming\Mozilla\Firefox\Profiles\qcx2qh5b.default-esr\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2023-01-06]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-06-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Ucetni\AppData\Local\Google\Chrome\User Data\Default [2025-06-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ucetni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-06-02]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ucetni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-03-04]
CHR HKU\S-1-5-21-1058928459-3102352049-2094433404-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13724400 2025-06-02] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [459456 2025-02-14] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [153792 2025-02-14] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481984 2025-02-14] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [59616 2025-01-31] (Dell Inc. -> )
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [22240 2024-09-26] (Dell Technologies Inc. -> Dell INC.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [51648 2024-11-14] (Dell Technologies Inc. -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [153288 2025-02-20] (Dell Technologies Inc. -> Dell)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.095.0518.0002\FileSyncHelper.exe [3621688 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
R2 FusionService; C:\Program Files\Dell\Fusion\FusionService.exe [26792 2022-10-17] (Dell Inc -> Dell Inc.)
S3 hpatchmon; C:\WINDOWS\system32\hpatchmon.dll [173472 2025-06-11] (Microsoft Windows -> Microsoft Corporation)
S2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_af402faff66f53bd\AS\IAS\IntelAudioService.exe [536432 2020-12-02] (Smart Sound Technology -> Intel)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.095.0518.0002\OneDriveUpdaterService.exe [3873064 2025-06-13] (Microsoft Corporation -> Microsoft Corporation)
R2 ScreenConnect Client (7cf054d651808158); C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.ClientService.exe [95520 2024-04-19] (Connectwise, LLC -> ) <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [917472 2025-06-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-10-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-10-04] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [148648 2025-04-04] (Dell Technologies Inc. -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athur; C:\WINDOWS\System32\drivers\athuw8x.sys [3744256 2023-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R3 CirrusLFD; C:\WINDOWS\System32\DriverStore\FileRepository\cshda.inf_amd64_973dd943afdf23fb\CSLFD.sys [134768 2022-01-17] (Cirrus Logic, Inc -> Cirrus Logic, Inc.)
R3 CirrusUFD; C:\WINDOWS\System32\DriverStore\FileRepository\cshda.inf_amd64_973dd943afdf23fb\CSUFD.sys [23840 2022-01-17] (WDKTestCert driver dev,131877739977077075 -> Cirrus Logic, Inc.)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [35896 2025-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [134776 2020-12-04] (GENESYS LOGIC, INC. -> Genesys Logic)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_c330c09d72f3e083\iaLPSS2_GPIO2_TGL.sys [128664 2021-01-27] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_312c3014729186bd\iaLPSS2_I2C_TGL.sys [201376 2021-01-27] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-13] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-13] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1548488 2022-10-27] (Intel Corporation -> Intel Corporation)
S3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_c08af0e43cbc91c3\gna.sys [83856 2020-08-05] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 PlutonHeci; C:\WINDOWS\System32\DriverStore\FileRepository\pluton-heci.inf_amd64_f74945e2fcb1d3d7\pluton-heci.sys [75168 2025-06-11] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-09] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [19984 2025-05-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606568 2025-05-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-22] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-06-14 19:26 - 2025-06-14 19:26 - 000029778 _____ C:\Users\Ucetni\Desktop\FRST.txt
2025-06-14 19:24 - 2025-06-14 19:26 - 000000000 ____D C:\FRST
2025-06-14 19:16 - 2025-06-14 19:16 - 002406912 _____ (Farbar) C:\Users\Ucetni\Downloads\FRST64.exe
2025-06-14 19:14 - 2025-06-14 19:14 - 002406912 _____ (Farbar) C:\Users\Ucetni\Desktop\FRST64.exe
2025-06-13 05:56 - 2025-06-13 05:56 - 000000275 _____ C:\Users\Ucetni\Downloads\bez_nazvu (8)
2025-06-12 00:34 - 2025-06-12 00:34 - 000714490 _____ C:\WINDOWS\system32\perfh005.dat
2025-06-11 20:28 - 2025-06-11 20:28 - 029836747 _____ C:\Users\Ucetni\Downloads\VIDEO-2025-06-08-13-53-40.mp4
2025-06-11 19:03 - 2025-06-12 00:34 - 000153652 _____ C:\WINDOWS\system32\perfc005.dat
2025-06-11 13:59 - 2025-06-13 22:12 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-06-11 13:09 - 2025-06-11 13:09 - 000033224 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-06-11 13:09 - 2025-06-11 13:09 - 000033224 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-06-11 13:09 - 2025-06-11 13:09 - 000001555 _____ C:\WINDOWS\system32\DeviceFeatureDDF.json
2025-06-06 09:10 - 2025-06-06 09:10 - 000003333 _____ C:\Users\Ucetni\Downloads\smime (13).p7s
2025-06-06 09:10 - 2025-06-06 09:10 - 000003333 _____ C:\Users\Ucetni\Downloads\smime (12).p7s
2025-06-06 09:10 - 2025-06-06 09:10 - 000003333 _____ C:\Users\Ucetni\Downloads\smime (11).p7s
2025-06-05 14:11 - 2025-06-05 14:11 - 000299788 _____ C:\Users\Ucetni\Downloads\210422090611900 (1).zip
2025-06-05 14:10 - 2025-06-05 14:10 - 000299788 _____ C:\Users\Ucetni\Downloads\210422090611900.zip
2025-06-05 14:07 - 2025-06-05 14:07 - 000347024 _____ C:\Users\Ucetni\Downloads\210422090742348.zip
2025-06-03 22:30 - 2025-06-03 22:30 - 000002264 _____ C:\Users\Ucetni\AppData\LocalLow\228d4c34b13410f64775a6c4b4a13006e7b0290137959b4b7a90cf7f33ec9e00
2025-06-02 20:49 - 2025-06-02 20:49 - 000000000 ____D C:\Users\Ucetni\AppData\Local\ElevatedDiagnostics
2025-06-02 20:25 - 2025-06-02 20:25 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-06-01 21:30 - 2025-06-01 21:30 - 000010315 _____ C:\Users\Ucetni\Downloads\message_4275.eml
2025-05-30 12:27 - 2025-05-30 12:27 - 000011216 _____ C:\Users\Ucetni\AppData\LocalLow\b15d3a108baf677bad705d2193ceb1d29295e9ae5672296ad2f6ec14fa4d226f
2025-05-30 12:27 - 2025-05-30 12:27 - 000000130 _____ C:\Users\Ucetni\AppData\LocalLow\9efc7b77bc60a484afa1dbca8105b35ad2d2bcddf61075a21cfb283050ad9d1e
2025-05-30 08:58 - 2025-01-07 15:17 - 005221272 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw10.sys
2025-05-30 08:58 - 2025-01-07 15:17 - 001618848 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter10.dll
2025-05-28 13:33 - 2025-06-12 12:53 - 000021931 _____ C:\Users\Ucetni\AppData\LocalLow\c471a3f3b88ab9b37460e73f6bb1a3e7a513a2a2866fad587ff56ef5a1ad7e6c
2025-05-28 13:33 - 2025-06-12 09:15 - 000023430 _____ C:\Users\Ucetni\AppData\LocalLow\7c20ed46f96c41e8f4707573a4b5f44f7b40b89f3834b85911e9c253e71a658b
2025-05-28 13:33 - 2025-06-12 09:15 - 000000130 _____ C:\Users\Ucetni\AppData\LocalLow\d184b3a61bf4be513cbb771b07df842ddf56f91b67d9cbe187f53880ca9b5c5d
2025-05-28 13:33 - 2025-05-28 13:33 - 000000026 _____ C:\Users\Ucetni\AppData\LocalLow\bef33e67af07b07688c0a6330e732d016df14dc5824def44f89868a00efa36c8
2025-05-28 11:55 - 2025-05-28 11:55 - 000000854 _____ C:\Users\Ucetni\Desktop\meme_lavina.ps1
2025-05-28 11:42 - 2025-05-28 11:44 - 000001640 _____ C:\Users\Ucetni\Desktop\kokoot.hta
2025-05-28 11:32 - 2025-05-28 11:32 - 000000162 _____ C:\Users\Ucetni\Desktop\kokot_prank.vbs
2025-05-28 11:02 - 2025-05-28 11:02 - 000000250 _____ C:\Users\Ucetni\Desktop\prank.vbs
2025-05-27 21:43 - 2025-05-27 21:43 - 000068016 _____ C:\Users\Ucetni\Downloads\prilohy_19383.zip
2025-05-27 20:02 - 2025-05-28 19:53 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-05-20 11:00 - 2025-05-20 11:00 - 000067875 _____ C:\Users\Ucetni\Downloads\OD2025_16137_20250520103029.PDF
2025-05-19 22:48 - 2025-05-19 22:49 - 000071431 _____ C:\Users\Ucetni\AppData\LocalLow\ee390228a246dc88cbc129e68163797a9bfbb126806ea76ed0f684b81bbc7632
2025-05-19 22:48 - 2025-05-19 22:48 - 000000026 _____ C:\Users\Ucetni\AppData\LocalLow\5ff3edc50770e6b1d0c6ce73f72fc72da708be7b8ba26609f3cd50ff750a5616
2025-05-15 21:35 - 2025-05-15 21:35 - 000124088 _____ C:\Users\Ucetni\Downloads\prilohy_19283.zip
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-06-14 19:17 - 2024-10-29 22:35 - 000016811 _____ C:\Users\Ucetni\AppData\LocalLow\abdfbee3f482f410934d1e17c2f7f6fa1d3b379b2a07284ffda6ea337445c922
2025-06-14 19:15 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-06-14 19:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-06-14 19:15 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-06-14 19:07 - 2022-09-22 11:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-06-14 19:06 - 2024-10-30 16:42 - 000000130 _____ C:\Users\Ucetni\AppData\LocalLow\a8b141efd5a28a0535a4b1cef38c232052f69977de70ef5ac15dddb5a77f531f
2025-06-14 10:39 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-06-14 05:39 - 2021-06-22 14:17 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2025-06-13 21:31 - 2024-10-29 22:27 - 000056715 _____ C:\Users\Ucetni\AppData\LocalLow\6d1a0d74b8983cab26a68cd0cdace1fb63918ce4f5f6aeaeeefb13009d6d5154
2025-06-13 20:12 - 2025-02-06 13:43 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-1058928459-3102352049-2094433404-1001
2025-06-13 20:12 - 2025-01-31 09:36 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1058928459-3102352049-2094433404-1001
2025-06-13 20:12 - 2025-01-31 09:36 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-06-13 20:12 - 2021-10-06 08:08 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-06-13 20:12 - 2021-09-28 20:56 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-06-13 20:11 - 2021-09-28 16:36 - 000000000 __SHD C:\Users\Ucetni\IntelGraphicsProfiles
2025-06-13 20:11 - 2021-06-22 14:05 - 000000000 ____D C:\ProgramData\Goodix
2025-06-13 05:39 - 2025-03-04 13:12 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-06-13 05:39 - 2025-03-04 13:12 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-06-12 14:47 - 2025-02-05 16:57 - 000000130 _____ C:\Users\Ucetni\AppData\LocalLow\4fca0a34b497acffbb870a4cea576f3ac71f00928c3146fe3d0d2dac45c9d5fb
2025-06-12 14:37 - 2025-02-05 16:57 - 000230414 _____ C:\Users\Ucetni\AppData\LocalLow\34f6b2483462849a0a6b86842dbaed8595c9b1ea24a510ce6cabb8d612885e8b
2025-06-12 00:34 - 2025-01-31 09:38 - 001692324 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-06-12 00:34 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2025-06-12 00:31 - 2021-09-28 16:36 - 000000000 ____D C:\Users\Ucetni\AppData\Local\Packages
2025-06-12 00:31 - 2021-06-22 14:23 - 000000000 ____D C:\ProgramData\Packages
2025-06-12 00:30 - 2025-01-31 09:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-06-12 00:30 - 2025-01-31 09:34 - 000002628 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-06-12 00:30 - 2025-01-31 09:33 - 000472576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-06-12 00:30 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ServiceState
2025-06-12 00:30 - 2021-06-22 14:05 - 000012288 ___SH C:\DumpStack.log.tmp
2025-06-12 00:30 - 2021-06-22 14:05 - 000000000 ____D C:\Intel
2025-06-12 00:29 - 2025-01-29 12:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2025-06-12 00:29 - 2025-01-29 12:25 - 000000000 ____D C:\WINDOWS\en-GB
2025-06-12 00:29 - 2024-04-01 18:31 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-06-12 00:29 - 2024-04-01 18:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ___RD C:\Program Files\Windows Defender
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\UUS
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Com
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\BrowserCore
2025-06-12 00:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-06-12 00:29 - 2024-04-01 09:21 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-06-11 14:06 - 2024-04-01 09:26 - 001384944 _____ C:\WINDOWS\system32\vulkan-1.dll
2025-06-11 14:06 - 2024-04-01 09:26 - 001240024 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2025-06-11 13:09 - 2025-01-31 09:35 - 003383808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-06-11 09:47 - 2022-02-09 12:22 - 000000000 ____D C:\Users\Ucetni\AppData\LocalLow\Temp
2025-06-11 08:44 - 2025-01-31 09:36 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-06-11 08:44 - 2022-10-14 09:18 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-06-11 08:44 - 2022-10-14 09:18 - 000002063 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-06-10 22:43 - 2021-09-28 16:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-06-10 22:42 - 2021-09-28 16:56 - 216824056 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-06-10 10:05 - 2021-06-22 14:19 - 000000000 ____D C:\Program Files\Microsoft Office
2025-06-08 08:09 - 2023-01-17 01:38 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-06-08 08:09 - 2021-06-22 14:17 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-06-03 22:31 - 2021-09-29 15:12 - 000000000 ____D C:\Users\Ucetni\Desktop\Šéf-os.věci
2025-06-03 16:24 - 2021-09-29 15:07 - 000000000 ____D C:\Users\Ucetni\AppData\LocalLow\Adobe
2025-06-03 13:12 - 2025-03-25 10:12 - 000000130 _____ C:\Users\Ucetni\AppData\LocalLow\491dfa6c5089e8600099e6d1172d3a6bce2aaa0bc0a8fb3c146b3df0d94a5618
2025-06-03 13:11 - 2025-03-25 10:12 - 000017930 _____ C:\Users\Ucetni\AppData\LocalLow\14cec8a688e7e25ec65d0024a12c37be778db19ee974553c79f1bfd71cb3ee51
2025-05-29 21:55 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-05-29 21:02 - 2024-02-28 13:27 - 000000000 ____D C:\Users\Ucetni\Desktop\Trestni oznameni PČR
2025-05-28 19:53 - 2021-09-29 15:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-05-28 14:34 - 2025-01-31 09:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-05-28 14:34 - 2021-09-29 15:01 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-05-28 11:50 - 2021-09-28 20:57 - 000000000 ____D C:\Users\Ucetni\AppData\Roaming\Microsoft\Word
2025-05-26 08:32 - 2021-09-29 15:35 - 000000000 ____D C:\Users\Ucetni\AppData\Roaming\Microsoft\Excel
2025-05-24 09:11 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-05-22 09:53 - 2021-06-22 14:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-05-20 17:34 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc
2025-05-19 18:41 - 2025-01-31 09:36 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-05-19 18:41 - 2025-01-31 09:36 - 000003514 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-05-16 00:59 - 2024-04-01 18:31 - 000000000 ____D C:\WINDOWS\InboxApps
2025-05-16 00:59 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-05-16 00:59 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-05-16 00:59 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-05-16 00:59 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\Provisioning
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
- Přílohy
-
- hack.jpg (43.35 KiB) Zobrazeno 212 x
Re: Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
Ahoj,
no neviem ci to ma nejaky zmysel, ked majitel je ochotny zadat udaje hocikomu
Mozes skusit najprv fixlist.txt s obsahom:
Start
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (7cf054d651808158) => ""="Service"
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall: Restriction <==== ATTENTION
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {DBD14734-90C8-4F2E-A126-F909078A4C82} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {BF6E6ACD-A76A-40FD-88F1-754F3D3C5F56} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {A63FE113-C692-49C7-A995-00B4D7D8E696} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
R2 ScreenConnect Client (7cf054d651808158); C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.ClientService.exe [95520 2024-04-19] (Connectwise, LLC -> ) <==== ATTENTION
2025-05-28 11:55 - 2025-05-28 11:55 - 000000854 _____ C:\Users\Ucetni\Desktop\meme_lavina.ps1
2025-05-28 11:42 - 2025-05-28 11:44 - 000001640 _____ C:\Users\Ucetni\Desktop\kokoot.hta
2025-05-28 11:32 - 2025-05-28 11:32 - 000000162 _____ C:\Users\Ucetni\Desktop\kokot_prank.vbs
2025-05-28 11:02 - 2025-05-28 11:02 - 000000250 _____ C:\Users\Ucetni\Desktop\prank.vbs
EmptyTemp:
End
no neviem ci to ma nejaky zmysel, ked majitel je ochotny zadat udaje hocikomu
Mozes skusit najprv fixlist.txt s obsahom:
Start
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (7cf054d651808158) => ""="Service"
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall: Restriction <==== ATTENTION
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {DBD14734-90C8-4F2E-A126-F909078A4C82} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {BF6E6ACD-A76A-40FD-88F1-754F3D3C5F56} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {A63FE113-C692-49C7-A995-00B4D7D8E696} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
R2 ScreenConnect Client (7cf054d651808158); C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.ClientService.exe [95520 2024-04-19] (Connectwise, LLC -> ) <==== ATTENTION
2025-05-28 11:55 - 2025-05-28 11:55 - 000000854 _____ C:\Users\Ucetni\Desktop\meme_lavina.ps1
2025-05-28 11:42 - 2025-05-28 11:44 - 000001640 _____ C:\Users\Ucetni\Desktop\kokoot.hta
2025-05-28 11:32 - 2025-05-28 11:32 - 000000162 _____ C:\Users\Ucetni\Desktop\kokot_prank.vbs
2025-05-28 11:02 - 2025-05-28 11:02 - 000000250 _____ C:\Users\Ucetni\Desktop\prank.vbs
EmptyTemp:
End
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
Po restartu vyskočillo okno viz screen
- Přílohy
-
- Screenshot_2025-06-14-21-00-25-68_965bbf4d18d205f782c6b8409c5773a4.jpg (43.61 KiB) Zobrazeno 202 x
Re: Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
Ked zakliknes nezobrazovat?
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
A co ten RSIT LOG ?
Re: Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
Vloz vzniknuty fixlog.txt
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-06-2025
Ran by Ucetni (14-06-2025 20:52:07) Run:2
Running from C:\Users\Ucetni\Desktop
Loaded Profiles: Ucetni
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (7cf054d651808158) => ""="Service"
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall: Restriction <==== ATTENTION
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {DBD14734-90C8-4F2E-A126-F909078A4C82} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {BF6E6ACD-A76A-40FD-88F1-754F3D3C5F56} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {A63FE113-C692-49C7-A995-00B4D7D8E696} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
R2 ScreenConnect Client (7cf054d651808158); C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.ClientService.exe [95520 2024-04-19] (Connectwise, LLC -> ) <==== ATTENTION
2025-05-28 11:55 - 2025-05-28 11:55 - 000000854 _____ C:\Users\Ucetni\Desktop\meme_lavina.ps1
2025-05-28 11:42 - 2025-05-28 11:44 - 000001640 _____ C:\Users\Ucetni\Desktop\kokoot.hta
2025-05-28 11:32 - 2025-05-28 11:32 - 000000162 _____ C:\Users\Ucetni\Desktop\kokot_prank.vbs
2025-05-28 11:02 - 2025-05-28 11:02 - 000000250 _____ C:\Users\Ucetni\Desktop\prank.vbs
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (7cf054d651808158) => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBD14734-90C8-4F2E-A126-F909078A4C82}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBD14734-90C8-4F2E-A126-F909078A4C82}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF6E6ACD-A76A-40FD-88F1-754F3D3C5F56}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF6E6ACD-A76A-40FD-88F1-754F3D3C5F56}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A63FE113-C692-49C7-A995-00B4D7D8E696}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A63FE113-C692-49C7-A995-00B4D7D8E696}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
ScreenConnect Client (7cf054d651808158) => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\ScreenConnect Client (7cf054d651808158) => removed successfully
ScreenConnect Client (7cf054d651808158) => service removed successfully
C:\Users\Ucetni\Desktop\meme_lavina.ps1 => moved successfully
C:\Users\Ucetni\Desktop\kokoot.hta => moved successfully
C:\Users\Ucetni\Desktop\kokot_prank.vbs => moved successfully
C:\Users\Ucetni\Desktop\prank.vbs => moved successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 76656840 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 121154356 B
Edge => 0 B
Chrome => 449775128 B
Firefox => 86126291 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 85436079 B
systemprofile32 => 85436079 B
LocalService => 86063319 B
NetworkService => 86195333 B
Ucetni => 125240348 B
kioskUser0 => 125259391 B
RecycleBin => 28429280 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-06-2025 20:54:55)
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
==== End of Fixlog 20:54:55 ====
Ran by Ucetni (14-06-2025 20:52:07) Run:2
Running from C:\Users\Ucetni\Desktop
Loaded Profiles: Ucetni
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (7cf054d651808158) => ""="Service"
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall: Restriction <==== ATTENTION
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {DBD14734-90C8-4F2E-A126-F909078A4C82} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => %systemroot%\system32\MusNotification.exe Display (No File)
Task: {BF6E6ACD-A76A-40FD-88F1-754F3D3C5F56} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {A63FE113-C692-49C7-A995-00B4D7D8E696} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
R2 ScreenConnect Client (7cf054d651808158); C:\Program Files (x86)\ScreenConnect Client (7cf054d651808158)\ScreenConnect.ClientService.exe [95520 2024-04-19] (Connectwise, LLC -> ) <==== ATTENTION
2025-05-28 11:55 - 2025-05-28 11:55 - 000000854 _____ C:\Users\Ucetni\Desktop\meme_lavina.ps1
2025-05-28 11:42 - 2025-05-28 11:44 - 000001640 _____ C:\Users\Ucetni\Desktop\kokoot.hta
2025-05-28 11:32 - 2025-05-28 11:32 - 000000162 _____ C:\Users\Ucetni\Desktop\kokot_prank.vbs
2025-05-28 11:02 - 2025-05-28 11:02 - 000000250 _____ C:\Users\Ucetni\Desktop\prank.vbs
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (7cf054d651808158) => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBD14734-90C8-4F2E-A126-F909078A4C82}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBD14734-90C8-4F2E-A126-F909078A4C82}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF6E6ACD-A76A-40FD-88F1-754F3D3C5F56}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF6E6ACD-A76A-40FD-88F1-754F3D3C5F56}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A63FE113-C692-49C7-A995-00B4D7D8E696}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A63FE113-C692-49C7-A995-00B4D7D8E696}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
ScreenConnect Client (7cf054d651808158) => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\ScreenConnect Client (7cf054d651808158) => removed successfully
ScreenConnect Client (7cf054d651808158) => service removed successfully
C:\Users\Ucetni\Desktop\meme_lavina.ps1 => moved successfully
C:\Users\Ucetni\Desktop\kokoot.hta => moved successfully
C:\Users\Ucetni\Desktop\kokot_prank.vbs => moved successfully
C:\Users\Ucetni\Desktop\prank.vbs => moved successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 76656840 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 121154356 B
Edge => 0 B
Chrome => 449775128 B
Firefox => 86126291 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 85436079 B
systemprofile32 => 85436079 B
LocalService => 86063319 B
NetworkService => 86195333 B
Ucetni => 125240348 B
kioskUser0 => 125259391 B
RecycleBin => 28429280 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-06-2025 20:54:55)
Result of scheduled keys to remove after reboot:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
==== End of Fixlog 20:54:55 ====
Re: Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
1. Doporucujem prescanovat s MBAM
2. Zmenit hesla do dolezitych App
2. Zmenit hesla do dolezitych App
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosim o kontrolu LOGu + podvodnik vybilil ucet i s firemnim uctem
Ahoj, jen prochazim kolem...
Pokud nepouzivate ScreenConnect, odinstaluj ho. Hodne soucasnych utoku dneska probiha tak, ze utocnici obet presvedcijou, aby spustila/nainstalovala nejaky RMM tool (TeamViewer, AnyDesk, ...) a pak na PC obeti sami klikaji.
Dalsi bordel tam taky nevidim, tady bohuzel v praxi vidime, ze pomuze jen silna osveta uzivatelu.
Pokud nepouzivate ScreenConnect, odinstaluj ho. Hodne soucasnych utoku dneska probiha tak, ze utocnici obet presvedcijou, aby spustila/nainstalovala nejaky RMM tool (TeamViewer, AnyDesk, ...) a pak na PC obeti sami klikaji.
Dalsi bordel tam taky nevidim, tady bohuzel v praxi vidime, ze pomuze jen silna osveta uzivatelu.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?