Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Popup vir

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Mr.Moon
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 08 kvě 2017 15:26

Popup vir

#1 Příspěvek od Mr.Moon »

Dobrý den, objevil se mi v PC problém s popup virem v Opeře a nevím si s tím rady.
Níže zasílám log a prosím o pomoc.
Děkuji

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-02-2023 01
Ran by Mr.Moon (administrator) on DESKTOP-NPUD7BO (HP HP ProBook 450 G4) (09-02-2023 21:33:27)
Running from C:\Users\Mr.Moon\Desktop
Loaded Profiles: Mr.Moon
Platform: Microsoft Windows 10 Home Version 22H2 19045.2486 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <5>
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\HP\HP ProtectTools Security Manager\Bin\DPAgent.exe ->) (DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpAgent.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpHostW.exe ->) (DigitalPersona, Inc. -> Crossmatch, Inc.) C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Users\Mr.Moon\AppData\Local\Programs\Opera\launcher.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Mr.Moon\AppData\Local\Programs\Opera\95.0.4635.37_0\opera_autoupdate.exe <2>
(C:\Windows\CxSvc\CxAudioSvc.exe ->) (Synaptics Incorporated -> Conexant Systems LLC.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(C:\Windows\CxSvc\CxAudioSvc.exe ->) (Synaptics Incorporated -> Conexant Systems, Inc) C:\Program Files\CONEXANT\Flow\Flow.exe
(DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HPHotkeyNotification.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxEM.exe
(explorer.exe ->) (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Hewlett-Packard -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Mr.Moon\AppData\Local\Microsoft\OneDrive\23.011.0115.0009\Microsoft.SharePoint.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Conexant Systems LLC.) [File not signed] C:\Windows\CxSvc\CxUtilSvc.exe
(services.exe ->) (DigitalPersona, Inc. -> Crossmatch, Inc.) C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpHostW.exe
(services.exe ->) (Hewlett Packard Enterprise Company -> Hewlett Packard Enterprise Company) C:\Program Files (x86)\HP\HP Device Access Manager\HPE.DeviceAccessManager.ServiceHost.exe
(services.exe ->) (Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\fpCSEvtSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Softland SRL -> Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(services.exe ->) (Synaptics Incorporated -> Conexant Systems LLC.) C:\Windows\CxSvc\CxAudioSvc.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.3DBuilder_20.0.3.0_x64__8wekyb3d8bbwe\Builder3D.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21318.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21318.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Mr.Moon\AppData\Local\Programs\Opera\launcher.exe
(svchost.exe ->) (Synaptics Incorporated -> Conexant) C:\Windows\System32\MicTray64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(winlogon.exe ->) (DigitalPersona, Inc. -> Crossmatch, Inc.) C:\Program Files (x86)\HP\HP ProtectTools Security Manager\Bin\DPAgent.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [225248 2019-10-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-11-10] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [215960 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [664848 2016-04-26] (Hewlett-Packard Company -> HP Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [338000 2015-06-22] (Hewlett-Packard -> Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [109324536 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\HP\HP ProtectTools Security Manager\Bin\DPAgent.exe, <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38935376 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [utweb] => C:\Users\Mr.Moon\AppData\Roaming\uTorrent Web\utweb.exe [5617792 2020-12-01] (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [Zoner Photo Studio Autoupdate] => "C:\Users\Mr.Moon\AppData\Local\Programs\Zoner\ZPS X\binary\Program32\ZPSTRAY.EXE" (No File)
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31193432 2022-01-12] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [Opera Stable] => C:\Users\Mr.Moon\AppData\Local\Programs\Opera\launcher.exe [2635208 2023-02-08] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Policies\Explorer: []
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {1be875f9-60b9-11ec-bc90-c8d3ffceea71} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {291e4d01-8079-11ec-bc97-c8d3ffceea71} - "H:\Lenovo_Suite.exe"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {7333d0d9-89ac-11eb-bc6d-c8d3ffceea71} - "H:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\novaPDF Port Monitor: C:\windows\system32\novamn8.dll [18944 2017-08-16] (Softland) [File not signed]
HKLM\...\Print\Monitors\Software602 XPS port monitor: C:\windows\system32\602localmon.dll [36864 2015-07-14] (Windows (R) Win 7 DDK provider) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\110.0.5481.77\Installer\chrmstp.exe [2023-02-09] (Google LLC -> Google LLC)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2021-03-21]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2016-11-16]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}\HPlogo_blue.ico () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2021-03-21]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F93CFB-A63E-4928-A1D3-3FEF5C32BD58} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [687544 2017-08-16] (Softland SRL -> )
Task: {0E081A31-2220-4DD7-AF34-890FD21FE622} - System32\Tasks\DllKitPRO => C:\Program Files (x86)\DllKitPRO\dllkitpro.exe start (No File)
Task: {1AED1D44-B8F7-4E37-ADDB-4D487C273A52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {21B44A73-09A8-415E-9C73-9827E10D3165} - System32\Tasks\Microsoft\Windows\Conexant\SynaMonApp => C:\Windows\System32\SynaMonApp.exe [170496 2018-10-30] (Synaptics Incorporated) [File not signed]
Task: {2524EC0E-425E-404A-8528-3AAD4233DED6} - System32\Tasks\pCon.update DataClient (Mr.Moon) => C:\Program Files (x86)\EasternGraphics\pCon.update\DataClient\bin\dc.exe [2369840 2014-10-09] (EasternGraphics GmbH -> EasternGraphics GmbH)
Task: {463EAA14-060A-42CB-AA34-F3972032A11C} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {4D1CA2BD-B029-44CE-8A37-BCFC0AE5535D} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe (No File)
Task: {5D659CCA-F194-41CA-892D-E362190BD10F} - System32\Tasks\{523C9502-07C9-4D95-BD39-FBF3CA50DE96} => C:\WINDOWS\system32\pcalua.exe -a "H:\games\Warcraft III 1.24.4\Frozen Throne.exe" -d "H:\games\Warcraft III 1.24.4"
Task: {62A7092E-F5A9-4D9E-8A87-7983F0424E37} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114616 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {655F6F98-F59C-4D86-B1BF-6C95AF61E88E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc -> Google Inc.)
Task: {658CC622-28D8-47E7-9750-FAF32B9B303E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {65FD24C3-1D64-434B-999A-C7C2E51DB714} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {727E8868-54AF-481B-AC35-5A29EF4697EC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [715744 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7AD9D03E-CE4C-4DB0-957F-1C68B8E53F22} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [5009512 2020-06-13] (Synaptics Incorporated -> Conexant)
Task: {7CA79BAB-829C-4275-BF9C-E3362685FB4C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2023-01-11] (Piriform Software Ltd -> Piriform)
Task: {7E78516A-F814-45DB-8FCA-5FD933D75321} - System32\Tasks\CCleanerSkipUAC - Mr.Moon => C:\Program Files\CCleaner\CCleaner.exe [32617808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {803C5FF4-9A82-400E-B619-80DA2AF3A986} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [26968 2022-01-12] (Garmin International, Inc. -> )
Task: {813572DB-9805-4BE7-A142-C7F97B6D2D3D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A683C5CC-1526-4C4D-A4FC-C5FC268FEDE8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114616 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6B655F7-3344-4CA9-976A-590E6E60DB76} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9AB0F59-30B2-4C9C-B63A-A464F4A37C4F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4954008 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
Task: {AE290EBB-2275-4B36-8A28-A42DD7314E80} - System32\Tasks\Thuhaent Reports => C:\Program Files (x86)\Ckudalycotaied\coerheght.exe dd5f483f-22ba-4fe2-8731-37dce570a7c0 (No File)
Task: {B6D0A447-368C-488C-A0CF-1E075E976F58} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [1286144 2017-09-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {BE729E7E-ED7D-4120-B5B9-497A96FBB95A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C2586D29-12F5-41D8-AC84-BC68EFAAC805} - System32\Tasks\Opera scheduled Autoupdate 1675974763 => C:\Users\Mr.Moon\AppData\Local\Programs\Opera\launcher.exe [2635208 2023-02-08] (Opera Norway AS -> Opera Software)
Task: {CCC0CD41-79D5-4470-8655-050F46813CA7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2295192 2023-01-31] (Avast Software s.r.o. -> Avast Software)
Task: {CD680D71-6095-48DA-9A99-074659A43730} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-01-10] (HP Inc. -> HP Inc.)
Task: {D365EE47-5E0B-4BFD-B554-935D035F9A75} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4713808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "7865719a-0b92-450b-8023-026ab5e0a8c2" --version "6.08.10255" --silent
Task: {D3C65CC6-E22E-4B01-9215-1F706FACCC92} - System32\Tasks\{BB1F8A39-41B8-40F4-B1AC-45CE6088176A} => C:\WINDOWS\system32\pcalua.exe -a "D:\Mr.Moon\hry\games\Warcraft III 1.24.4\Frozen Throne.exe" -d "D:\Mr.Moon\hry\games\Warcraft III 1.24.4"
Task: {D41E5BC5-0000-4967-A341-323C5CBE770D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc -> Google Inc.)
Task: {D939445E-0B3C-4CFB-AAE3-941F253D1A55} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [843800 2016-06-02] (HP Inc. -> )
Task: {F0DE5D4A-D04D-4195-8551-56F1827ECD84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-01-10] (HP Inc. -> HP Inc.)
Task: {F582EAD5-8902-4AD0-926B-1867A0DEDD26} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\pCon.update DataClient (Mr.Moon).job => C:\Program Files (x86)\EasternGraphics\pCon.update\DataClient\bin\dc.exe-tray_modeDESKTOP-NPUD7BO\Mr.MoonnAutomatically created task for pCon.update.Please do not change this taskmanually, use pCon.upd

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{5f4b3815-d773-4ae4-8886-bfbf1114f62a}: [DhcpNameServer] 10.255.255.10 10.255.255.20

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Mr.Moon\AppData\Local\Microsoft\Edge\User Data\Default [2023-01-22]

FireFox:
========
FF DefaultProfile: 0j8jzqcd.default
FF ProfilePath: C:\Users\Mr.Moon\AppData\Roaming\Firefox\Firefox\Profiles\0j8jzqcd.default [2017-05-10] <==== ATTENTION
FF Homepage: Firefox\Firefox\Profiles\0j8jzqcd.default -> about:home
FF NewTab: Firefox\Firefox\Profiles\0j8jzqcd.default -> about:newtab
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Mr.Moon\AppData\Roaming\Firefox\Firefox\Profiles\0j8jzqcd.default\Extensions\langpack-cs@firefox.mozilla.org.xpi [2017-05-09] [Legacy] [not signed]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-09-04] () [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.333.2 -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\dtplugin\npDeployJava1.dll [2023-01-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.333.2 -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\plugin2\npjp2.dll [2023-01-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2023-02-09] <==== ATTENTION
CHR Notifications: ChromeDefaultData -> hxxps://badoo.com
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-02-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-09]
CHR Extension: (HP Network Check Launcher) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2021-11-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-03]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-11-03]
CHR HKU\S-1-5-21-2855870008-473113554-853457262-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]

Opera:
=======
OPR Profile: C:\Users\Mr.Moon\AppData\Roaming\Opera Software\Opera Stable [2023-02-09]
OPR DownloadDir: D:\
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Mr.Moon\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-10-29]
OPR Extension: (Opera Wallet) - C:\Users\Mr.Moon\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-01-21]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Mr.Moon\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8553880 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [597400 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [597400 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
S2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1003344 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
S4 CmWebAdmin.exe; C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe [9760664 2018-12-19] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [96432 2020-09-08] (Synaptics Incorporated -> Conexant Systems LLC.)
R2 CxUtilSvc; C:\WINDOWS\CxSvc\CxUtilSvc.exe [166400 2019-06-25] (Conexant Systems LLC.) [File not signed]
R2 DpHost; C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpHostW.exe [524736 2016-08-24] (DigitalPersona, Inc. -> Crossmatch, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-11-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567888 2016-08-11] (Hewlett Packard Enterprise Company -> Hewlett-Packard Company)
R2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [22424 2019-10-02] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe [1561032 2022-10-12] (HP Inc. -> HP Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [797640 2023-01-10] (HP Inc. -> HP Inc.)
R2 HpDamServiceHost; c:\Program Files (x86)\HP\HP Device Access Manager\HPE.DeviceAccessManager.ServiceHost.exe [20376 2016-08-09] (Hewlett Packard Enterprise Company -> Hewlett Packard Enterprise Company)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [796616 2023-01-10] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [459800 2016-06-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [793000 2023-01-10] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-28] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [796584 2023-01-10] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-18] (Hewlett-Packard Company -> HP Inc.)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\LanWlanWwanSwitchingServiceUWP.exe [606664 2022-10-12] (HP Inc. -> HP Inc.)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Softland SRL -> Microsoft)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Miroslav Topolar -> Mister Group)
R2 valWBFPolicyService; C:\WINDOWS\System32\valWBFPolicyService.exe [91032 2019-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-11-29] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31424 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229208 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391272 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-18] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [267888 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [555560 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80376 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852000 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [695504 2023-02-01] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318456 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [284672 2021-04-17] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv64.sys [76432 2016-08-11] (Hewlett Packard Enterprise Company -> Hewlett-Packard Enterpise Company)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-04-27] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-04-27] (Disc Soft Ltd -> Disc Soft Ltd)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [118200 2019-06-21] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-09 21:32 - 2023-02-09 21:32 - 000004222 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1675974763
2023-02-09 21:32 - 2023-02-09 21:32 - 000001520 ____C C:\Users\Mr.Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2023-02-09 21:31 - 2023-02-09 21:31 - 002862960 _____ (Opera Software) C:\Users\Mr.Moon\Downloads\OperaSetup (1).exe
2023-02-09 21:28 - 2023-02-09 21:28 - 000000000 ___HD C:\$AV_ASW
2023-02-09 21:24 - 2023-02-09 21:34 - 000037536 ____C C:\Users\Mr.Moon\Desktop\FRST.txt
2023-02-09 21:11 - 2023-02-09 21:33 - 000000000 ____D C:\FRST
2023-02-09 21:10 - 2023-02-09 21:10 - 002378240 _____ (Farbar) C:\Users\Mr.Moon\Desktop\FRST64.exe
2023-02-09 21:09 - 2023-02-09 21:09 - 002080256 _____ (Farbar) C:\Users\Mr.Moon\Downloads\FRST (1).exe
2023-02-09 21:08 - 2023-02-09 21:09 - 002080256 _____ (Farbar) C:\Users\Mr.Moon\Desktop\FRST.exe
2023-02-09 21:01 - 2023-02-09 21:02 - 002862960 _____ (Opera Software) C:\Users\Mr.Moon\Downloads\OperaSetup.exe
2023-01-21 01:12 - 2023-02-04 16:34 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-01-14 10:00 - 2023-01-14 10:00 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-09 21:11 - 2017-01-10 18:13 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-09 21:00 - 2017-01-09 17:47 - 000000000 ____D C:\Program Files (x86)\Opera
2023-02-09 20:57 - 2017-05-05 21:03 - 000000000 ____D C:\Program Files\CCleaner
2023-02-09 20:40 - 2021-01-18 20:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-09 18:26 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-09 17:38 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-09 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-09 17:11 - 2021-01-18 20:19 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-02-09 17:10 - 2021-01-18 20:19 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 17:10 - 2021-01-18 20:19 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-09 17:10 - 2017-01-10 18:13 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-09 17:09 - 2017-10-21 16:29 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\AVAST Software
2023-02-09 17:09 - 2017-01-09 11:37 - 000000000 ___RD C:\Users\Mr.Moon\OneDrive
2023-02-09 17:08 - 2017-01-09 11:35 - 000000000 __SHD C:\Users\Mr.Moon\IntelGraphicsProfiles
2023-02-07 23:03 - 2017-09-26 20:51 - 000000000 ____D C:\ProgramData\NVIDIA
2023-02-07 22:49 - 2022-09-22 11:36 - 000003044 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-02-07 22:49 - 2022-09-22 11:36 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-02-07 22:49 - 2021-12-12 14:14 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2855870008-473113554-853457262-1002
2023-02-07 22:49 - 2021-08-22 19:12 - 000002254 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Mr.Moon
2023-02-07 22:49 - 2021-01-18 20:19 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-02-07 22:49 - 2021-01-18 20:19 - 000003402 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-02-07 22:49 - 2021-01-18 20:19 - 000003178 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-02-07 22:49 - 2021-01-18 20:19 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-02-07 22:49 - 2021-01-18 20:19 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2855870008-473113554-853457262-1002
2023-02-07 22:49 - 2021-01-18 20:19 - 000002520 _____ C:\WINDOWS\system32\Tasks\DllKitPRO
2023-02-07 22:49 - 2021-01-18 20:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2023-02-07 22:25 - 2021-03-18 19:02 - 000000000 ___RD C:\Users\Mr.Moon\Budweis Discgolf Club, z.s
2023-02-04 16:34 - 2020-06-05 23:17 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-04 16:33 - 2021-01-18 20:11 - 000002436 ____C C:\Users\Mr.Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-01 19:58 - 2021-03-21 11:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-02-01 19:58 - 2017-01-14 14:29 - 000695504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-01-31 19:56 - 2022-10-29 18:43 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-31 19:56 - 2022-10-29 18:43 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-01-24 22:38 - 2019-06-23 17:17 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\BitTorrentHelper
2023-01-24 22:38 - 2017-05-05 15:25 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Roaming\uTorrent
2023-01-24 22:35 - 2022-01-24 21:39 - 000000000 ____D C:\Users\Mr.Moon\AppData\Roaming\vlc
2023-01-24 22:12 - 2020-12-24 00:06 - 000000000 ___DC C:\Users\Mr.Moon\AppData\LocalLow\uTorrent
2023-01-22 16:35 - 2016-11-16 16:26 - 000000000 ____D C:\ProgramData\HP
2023-01-22 16:35 - 2016-09-02 09:01 - 000000000 ____D C:\Program Files\HP
2023-01-22 16:30 - 2020-09-30 20:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-22 16:07 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-22 15:27 - 2021-03-21 14:45 - 000000000 ___DC C:\Users\Mr.Moon\Desktop\Křemže
2023-01-22 15:27 - 2018-04-22 10:33 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Roaming\Graphisoft
2023-01-22 15:27 - 2018-04-22 10:33 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\Graphisoft
2023-01-22 15:27 - 2018-04-22 10:33 - 000000000 ____D C:\Users\Mr.Moon\Graphisoft
2023-01-21 01:09 - 2021-01-18 20:15 - 001841486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-01-21 01:09 - 2019-12-07 15:41 - 000766654 _____ C:\WINDOWS\system32\perfh005.dat
2023-01-21 01:09 - 2019-12-07 15:41 - 000170398 _____ C:\WINDOWS\system32\perfc005.dat
2023-01-21 01:09 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-01-21 01:02 - 2017-01-14 14:27 - 000000000 ____D C:\ProgramData\AVAST Software
2023-01-21 01:01 - 2021-01-18 20:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-01-21 01:01 - 2021-01-18 20:08 - 000008192 ___SH C:\DumpStack.log.tmp
2023-01-21 01:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-01-21 01:01 - 2017-09-26 20:52 - 000000000 ____D C:\ProgramData\Synaptics
2023-01-21 01:01 - 2016-11-16 16:19 - 000000000 ___DC C:\Intel
2023-01-15 21:05 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-01-15 21:04 - 2021-01-18 20:08 - 000499456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-15 21:04 - 2017-03-09 12:47 - 000000000 ____D C:\Program Files\WinRAR
2023-01-15 21:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-01-15 21:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-01-15 21:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-01-15 21:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-01-15 19:13 - 2018-08-14 09:34 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\D3DSCache
2023-01-15 19:07 - 2021-01-18 20:08 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-01-14 10:00 - 2017-01-11 13:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-14 09:37 - 2017-01-10 19:57 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2014-07-10 07:16 - 2014-07-10 07:16 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2019-10-16 12:04 - 2019-10-16 12:04 - 000000218 _____ () C:\Users\Mr.Moon\AppData\Local\recently-used.xbel
2018-03-29 20:51 - 2018-03-29 20:51 - 000000000 ____C () C:\Users\Mr.Moon\AppData\Local\{AB9A71B7-5220-47BF-88CB-9C023A673E5D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Popup vir

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:


Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mr.Moon
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 08 kvě 2017 15:26

Re: Popup vir

#3 Příspěvek od Mr.Moon »

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-13-2023
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.2486)
# Cleaned: 38
# Failed: 0


***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\Insist
Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Mr.Moon\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Mr.Moon\AppData\Roaming\Firefox
Deleted C:\Users\Mr.Moon\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\Mr.Moon\AppData\Roaming\Seznam.cz

***** [ Files ] *****

Deleted C:\Users\Public\Documents\report.dat
Deleted C:\Users\Public\Documents\temp.dat

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\ADC0E0D1B3B66C7DE6BE216AD908E4E0
Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Seznam.cz
Deleted HKLM\SOFTWARE\ADC0E0D1B3B66C7DE6BE216AD908E4E0
Deleted HKLM\Software\InterSect Alliance
Deleted HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit
Deleted HKLM\Software\Wow6432Node\ADC0E0D1B3B66C7DE6BE216AD908E4E0
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{72e636e0-c563-400f-a778-dd726807eb1f}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{72e636e0-c563-400f-a778-dd726807eb1f}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{72e636e0-c563-400f-a778-dd726807eb1f}|UninstallString
Deleted HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Esko - olfeabkoenfaoljndfecamgilllcpiak

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [8436 octets] - [13/02/2023 20:11:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Popup vir

#4 Příspěvek od Rudy »

OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mr.Moon
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 08 kvě 2017 15:26

Re: Popup vir

#5 Příspěvek od Mr.Moon »

U mě se to zdá být OK.... ?

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-02-2023 01
Ran by Mr.Moon (14-02-2023 20:12:44)
Running from C:\Users\Mr.Moon\Desktop
Microsoft Windows 10 Home Version 22H2 19045.2486 (X64) (2021-01-18 19:20:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2855870008-473113554-853457262-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2855870008-473113554-853457262-503 - Limited - Disabled)
Guest (S-1-5-21-2855870008-473113554-853457262-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2855870008-473113554-853457262-1005 - Limited - Enabled)
Mr.Moon (S-1-5-21-2855870008-473113554-853457262-1002 - Administrator - Enabled) => C:\Users\Mr.Moon
WDAGUtilityAccount (S-1-5-21-2855870008-473113554-853457262-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\uTorrent) (Version: 3.5.5.46096 - BitTorrent Inc.)
4K Video Downloader 4.3 (HKLM-x32\...\{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F}) (Version: 4.3.2.2215 - Open Media LLC)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.003.20314 - Adobe)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Aiseesoft Total Video Converter 9.2.56 (HKLM-x32\...\{E09CEBAA-4435-4404-8D82-4C029F6391E4}_is1) (Version: 9.2.56 - Aiseesoft Studio)
Akamai NetSession Interface (HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ANT Drivers Installer x64 (HKLM\...\{AB7F8484-10C7-430B-8062-BA4D840BC328}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 6.1.3 (HKLM-x32\...\Any Video Converter) (Version: 6.1.3 - Anvsoft)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{ebb1b402-cb45-43ea-bce4-ea5eaa2580b9}) (Version: 21.10.0 - Intel Corporation)
Aplikácie Microsoft 365 pre podnikateľov - sk-sk (HKLM\...\O365BusinessRetail - sk-sk) (Version: 16.0.16026.20146 - Microsoft Corporation)
ArchiCAD 16 CZE (HKLM\...\001FFF2FFF16FF00FF1101F01F02F000-R1) (Version: 16.0 - GRAPHISOFT)
ARCHICAD 23 Goodies Suite R1 CZE (HKLM\...\Goodies 23.0 CZE FULL R1 1) (Version: 23.0.0.3003 - GRAPHISOFT SE)
ARCHICAD 23 R1 CZE (HKLM\...\ARCHICAD 23.0 CZE FULL R1 1) (Version: 23.0.0.3003 - GRAPHISOFT SE)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.12.6044 - Avast Software)
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.76.1090 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 6.08 - Piriform)
CodeMeter Runtime Kit v6.80 (HKLM\...\{8F3C9680-6728-4AD2-992D-9615C0DA06C0}) (Version: 6.80.3312.500 - WIBU-SYSTEMS AG)
Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.239.70 - Conexant)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6722 - CyberLink Corp.)
doPDF (HKLM\...\{F64C7477-8040-4993-9554-EC22AE7FA2C0}) (Version: 8.9.951 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{3e04b5b8-dfc4-4bb3-99a1-a57ad01e1d55}) (Version: 8.9.951 - Softland)
doPDF 8 (HKLM-x32\...\{d60f1f61-f188-4d19-b6ba-318807183789}) (Version: 8.8.947 - Softland)
downloadhotfile.com Free Image Converter (HKLM-x32\...\downloadhotfile.com Free Image Converter_is1) (Version: - downloadhotfile.com)
EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.2.0.100 - EasternGraphics)
Elevated Installer (HKLM-x32\...\{917F39C7-FBD3-45F2-99DF-3A97EB981D5D}) (Version: 7.11.0.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Garmin Express (HKLM-x32\...\{3e2be2c6-99a0-4538-8f40-231106165750}) (Version: 7.11.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{A0D75BFE-F68C-450A-8353-C42A3F264BED}) (Version: 7.11.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.77 - Google LLC)
GRAPHISOFT BIMx Desktop Viewer (HKLM\...\BIMx Viewer 23.0 GEN FULL R1 1) (Version: 2019.2.2328.0 - GRAPHISOFT SE)
GRAPHISOFT License Manager Tool (HKLM\...\License Manager Tool 20.0 INT FULL R1 1) (Version: 20.0.0.4800 - GRAPHISOFT SE)
Hi-Rez Studios Games (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Client Security Manager (HKLM\...\{2E1A694B-79B5-4BBC-83BC-659BDEA51B9D}) (Version: 9.0.1.2128 - HP Inc.) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 9.0.1.2128 - HP Inc.)
HP Device Access Manager (HKLM\...\{766ED263-4CA0-4D2F-9FA8-717827F718D6}) (Version: 8.3.16.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{872897C1-CDCD-4466-82AA-5483BCCF09C7}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{B0D5BCD0-8DFB-48A3-9BDF-4E183159E420}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{C0407127-4831-47CD-8A7A-E5ED7A2D398B}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{FC292FE3-B7B0-492C-BC2E-C0DFCA30FC92}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{39404020-C431-4331-9241-62956555DA49}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{3efaef38-ee9e-4421-bea3-e0a4d835d3f4}) (Version: 5.1.20088 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{C5AD7A64-6DDF-482A-8E7D-FA1DED0A201A}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ESU for Microsoft Windows 10 (HKLM-x32\...\{94D0EB60-8B2F-4A80-BA74-3D312434415F}) (Version: 11.2.2 - HP)
HP Hotkey Support (HKLM-x32\...\{6E7401DB-B722-4428-BE94-DD4740CF6464}) (Version: 5.0.28.1 - Hewlett-Packard Company)
HP JumpStart Bridge (HKLM-x32\...\{6B4A5299-4837-485A-B71D-7F1CE6F8F018}) (Version: 1.0.0.143 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}) (Version: 1.0.145.0 - HP Inc.)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
HP SoftPaq Download Manager (HKLM-x32\...\{92db00b4-c4ee-4893-bc4e-8be6548b2742}) (Version: 4.3.4.0 - HP)
HP Software Setup (HKLM-x32\...\{C968E860-054F-490F-95C6-C9A29601459E}) (Version: 9.2.2 - HP)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.18.34.21 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Default Settings (HKLM-x32\...\{E570B9C2-9A83-4938-BBD5-0A8C068083C1}) (Version: 1.2.3.1 - HP INC)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.13 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3DAC4F8C-80E6-4204-8A58-747FA4CBAA03}) (Version: 16.0.246 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM\...\{C7CC96C7-C99C-40DD-BB6B-C7BFC2899979}) (Version: 10.1.17809.8096 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{00176A23-1A4E-4429-817E-44B40D9EF692}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{0854C811-6DAD-441D-AB36-2F73631A04A1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{650FF4FD-69E7-4AA4-9F46-6B7DFC8489F7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{1535E647-D354-4775-9EE8-FD9E8ED0701A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{06886E89-6E1B-4DD9-87F9-B9E25F63D74F}) (Version: 15.2.3.1031 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.3.1031 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{9F1AF949-EE77-4767-B771-1869DB586422}) (Version: 19.30.1649.0953 - Intel Corporation)
Intel(R) Wireless Manageability Driver (HKLM\...\{28C2C4DE-AAF6-424D-B018-5142729E1C67}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Wireless Manageability Driver Extension (HKLM\...\{03C415A8-0861-4BB7-8857-27089E6C298A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless WiFi Software (HKLM\...\{0DD553C6-5E1A-4F52-889D-00AD0854F863}) (Version: 21.10.0.3096 - Intel Corporation) Hidden
Java 8 Update 333 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180333F0}) (Version: 8.0.3330.2 - Oracle Corporation)
Kodi (HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Kodi) (Version: - XBMC-Foundation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Malwarebytes version 4.5.22.236 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.22.236 - Malwarebytes)
Microsoft 365 Apps for business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft 365 Apps pro firmy - cs-cz (HKLM\...\O365BusinessRetail - cs-cz) (Version: 16.0.16026.20146 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.41 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.78 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\OneDriveSetup.exe) (Version: 23.020.0125.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Teams) (Version: 1.4.00.19572 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{2FAF2A80-5906-467E-8AD2-B83C94383600}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{F85F7FF0-5DFF-4BC0-9045-C9573D1BC11F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.11.25325 (HKLM\...\{B13B3E11-1555-353F-A63A-8933EE104FBD}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.11.25325 (HKLM\...\{B0037450-526D-3448-A370-CACBD87769A0}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{9F60F614-829C-4DE0-8671-C977529A0CAE}) (Version: 8.9.951 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{D175C46B-DDC1-49B2-95C4-93825A97E718}) (Version: 8.9.951 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{C5275556-5365-45C5-9586-1F6D56CD4BB4}) (Version: 8.9.951 - Softland)
NVIDIA Ovladače grafiky 516.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 516.69 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16026.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenOffice 4.1.4 (HKLM-x32\...\{6CA4F7F3-B909-4292-B791-AAA959155DE0}) (Version: 4.14.9788 - Apache Software Foundation)
Opera Stable 95.0.4635.37 (HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Opera 95.0.4635.37) (Version: 95.0.4635.37 - Opera Software)
pCon.planner ME (HKLM-x32\...\{81C6067F-C199-48DA-B146-83BACD756321}) (Version: 7.0.0.101 - EasternGraphics)
pCon.update DataClient 1.8.2 Patch 3 (HKLM-x32\...\{554EA232-0BF1-4248-B474-07FB0EF7F9CF}) (Version: 1.8.2.103 - EasternGraphics) Hidden
pCon.update DataClient 1.8.2 Patch 3 (HKLM-x32\...\pCon.update DataClient) (Version: 1.8.2.103 - EasternGraphics)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.148 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
Skype for Business Basic 2016 - en-us (HKLM\...\SkypeforBusinessEntryRetail - en-us) (Version: 16.0.16026.20146 - Microsoft Corporation)
Software602 Form Filler (HKLM-x32\...\{04703FE3-1A8B-4467-88E6-3D6A1A0FA65A}) (Version: 4.70 - Software602 a.s.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.8.32 - Synaptics Incorporated)
Synaptics WBF Fingerprint Reader (HKLM\...\{2EB365E9-44C2-4501-AC32-2535B29A7FDE}) (Version: 4.5.338.0 - Synaptics)
System Explorer 7.0.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.7174 - Microsoft Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
TZB modelár AC23 R1 CZE (HKLM\...\ARCHICAD MEP Add-On 23.0 CZE FULL R1 1) (Version: 23.0.0.3003 - GRAPHISOFT SE)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
uTorrent Web (HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\utweb) (Version: 1.1.2 - BitTorrent, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VirtualDJ 8 (HKLM-x32\...\{F7A68F9D-BBF0-48FF-B138-2EFB5165638C}) (Version: 8.0.2048.0 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.40 of 2016-Dec-22 (Build 2402) (Setup) - WIBU-SYSTEMS AG)
Windows Movie Maker 2019 (HKLM\...\{9CC29C6A-B5FE-497B-8F23-52A2557A92C0}}_is1) (Version: - VideoWin)
WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH)
XnViewMP 0.98.4 (HKLM\...\XnViewMP_is1) (Version: 0.98.4 - Gougelet Pierre-e)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-12] (Autodesk Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-09-10] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-12-08] (Microsoft Corporation)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2023-01-22] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.23.20.0_x64__v10z8vjag6ke6 [2023-01-22] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.29.0_x64__v10z8vjag6ke6 [2022-04-02] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-02] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2855870008-473113554-853457262-1002_Classes\CLSID\{04271989-C4D2-858D-75A1-086687E6BE6F} -> [Budweis Discgolf Club, z.s] => C:\Users\Mr.Moon\Budweis Discgolf Club, z.s [2021-03-18 19:02]
CustomCLSID: HKU\S-1-5-21-2855870008-473113554-853457262-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Mr.Moon\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21105.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2855870008-473113554-853457262-1002_Classes\CLSID\{DEDBE4C9-9E87-40C5-B437-9AAB7EB9C667}\InprocServer32 -> C:\Program Files (x86)\EasternGraphics\EGR-ShellExtension\Win64\egr_se.dll (EasternGraphics GmbH -> EasternGraphics)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-02] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-13] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxDTCM.dll [2020-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2022-07-06] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2023-01-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-13] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Mr.Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Mr.Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
ShortcutWithArgument: C:\Users\Mr.Moon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) =============

2023-01-02 10:47 - 2023-01-02 10:47 - 000122368 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\7fddf0feec7e99896c1e5a6cf1927a1b\BRIDGECommon.ni.dll
2023-01-02 10:48 - 2023-01-02 10:48 - 000113152 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\ce7a2bdda4ab4126b61cac38931c0d87\BridgeExtension.ni.dll
2022-01-24 00:19 - 2019-04-22 15:50 - 001370112 _____ (Conexant Systems LLC.) [File not signed] C:\Program Files\Conexant\SA3\HP-NB-AIO\CxHDAudioAPI.dll
2016-08-24 18:45 - 2016-08-24 18:45 - 000382464 _____ (Crossmatch, Inc.) [File not signed] C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPCPFelica.dll
2016-08-24 18:43 - 2016-08-24 18:43 - 000337920 _____ (Crossmatch, Inc.) [File not signed] C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPDevice2.dll
2016-08-24 18:46 - 2016-08-24 18:46 - 000456192 _____ (Crossmatch, Inc.) [File not signed] C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPDevice5.dll
2013-01-23 23:03 - 2013-01-23 23:03 - 000113496 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\CaslShared.dll
2013-01-23 23:03 - 2013-01-23 23:03 - 000092504 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\hpcasl.dll
2013-03-26 21:12 - 2013-03-26 21:12 - 000056832 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HP.Mobile.Shared.dll
2016-08-24 18:09 - 2016-08-24 18:09 - 000220160 _____ (RFIDeas) [File not signed] C:\Program Files\HP\HP ProtectTools Security Manager\Bin\pcProxAPI.dll
2022-01-23 15:55 - 2020-03-04 17:16 - 001431552 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\CONEXANT\Flow\x64\SQLite.Interop.dll
2017-08-16 13:15 - 2017-08-16 13:15 - 000018944 _____ (Softland) [File not signed] C:\WINDOWS\System32\novamn8.dll
2017-10-23 19:15 - 2015-07-14 11:27 - 000036864 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\WINDOWS\System32\602localmon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-01-10] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\ssv.dll [2023-01-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\jp2ssv.dll [2023-01-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-01-10] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-02-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\sharepoint.com -> hxxps://discgolfcb-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2019-01-05 00:42 - 000000769 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2855870008-473113554-853457262-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mr.Moon\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{de29e945-9597-41f6-9bc0-9ed4db73ed2b}.jpg
DNS Servers: 10.255.255.10 - 10.255.255.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B344C037-3AD5-4C0E-82E9-35D1BD54C745}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [UDP Query User{E35F2E31-2D89-487F-9379-8F04722A04D9}C:\program files\graphisoft\archicad 16\licensefilegenerator.exe] => (Allow) C:\program files\graphisoft\archicad 16\licensefilegenerator.exe (Graphisoft SE) [File not signed]
FirewallRules: [TCP Query User{F44998A4-61C2-4E98-B1EE-01E5211721B0}C:\program files\graphisoft\archicad 16\licensefilegenerator.exe] => (Allow) C:\program files\graphisoft\archicad 16\licensefilegenerator.exe (Graphisoft SE) [File not signed]
FirewallRules: [{B2F204C1-49EF-41F6-8EC6-5377E0BD79E2}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 16\GSQuickTimeServer\GSQTServer.exe (Graphisoft SE) [File not signed]
FirewallRules: [{E23839F9-9B05-4A2E-99B7-C5A975808A53}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 16\GSQuickTimeServer\GSQTServer.exe (Graphisoft SE) [File not signed]
FirewallRules: [{549F409D-9B27-4CE6-9830-1F7E0EC91958}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 16\ArchiCAD.exe (Graphisoft SE) [File not signed]
FirewallRules: [{9D6A03E7-149B-47F7-9BD3-E1101E747355}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 16\ArchiCAD.exe (Graphisoft SE) [File not signed]
FirewallRules: [UDP Query User{B6176517-924A-485F-9F3B-CC7D7919F4B6}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [TCP Query User{A751A77F-09EC-42F9-A7B3-43FF81503918}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [{7E246655-5DE0-4BD0-B13F-E51CDF7A4E8D}] => (Allow) LPort=8501
FirewallRules: [{5C965D92-A274-43E9-B08F-CDFAFE7D9578}] => (Allow) LPort=8501
FirewallRules: [UDP Query User{1D0127EC-084C-4052-A632-762E56D4B491}D:\mr.moon\hry\games\warcraft iii 1.24.4\war3.exe] => (Block) D:\mr.moon\hry\games\warcraft iii 1.24.4\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{71DE31FA-A031-4A54-B487-49DAE45FC8EB}D:\mr.moon\hry\games\warcraft iii 1.24.4\war3.exe] => (Block) D:\mr.moon\hry\games\warcraft iii 1.24.4\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{3065A6F1-B139-4956-AFF4-5B1BCD4D3AFD}H:\games\warcraft iii 1.24.4\war3.exe] => (Allow) H:\games\warcraft iii 1.24.4\war3.exe => No File
FirewallRules: [TCP Query User{D1B95E1E-8C89-4D05-982D-BD218B147D0C}H:\games\warcraft iii 1.24.4\war3.exe] => (Allow) H:\games\warcraft iii 1.24.4\war3.exe => No File
FirewallRules: [{DE61AB0D-6F6F-4EEA-A6B4-4F491607F4F0}] => (Allow) C:\Users\Mr.Moon\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6A68A78F-8648-42B3-8CD9-5678599E33FD}] => (Allow) C:\Users\Mr.Moon\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AC92156B-EA3D-4673-B57E-825F8C71936C}] => (Allow) C:\Users\Mr.Moon\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{599398A9-216C-4A0B-BD03-06CCE72461B3}] => (Allow) C:\Users\Mr.Moon\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6F2ABEC5-1223-4D80-90AE-6B55F8B14756}] => (Allow) C:\Users\Mr.Moon\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1A1865C4-06C1-4C53-9743-1ACC41D9CA20}] => (Allow) C:\Users\Mr.Moon\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{ACC04BC1-A965-417C-BB02-6FE711C19F8F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{34A8FC4F-3AD5-4FCA-A1D1-A40B8E4048CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{20AC8B10-B3DE-4E41-AF4F-E6D8BD66EAAD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C99C296A-3499-4F1F-BF69-0FBCABE44FC6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{05E89346-EF4A-436D-A511-0F64240334D8}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{6C5AD390-A115-4054-BBC2-ECD17351C01D}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{1E97EDFA-41C0-4B23-90B5-7F7550333A48}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{FC89D26D-CC7B-4E2C-96D9-554731B1F4AD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{FE4E0B16-4B82-4A3B-8C64-8E1BD3A77D55}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [UDP Query User{D6E5F161-EF8F-4B52-98B2-7EA0E84456A4}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [{C2EE5572-087E-4651-B3EB-200BAC23A2B6}] => (Allow) C:\Users\Mr.Moon\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{9D1011E0-635B-46BD-BCD7-6FD63A7E3B8B}] => (Allow) C:\Users\Mr.Moon\AppData\Roaming\uTorrent Web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [TCP Query User{077CA15D-5C4B-48E5-A6EF-863813F59FBA}C:\users\mr.moon\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\mr.moon\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [UDP Query User{AE85C399-09F8-46F5-80A0-0B796CB32A3E}C:\users\mr.moon\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\mr.moon\appdata\roaming\utorrent web\utweb.exe (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
FirewallRules: [{8537EFD9-B3E1-4A82-A7C1-96CC663C315A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{51201C49-EE54-4FA7-8958-E0CA856170B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A77CC712-4518-4886-9CFB-D7924A1CFABE}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\ARCHICAD.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{3B6F887F-1575-4AA8-ADA5-DB62A4F14F83}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\ARCHICAD Starter.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{C0C64277-62CA-4DBA-8316-EA4DCF5D529A}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\CineRender\CineRenderNEM.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{CD3A4FDA-6A98-4521-8365-D3E24D667AA1}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\BIMxUploader.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{84C7714F-7665-4633-88B0-9F08D01584CE}] => (Block) C:\Program Files\GRAPHISOFT\ARCHICAD 23\OverwatchServer.exe (GRAPHISOFT SE) [File not signed]
FirewallRules: [{D3E0E303-C50A-4B19-BBAD-0F78D7335792}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{E0EC93DA-1261-4D89-AE5D-BBD8BDCC1BA5}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
FirewallRules: [{CE346013-1FF9-49A3-8A96-AA9E8D06C58F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{30A3386D-1562-4352-86FA-35F27BD899DF}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C182720D-4BDA-43BF-BB3A-2E8660959656}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DB2FFA86-F62A-4264-80FC-8826563AF8A4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{04BAB891-ACBF-4542-8364-4BB647F4C2AA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{A959C7DE-23AF-458F-AD67-27BAAD31F7EB}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{7EFB2377-C568-4F62-B132-D81C852A5F21}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{893EBD6D-A7C9-40C0-923F-C15B5A8EA6DC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.78\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EED5E5BC-ED3C-4929-847F-EDF13111E1E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

09-02-2023 19:11:26 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/13/2023 08:16:52 PM) (Source: HPTouchpointAnalyticsService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at HP.TouchpointAnalyticsClient.Commons.Utils.HpsaUtils.get_HpsaVersion()
at HP.TouchpointAnalyticsClient.Commons.Objects.Unit.DefaultAccountNameProvider.get_Hpsa()
at HP.TouchpointAnalyticsClient.Commons.Objects.Unit.FindAccountName(IAccountNameProvider nameProvider)
at HP.TouchpointAnalyticsClient.Commons.Objects.Unit.CreateDefault()
at HP.TouchpointAnalyticsClient.Service.ClientScheduler..ctor()
at HP.TouchpointAnalyticsClient.Service.TouchpointAnalyticsClientService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/13/2023 08:16:07 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: Registrace certifikátu SCEP pro WORKGROUP\DESKTOP-NPUD7BO$ přes https://IFX-KeyId-9c7df5a91c3d49bbe7378 ... s/Aik/scep se nepovedla:

SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Date: Mon, 13 Feb 2023 19:16:07 GMT
Content-Length: 101
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 7b2e9b7d-6022-4aec-83b5-92ea1dad35b8

Metoda: POST(7125ms)
Fáze: SubmitDone
Chybná žádost (400) 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (02/13/2023 08:13:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe, verze: 10.0.19041.1806, časové razítko: 0x7dcad237
Název chybujícího modulu: SyncController.dll, verze: 10.0.19041.746, časové razítko: 0x2aa6ba67
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003d3bc
ID chybujícího procesu: 0x1008
Čas spuštění chybující aplikace: 0x01d93fd65904cf28
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\SyncController.dll
ID zprávy: 11692ea9-4b71-49f5-9466-14d120521102
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/13/2023 07:09:52 PM) (Source: HPTouchpointAnalyticsService) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
at HP.TouchpointAnalyticsClient.Commons.Utils.HpsaUtils.get_HpsaVersion()
at HP.TouchpointAnalyticsClient.Commons.Objects.Unit.DefaultAccountNameProvider.get_Hpsa()
at HP.TouchpointAnalyticsClient.Commons.Objects.Unit.FindAccountName(IAccountNameProvider nameProvider)
at HP.TouchpointAnalyticsClient.Commons.Objects.Unit.CreateDefault()
at HP.TouchpointAnalyticsClient.Service.ClientScheduler..ctor()
at HP.TouchpointAnalyticsClient.Service.TouchpointAnalyticsClientService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (02/13/2023 07:09:05 PM) (Source: CertEnroll) (EventID: 87) (User: NT AUTHORITY)
Description: Registrace certifikátu SCEP pro WORKGROUP\DESKTOP-NPUD7BO$ přes https://IFX-KeyId-9c7df5a91c3d49bbe7378 ... s/Aik/scep se nepovedla:

SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Date: Mon, 13 Feb 2023 18:09:05 GMT
Content-Length: 101
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: f762e6d7-0a0e-48d3-94ad-3459b869e9f2

Metoda: POST(3063ms)
Fáze: SubmitDone
Chybná žádost (400) 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)

Error: (02/13/2023 07:07:04 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (02/13/2023 07:07:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (02/13/2023 07:07:03 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.


System errors:
=============
Error: (02/14/2023 08:14:10 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (02/14/2023 08:11:58 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (02/14/2023 08:11:34 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (02/14/2023 08:11:10 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (02/14/2023 08:10:15 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (02/14/2023 08:10:12 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (02/14/2023 08:09:33 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (02/14/2023 08:09:10 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.


CodeIntegrity:
===============
Date: 2023-02-14 20:10:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2023-02-14 20:08:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2023-02-14 20:08:10
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: HP P85 Ver. 01.35 07/14/2020
Motherboard: HP 8231
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 52%
Total physical RAM: 8083.75 MB
Available physical RAM: 3866.29 MB
Total Virtual: 9491.75 MB
Available Virtual: 4452.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:115.8 GB) (Free:8.77 GB) (Model: SAMSUNG MZNTY128HDHP-000H1) NTFS
Drive d: (DATADRIVE0) (Fixed) (Total:931.39 GB) (Free:293.82 GB) (Model: TOSHIBA MQ01ABD100) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) (Model: SAMSUNG MZNTY128HDHP-000H1) FAT32
Drive f: (THE_FORCE_AWAKENS) (CDROM) (Total:7.05 GB) (Free:0 GB) UDF

\\?\Volume{9f8328ee-4e74-4bf3-8a0e-6d505b3db78b}\ () (Fixed) (Total:0.96 GB) (Free:0.18 GB) NTFS
\\?\Volume{146b9a2b-751e-4f23-ad4c-72482e958cbb}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4D5962CF)

Partition: GPT.

==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: A4776A55)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Popup vir

#6 Příspěvek od Rudy »

Kde je log FRST? Bez něj to nedočistíme.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mr.Moon
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 08 kvě 2017 15:26

Re: Popup vir

#7 Příspěvek od Mr.Moon »

Omlouvám se, špatný okno.
Znovu zde:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-02-2023 01
Ran by Mr.Moon (administrator) on DESKTOP-NPUD7BO (HP HP ProBook 450 G4) (14-02-2023 20:10:46)
Running from C:\Users\Mr.Moon\Desktop
Loaded Profiles: Mr.Moon
Platform: Microsoft Windows 10 Home Version 22H2 19045.2486 (X64) Language: Čeština (Česko)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpHostW.exe ->) (DigitalPersona, Inc. -> Crossmatch, Inc.) C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Users\Mr.Moon\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Mr.Moon\AppData\Local\Microsoft\OneDrive\23.020.0125.0003\Microsoft.SharePoint.exe
(C:\Users\Mr.Moon\AppData\Local\Programs\Opera\launcher.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Mr.Moon\AppData\Local\Programs\Opera\95.0.4635.37_0\opera_autoupdate.exe <2>
(C:\Windows\CxSvc\CxAudioSvc.exe ->) (Synaptics Incorporated -> Conexant Systems LLC.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(C:\Windows\CxSvc\CxAudioSvc.exe ->) (Synaptics Incorporated -> Conexant Systems, Inc) C:\Program Files\CONEXANT\Flow\Flow.exe
(DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HPHotkeyNotification.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxEM.exe
(explorer.exe ->) (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Hewlett-Packard -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe <2>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Conexant Systems LLC.) [File not signed] C:\Windows\CxSvc\CxUtilSvc.exe
(services.exe ->) (DigitalPersona, Inc. -> Crossmatch, Inc.) C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpHostW.exe
(services.exe ->) (Hewlett Packard Enterprise Company -> Hewlett Packard Enterprise Company) C:\Program Files (x86)\HP\HP Device Access Manager\HPE.DeviceAccessManager.ServiceHost.exe
(services.exe ->) (Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\fpCSEvtSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Softland SRL -> Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(services.exe ->) (Synaptics Incorporated -> Conexant Systems LLC.) C:\Windows\CxSvc\CxAudioSvc.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Mr.Moon\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe <2>
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Mr.Moon\AppData\Local\Programs\Opera\launcher.exe
(svchost.exe ->) (Synaptics Incorporated -> Conexant) C:\Windows\System32\MicTray64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [225248 2019-10-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-11-10] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [215960 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [664848 2016-04-26] (Hewlett-Packard Company -> HP Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [338000 2015-06-22] (Hewlett-Packard -> Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [109324536 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38935376 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [utweb] => C:\Users\Mr.Moon\AppData\Roaming\uTorrent Web\utweb.exe [5617792 2020-12-01] (Jenkins Win Client Build CA -> BitTorrent Inc.) [File not signed]
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [Zoner Photo Studio Autoupdate] => "C:\Users\Mr.Moon\AppData\Local\Programs\Zoner\ZPS X\binary\Program32\ZPSTRAY.EXE" (No File)
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31193432 2022-01-12] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Run: [Opera Stable] => C:\Users\Mr.Moon\AppData\Local\Programs\Opera\launcher.exe [2635208 2023-02-08] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Policies\Explorer: []
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {1be875f9-60b9-11ec-bc90-c8d3ffceea71} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {291e4d01-8079-11ec-bc97-c8d3ffceea71} - "H:\Lenovo_Suite.exe"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {7333d0d9-89ac-11eb-bc6d-c8d3ffceea71} - "H:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\novaPDF Port Monitor: C:\windows\system32\novamn8.dll [18944 2017-08-16] (Softland) [File not signed]
HKLM\...\Print\Monitors\Software602 XPS port monitor: C:\windows\system32\602localmon.dll [36864 2015-07-14] (Windows (R) Win 7 DDK provider) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\110.0.5481.77\Installer\chrmstp.exe [2023-02-09] (Google LLC -> Google LLC)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2021-03-21]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2016-11-16]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}\HPlogo_blue.ico () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2021-03-21]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F93CFB-A63E-4928-A1D3-3FEF5C32BD58} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [687544 2017-08-16] (Softland SRL -> )
Task: {1AED1D44-B8F7-4E37-ADDB-4D487C273A52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {21B44A73-09A8-415E-9C73-9827E10D3165} - System32\Tasks\Microsoft\Windows\Conexant\SynaMonApp => C:\Windows\System32\SynaMonApp.exe [170496 2018-10-30] (Synaptics Incorporated) [File not signed]
Task: {2524EC0E-425E-404A-8528-3AAD4233DED6} - System32\Tasks\pCon.update DataClient (Mr.Moon) => C:\Program Files (x86)\EasternGraphics\pCon.update\DataClient\bin\dc.exe [2369840 2014-10-09] (EasternGraphics GmbH -> EasternGraphics GmbH)
Task: {463EAA14-060A-42CB-AA34-F3972032A11C} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {4D1CA2BD-B029-44CE-8A37-BCFC0AE5535D} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe (No File)
Task: {5D659CCA-F194-41CA-892D-E362190BD10F} - System32\Tasks\{523C9502-07C9-4D95-BD39-FBF3CA50DE96} => C:\WINDOWS\system32\pcalua.exe -a "H:\games\Warcraft III 1.24.4\Frozen Throne.exe" -d "H:\games\Warcraft III 1.24.4"
Task: {62A7092E-F5A9-4D9E-8A87-7983F0424E37} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114616 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {655F6F98-F59C-4D86-B1BF-6C95AF61E88E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc -> Google Inc.)
Task: {658CC622-28D8-47E7-9750-FAF32B9B303E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {65FD24C3-1D64-434B-999A-C7C2E51DB714} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs (No File)
Task: {727E8868-54AF-481B-AC35-5A29EF4697EC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [715744 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7AD9D03E-CE4C-4DB0-957F-1C68B8E53F22} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [5009512 2020-06-13] (Synaptics Incorporated -> Conexant)
Task: {7CA79BAB-829C-4275-BF9C-E3362685FB4C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2023-01-11] (Piriform Software Ltd -> Piriform)
Task: {7E78516A-F814-45DB-8FCA-5FD933D75321} - System32\Tasks\CCleanerSkipUAC - Mr.Moon => C:\Program Files\CCleaner\CCleaner.exe [32617808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {803C5FF4-9A82-400E-B619-80DA2AF3A986} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [26968 2022-01-12] (Garmin International, Inc. -> )
Task: {813572DB-9805-4BE7-A142-C7F97B6D2D3D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A683C5CC-1526-4C4D-A4FC-C5FC268FEDE8} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114616 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6B655F7-3344-4CA9-976A-590E6E60DB76} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {A9AB0F59-30B2-4C9C-B63A-A464F4A37C4F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4954008 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
Task: {AE290EBB-2275-4B36-8A28-A42DD7314E80} - System32\Tasks\Thuhaent Reports => C:\Program Files (x86)\Ckudalycotaied\coerheght.exe dd5f483f-22ba-4fe2-8731-37dce570a7c0 (No File)
Task: {B6D0A447-368C-488C-A0CF-1E075E976F58} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [1286144 2017-09-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {BE729E7E-ED7D-4120-B5B9-497A96FBB95A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C2586D29-12F5-41D8-AC84-BC68EFAAC805} - System32\Tasks\Opera scheduled Autoupdate 1675974763 => C:\Users\Mr.Moon\AppData\Local\Programs\Opera\launcher.exe [2635208 2023-02-08] (Opera Norway AS -> Opera Software)
Task: {CCC0CD41-79D5-4470-8655-050F46813CA7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2295192 2023-01-31] (Avast Software s.r.o. -> Avast Software)
Task: {CD680D71-6095-48DA-9A99-074659A43730} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-01-10] (HP Inc. -> HP Inc.)
Task: {D365EE47-5E0B-4BFD-B554-935D035F9A75} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4713808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "7865719a-0b92-450b-8023-026ab5e0a8c2" --version "6.08.10255" --silent
Task: {D3C65CC6-E22E-4B01-9215-1F706FACCC92} - System32\Tasks\{BB1F8A39-41B8-40F4-B1AC-45CE6088176A} => C:\WINDOWS\system32\pcalua.exe -a "D:\Mr.Moon\hry\games\Warcraft III 1.24.4\Frozen Throne.exe" -d "D:\Mr.Moon\hry\games\Warcraft III 1.24.4"
Task: {D41E5BC5-0000-4967-A341-323C5CBE770D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc -> Google Inc.)
Task: {D939445E-0B3C-4CFB-AAE3-941F253D1A55} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [843800 2016-06-02] (HP Inc. -> )
Task: {F0DE5D4A-D04D-4195-8551-56F1827ECD84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-01-10] (HP Inc. -> HP Inc.)
Task: {F582EAD5-8902-4AD0-926B-1867A0DEDD26} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\pCon.update DataClient (Mr.Moon).job => C:\Program Files (x86)\EasternGraphics\pCon.update\DataClient\bin\dc.exe-tray_modeDESKTOP-NPUD7BO\Mr.MoonnAutomatically created task for pCon.update.Please do not change this taskmanually, use pCon.upd

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20
Tcpip\..\Interfaces\{5f4b3815-d773-4ae4-8886-bfbf1114f62a}: [DhcpNameServer] 10.255.255.10 10.255.255.20

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Mr.Moon\AppData\Local\Microsoft\Edge\User Data\Default [2023-01-22]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @graphisoft.com/GDL Web Plug-in -> C:\Program Files (x86)\GRAPHISOFT\GDLWebControl\npGDLMozilla.dll [2012-09-04] () [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.333.2 -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\dtplugin\npDeployJava1.dll [2023-01-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.333.2 -> C:\Program Files (x86)\Java\jre1.8.0_333\bin\plugin2\npjp2.dll [2023-01-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s. -> Software602 a.s.)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2023-02-14] <==== ATTENTION
CHR Notifications: ChromeDefaultData -> hxxps://badoo.com
CHR Extension: (Adobe Acrobat: nástroje pro úpravu, převod a podpis souborů PDF) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-02-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-09]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-02-13]
CHR Extension: (HP Network Check Launcher) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2021-11-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-03]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Mr.Moon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2023-02-13]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-2855870008-473113554-853457262-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo]

Opera:
=======
OPR Profile: C:\Users\Mr.Moon\AppData\Roaming\Opera Software\Opera Stable [2023-02-14]
OPR DownloadDir: D:\
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Mr.Moon\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-10-29]
OPR Extension: (Opera Wallet) - C:\Users\Mr.Moon\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-01-21]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Mr.Moon\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8553880 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [597400 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [597400 2023-01-02] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1003344 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-01] (Microsoft Corporation -> Microsoft Corporation)
S4 CmWebAdmin.exe; C:\Program Files\CodeMeter\Runtime\bin\CmWebAdmin.exe [9760664 2018-12-19] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
R2 CxAudioSvc; C:\WINDOWS\CxSvc\CxAudioSvc.exe [96432 2020-09-08] (Synaptics Incorporated -> Conexant Systems LLC.)
R2 CxUtilSvc; C:\WINDOWS\CxSvc\CxUtilSvc.exe [166400 2019-06-25] (Conexant Systems LLC.) [File not signed]
R2 DpHost; C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpHostW.exe [524736 2016-08-24] (DigitalPersona, Inc. -> Crossmatch, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-11-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567888 2016-08-11] (Hewlett Packard Enterprise Company -> Hewlett-Packard Company)
R2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [22424 2019-10-02] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe [1561032 2022-10-12] (HP Inc. -> HP Inc.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [797640 2023-01-10] (HP Inc. -> HP Inc.)
R2 HpDamServiceHost; c:\Program Files (x86)\HP\HP Device Access Manager\HPE.DeviceAccessManager.ServiceHost.exe [20376 2016-08-09] (Hewlett Packard Enterprise Company -> Hewlett Packard Enterprise Company)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [796616 2023-01-10] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [459800 2016-06-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [793000 2023-01-10] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-28] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [796584 2023-01-10] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-04-18] (Hewlett-Packard Company -> HP Inc.)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\LanWlanWwanSwitchingServiceUWP.exe [606664 2022-10-12] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8967840 2023-02-13] (Malwarebytes Inc. -> Malwarebytes)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [53176 2017-08-16] (Softland SRL -> Microsoft)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Miroslav Topolar -> Mister Group)
R2 valWBFPolicyService; C:\WINDOWS\System32\valWBFPolicyService.exe [91032 2019-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31424 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229208 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391272 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-10-18] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [267888 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [555560 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80376 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852000 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [695504 2023-02-01] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318456 2023-01-02] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [284672 2021-04-17] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv64.sys [76432 2016-08-11] (Hewlett Packard Enterprise Company -> Hewlett-Packard Enterpise Company)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-04-27] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-04-27] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-02-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198088 2023-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [76216 2023-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181816 2023-02-13] (Malwarebytes Inc. -> Malwarebytes)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [118200 2019-06-21] (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-14 20:11 - 2023-02-14 20:11 - 000000000 ___HD C:\$WinREAgent
2023-02-13 20:15 - 2023-02-13 20:15 - 000181816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-02-13 20:13 - 2023-02-13 20:13 - 000004204 ____C C:\Users\Mr.Moon\Desktop\AdwCleaner[C00].txt
2023-02-13 20:11 - 2023-02-13 20:11 - 000000000 ____D C:\AdwCleaner
2023-02-13 20:10 - 2023-02-13 20:10 - 008791352 _____ (Malwarebytes) C:\Users\Mr.Moon\Desktop\adwcleaner.exe
2023-02-13 19:06 - 2023-02-13 19:06 - 000617381 ____C C:\Users\Mr.Moon\Desktop\txt.txt
2023-02-13 18:49 - 2023-02-13 20:15 - 000000000 ___DC C:\Users\Mr.Moon\AppData\LocalLow\IGDump
2023-02-13 18:47 - 2023-02-13 18:47 - 000000000 ____D C:\Users\Mr.Moon\AppData\Local\mbam
2023-02-13 18:45 - 2023-02-13 18:45 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-02-13 18:45 - 2023-02-13 18:45 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-02-13 18:44 - 2023-02-13 18:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-02-13 18:44 - 2023-02-13 18:44 - 000000000 ____D C:\Program Files\Malwarebytes
2023-02-13 18:41 - 2023-02-13 18:41 - 002555248 ____C (Malwarebytes) C:\Users\Mr.Moon\Desktop\MBSetup.exe
2023-02-09 21:34 - 2023-02-09 21:36 - 000056380 ____C C:\Users\Mr.Moon\Desktop\Addition.txt
2023-02-09 21:32 - 2023-02-09 21:32 - 000004222 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1675974763
2023-02-09 21:32 - 2023-02-09 21:32 - 000001520 ____C C:\Users\Mr.Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2023-02-09 21:31 - 2023-02-09 21:31 - 002862960 _____ (Opera Software) C:\Users\Mr.Moon\Downloads\OperaSetup (1).exe
2023-02-09 21:28 - 2023-02-09 21:28 - 000000000 ___HD C:\$AV_ASW
2023-02-09 21:24 - 2023-02-14 20:11 - 000037884 ____C C:\Users\Mr.Moon\Desktop\FRST.txt
2023-02-09 21:11 - 2023-02-14 20:11 - 000000000 ____D C:\FRST
2023-02-09 21:10 - 2023-02-09 21:10 - 002378240 _____ (Farbar) C:\Users\Mr.Moon\Desktop\FRST64.exe
2023-02-09 21:09 - 2023-02-09 21:09 - 002080256 _____ (Farbar) C:\Users\Mr.Moon\Downloads\FRST (1).exe
2023-02-09 21:08 - 2023-02-09 21:09 - 002080256 _____ (Farbar) C:\Users\Mr.Moon\Desktop\FRST.exe
2023-02-09 21:01 - 2023-02-09 21:02 - 002862960 _____ (Opera Software) C:\Users\Mr.Moon\Downloads\OperaSetup.exe
2023-01-21 01:12 - 2023-02-13 19:17 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-14 20:10 - 2017-05-05 21:03 - 000000000 ____D C:\Program Files\CCleaner
2023-02-14 20:10 - 2017-01-10 18:13 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-14 20:07 - 2021-01-18 20:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-14 20:07 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-13 20:18 - 2021-01-18 20:15 - 001841486 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-13 20:18 - 2019-12-07 15:41 - 000766654 _____ C:\WINDOWS\system32\perfh005.dat
2023-02-13 20:18 - 2019-12-07 15:41 - 000170398 _____ C:\WINDOWS\system32\perfc005.dat
2023-02-13 20:18 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-02-13 20:16 - 2017-10-21 16:29 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\AVAST Software
2023-02-13 20:15 - 2021-03-18 19:02 - 000000000 ___RD C:\Users\Mr.Moon\Budweis Discgolf Club, z.s
2023-02-13 20:15 - 2017-01-09 11:37 - 000000000 ___RD C:\Users\Mr.Moon\OneDrive
2023-02-13 20:14 - 2021-01-18 20:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-13 20:14 - 2021-01-18 20:08 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-13 20:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-13 20:14 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-02-13 20:14 - 2018-09-04 17:27 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\CrashDumps
2023-02-13 20:14 - 2017-09-26 20:52 - 000000000 ____D C:\ProgramData\Synaptics
2023-02-13 20:14 - 2017-09-26 20:51 - 000000000 ____D C:\ProgramData\NVIDIA
2023-02-13 20:14 - 2017-01-14 14:27 - 000000000 ____D C:\ProgramData\AVAST Software
2023-02-13 20:14 - 2017-01-09 11:35 - 000000000 __SHD C:\Users\Mr.Moon\IntelGraphicsProfiles
2023-02-13 20:14 - 2016-11-16 16:19 - 000000000 ___DC C:\Intel
2023-02-13 20:12 - 2019-03-30 23:29 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\Lavasoft
2023-02-13 20:12 - 2019-03-30 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2023-02-13 20:12 - 2019-03-30 23:28 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Roaming\Lavasoft
2023-02-13 20:12 - 2019-03-30 23:28 - 000000000 ____D C:\ProgramData\Lavasoft
2023-02-13 20:12 - 2019-03-30 23:28 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2023-02-13 19:17 - 2020-06-05 23:17 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-13 19:17 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-13 19:17 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-13 19:06 - 2021-01-18 20:11 - 000000000 ____D C:\Users\Mr.Moon
2023-02-13 19:05 - 2018-08-14 09:34 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\D3DSCache
2023-02-13 19:03 - 2017-04-27 21:13 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\Mezety
2023-02-13 18:45 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-13 18:41 - 2021-12-12 14:14 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2855870008-473113554-853457262-1002
2023-02-13 18:41 - 2021-01-18 20:19 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2855870008-473113554-853457262-1002
2023-02-13 18:41 - 2021-01-18 20:11 - 000002436 ____C C:\Users\Mr.Moon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-13 18:40 - 2021-01-18 20:19 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-02-13 18:38 - 2022-09-22 11:36 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-02-13 18:38 - 2017-01-09 17:47 - 000000000 ____D C:\Program Files (x86)\Opera
2023-02-09 17:10 - 2021-01-18 20:19 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 17:10 - 2021-01-18 20:19 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-09 17:10 - 2017-01-10 18:13 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-07 22:49 - 2022-09-22 11:36 - 000003044 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-02-07 22:49 - 2021-08-22 19:12 - 000002254 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Mr.Moon
2023-02-07 22:49 - 2021-01-18 20:19 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-02-07 22:49 - 2021-01-18 20:19 - 000003402 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-02-07 22:49 - 2021-01-18 20:19 - 000003178 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-02-07 22:49 - 2021-01-18 20:19 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-02-07 22:49 - 2021-01-18 20:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2023-02-01 19:58 - 2021-03-21 11:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-02-01 19:58 - 2017-01-14 14:29 - 000695504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-01-31 19:56 - 2022-10-29 18:43 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-31 19:56 - 2022-10-29 18:43 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-01-24 22:38 - 2019-06-23 17:17 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\BitTorrentHelper
2023-01-24 22:38 - 2017-05-05 15:25 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Roaming\uTorrent
2023-01-24 22:35 - 2022-01-24 21:39 - 000000000 ____D C:\Users\Mr.Moon\AppData\Roaming\vlc
2023-01-24 22:12 - 2020-12-24 00:06 - 000000000 ___DC C:\Users\Mr.Moon\AppData\LocalLow\uTorrent
2023-01-22 16:35 - 2016-11-16 16:26 - 000000000 ____D C:\ProgramData\HP
2023-01-22 16:35 - 2016-09-02 09:01 - 000000000 ____D C:\Program Files\HP
2023-01-22 16:30 - 2020-09-30 20:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-22 16:07 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-22 15:27 - 2021-03-21 14:45 - 000000000 ___DC C:\Users\Mr.Moon\Desktop\Křemže
2023-01-22 15:27 - 2018-04-22 10:33 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Roaming\Graphisoft
2023-01-22 15:27 - 2018-04-22 10:33 - 000000000 ___DC C:\Users\Mr.Moon\AppData\Local\Graphisoft
2023-01-22 15:27 - 2018-04-22 10:33 - 000000000 ____D C:\Users\Mr.Moon\Graphisoft
2023-01-15 21:04 - 2021-01-18 20:08 - 000499456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-15 21:04 - 2017-03-09 12:47 - 000000000 ____D C:\Program Files\WinRAR
2023-01-15 21:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-01-15 21:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-01-15 21:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-01-15 21:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-01-15 19:07 - 2021-01-18 20:08 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories ========

2014-07-10 07:16 - 2014-07-10 07:16 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2019-10-16 12:04 - 2019-10-16 12:04 - 000000218 _____ () C:\Users\Mr.Moon\AppData\Local\recently-used.xbel
2018-03-29 20:51 - 2018-03-29 20:51 - 000000000 ____C () C:\Users\Mr.Moon\AppData\Local\{AB9A71B7-5220-47BF-88CB-9C023A673E5D}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Popup vir

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Policies\Explorer: []
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {1be875f9-60b9-11ec-bc90-c8d3ffceea71} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {291e4d01-8079-11ec-bc97-c8d3ffceea71} - "H:\Lenovo_Suite.exe"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {7333d0d9-89ac-11eb-bc6d-c8d3ffceea71} - "H:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\novaPDF Port Monitor: C:\windows\system32\novamn8.dll [18944 2017-08-16] (Softland) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {4D1CA2BD-B029-44CE-8A37-BCFC0AE5535D} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe (No File)
Task: {5D659CCA-F194-41CA-892D-E362190BD10F} - System32\Tasks\{523C9502-07C9-4D95-BD39-FBF3CA50DE96} => C:\WINDOWS\system32\pcalua.exe -a "H:\games\Warcraft III 1.24.4\Frozen Throne.exe" -d "H:\games\Warcraft III 1.24.4"
Task: {655F6F98-F59C-4D86-B1BF-6C95AF61E88E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc -> Google Inc.)
Task: {658CC622-28D8-47E7-9750-FAF32B9B303E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {D41E5BC5-0000-4967-A341-323C5CBE770D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc -> Google Inc.)
Task: {F582EAD5-8902-4AD0-926B-1867A0DEDD26} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\Users\Mr.Moon\AppData\Local\{AB9A71B7-5220-47BF-88CB-9C023A673E5D}

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mr.Moon
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 08 kvě 2017 15:26

Re: Popup vir

#9 Příspěvek od Mr.Moon »

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-02-2023 01
Ran by Mr.Moon (16-02-2023 15:57:34) Run:1
Running from C:\Users\Mr.Moon\Desktop
Loaded Profiles: Mr.Moon
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [708840 2022-04-26] (Oracle America, Inc. -> Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\Policies\Explorer: []
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {1be875f9-60b9-11ec-bc90-c8d3ffceea71} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {291e4d01-8079-11ec-bc97-c8d3ffceea71} - "H:\Lenovo_Suite.exe"
HKU\S-1-5-21-2855870008-473113554-853457262-1002\...\MountPoints2: {7333d0d9-89ac-11eb-bc6d-c8d3ffceea71} - "H:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\novaPDF Port Monitor: C:\windows\system32\novamn8.dll [18944 2017-08-16] (Softland) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {4D1CA2BD-B029-44CE-8A37-BCFC0AE5535D} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe (No File)
Task: {5D659CCA-F194-41CA-892D-E362190BD10F} - System32\Tasks\{523C9502-07C9-4D95-BD39-FBF3CA50DE96} => C:\WINDOWS\system32\pcalua.exe -a "H:\games\Warcraft III 1.24.4\Frozen Throne.exe" -d "H:\games\Warcraft III 1.24.4"
Task: {655F6F98-F59C-4D86-B1BF-6C95AF61E88E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc -> Google Inc.)
Task: {658CC622-28D8-47E7-9750-FAF32B9B303E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (No File)
Task: {D41E5BC5-0000-4967-A341-323C5CBE770D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-01-10] (Google Inc -> Google Inc.)
Task: {F582EAD5-8902-4AD0-926B-1867A0DEDD26} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\Users\Mr.Moon\AppData\Local\{AB9A71B7-5220-47BF-88CB-9C023A673E5D}

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-2855870008-473113554-853457262-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
HKU\S-1-5-21-2855870008-473113554-853457262-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1be875f9-60b9-11ec-bc90-c8d3ffceea71} => removed successfully
HKU\S-1-5-21-2855870008-473113554-853457262-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{291e4d01-8079-11ec-bc97-c8d3ffceea71} => removed successfully
HKU\S-1-5-21-2855870008-473113554-853457262-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7333d0d9-89ac-11eb-bc6d-c8d3ffceea71} => removed successfully
HKLM\System\CurrentControlSet\Control\Print\Monitors\novaPDF Port Monitor => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D1CA2BD-B029-44CE-8A37-BCFC0AE5535D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D1CA2BD-B029-44CE-8A37-BCFC0AE5535D}" => removed successfully
C:\WINDOWS\System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP\HP Hotkey Support\Start QLBController Process" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D659CCA-F194-41CA-892D-E362190BD10F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D659CCA-F194-41CA-892D-E362190BD10F}" => removed successfully
C:\WINDOWS\System32\Tasks\{523C9502-07C9-4D95-BD39-FBF3CA50DE96} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{523C9502-07C9-4D95-BD39-FBF3CA50DE96}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{655F6F98-F59C-4D86-B1BF-6C95AF61E88E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{655F6F98-F59C-4D86-B1BF-6C95AF61E88E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{658CC622-28D8-47E7-9750-FAF32B9B303E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{658CC622-28D8-47E7-9750-FAF32B9B303E}" => removed successfully
C:\WINDOWS\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D41E5BC5-0000-4967-A341-323C5CBE770D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D41E5BC5-0000-4967-A341-323C5CBE770D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F582EAD5-8902-4AD0-926B-1867A0DEDD26}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F582EAD5-8902-4AD0-926B-1867A0DEDD26}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\Users\Mr.Moon\AppData\Local\{AB9A71B7-5220-47BF-88CB-9C023A673E5D} => moved successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 57091335 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 47898658 B
Windows/system/drivers => 9632690 B
Edge => 72781 B
Chrome => 2052096 B
Firefox => 0 B
Opera => 250178725 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 29436 B
NetworkService => 29436 B
Mr.Moon => 1079627899 B

RecycleBin => 102441 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:58:14 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Popup vir

#10 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Mr.Moon
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 08 kvě 2017 15:26

Re: Popup vir

#11 Příspěvek od Mr.Moon »

Vše se zdá v pořádku, děkuji za to o děláte :thumbsup:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118195
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Popup vir

#12 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno