VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

https://forum.viry.cz:443/viewtopic.php?t=159030

Stránka 1 z 2

Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 18 úno 2023 20:07
od Antusek
Dobrý večer,
stala se mi taková nepříjemnost. Navštívil jsem stránky jednoho sokolského oddílu a měli je infikované. Již jsem je informoval. Teď mi tam vyskakuje, že PC byl zavirován 5-7 viry a trojskými koni a že moje data byla zašifrována. A jeden znich je trojan Aurora.Hydra ve složce Win32 a pořád mi tam vyskakuje nějaký Norton antivirus o kterým nevím, že jej tam mám. Používám Aviru. Nechci zatím PC vypnou neb nevím, co by se stalo.
Posílám log.
Díky za pomoc.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2023
Ran by Admin (administrator) on DESKTOP-1U0LM3C (18-02-2023 19:49:28)
Running from D:\Aviry
Loaded Profiles: Admin
Platform: Microsoft Windows 10 Home Version 22H2 19045.2604 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(D:\Aviry\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) D:\Aviry\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Adobe Systems Inc.) [File not signed] D:\Programy\Adobe\Adobe Acrobat Distiller 5.0\Distillr\AcroTray.exe
(explorer.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(explorer.exe ->) (Corel Corporation -> WinZip Computing) D:\Archivace\WinZip\WzPreloader.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Office14\ONENOTEM.EXE
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) D:\Aviry\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) D:\Aviry\CCleaner\CCleaner64.exe
(RealNetworks, Inc. -> ) D:\Prográmky\RealPlayer\downloader2.exe
(services.exe ->) (ABBYY Production LLC -> ABBYY Production LLC) C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) D:\Fotoeditory\Adobe Photoshop Elements 11\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ) C:\Windows\System32\AsusUpdateCheck.exe
(services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (geek software GmbH -> geek software GmbH) D:\Prográmky\PDF24\pdf24.exe <2>
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
(services.exe ->) (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) D:\Aviry\CheckPoint\ZoneAlarm\vsmon.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) D:\Aviry\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 7\updater-ws.exe
(services.exe ->) (pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 7\ws.exe
(services.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) D:\Prográmky\UpdateService\RealPlayerUpdateSvc.exe
(services.exe ->) (Softland SRL -> Microsoft) C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(svchost.exe ->) (Hewlett Packard -> Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) D:\Prográmky\RealPlayer\Update\realsched.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3503584 2023-01-19] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [PDF24] => D:\Prográmky\PDF24\pdf24.exe [619192 2023-01-02] (geek software GmbH -> geek software GmbH)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ZoneAlarm] => D:\Aviry\CheckPoint\ZoneAlarm\zatray.exe [325856 2020-01-23] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [334264 2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\Run: [CCleaner Smart Cleaning] => D:\Aviry\CCleaner\CCleaner64.exe [38966072 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\Run: [] => [X]
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\RunOnce: [Uninstall 23.020.0125.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\23.020.0125.0003" (No File)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [239704 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\novaPDF 10 Port Monitor: C:\WINDOWS\system32\novamn10.dll [18944 2020-10-19] (Softland) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [55392 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PDF Architect 7 Monitor: C:\Windows\system32\spool\DRIVERS\x64\pdf architect_pdfpmon_v.4.12.26.3.dll [932984 2019-11-26] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\...\Print\Monitors\PDF-XChange5-ABBYY: C:\Windows\system32\pxc50pma.dll [58936 2014-11-13] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
HKLM\...\Print\Monitors\PDF-XChange5-ABBYY-FR15: C:\WINDOWS\system32\pxc50pmaf15.dll [57328 2018-12-04] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\110.0.5481.97\Installer\chrmstp.exe [2023-02-14] (Google LLC -> Google LLC)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Avira.lnk [2020-02-02]
ShortcutTarget: Avira.lnk -> C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2022-05-13]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files (x86)\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2020-01-31]
ShortcutTarget: Acrobat Assistant.lnk -> D:\Programy\Adobe\Adobe Acrobat Distiller 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-11-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2020-08-11]
ShortcutTarget: WinZip Preloader.lnk -> D:\Archivace\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0021521B-F19D-4641-921A-4D3FFAA1499C} - System32\Tasks\Avira_FallbackUpdater => C:\WINDOWS\system32\sc.exe start AviraFallbackUpdater Delayed=false
Task: {0382BFFA-D36E-47DD-A99E-F6D2C7C510A3} - System32\Tasks\Opera scheduled Autoupdate 1574800406 => C:\Program Files (x86)\Opera\launcher.exe [1977800 2023-02-08] (Opera Norway AS -> Opera Software)
Task: {043BA1DA-4398-4B02-8D31-D02F8B0973A8} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {05C648EC-C404-46A5-85FC-F9E9B7720D2E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {0C3F0ED1-2C1F-42EA-AECE-130E4BEA6A04} - System32\Tasks\doPDF 10 Telemetry => C:\Program Files\Softland\novaPDF 10\Driver\GoogleAnalytics.exe [51504 2020-10-19] (Softland SRL -> )
Task: {17547B1C-0FF7-4276-9950-7093AF26FEEC} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [674720 2023-02-16] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1C29A92E-D239-4352-A853-33E364E80D1E} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [334264 2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {28D42CB5-D124-4DE5-AB47-BD599C97C52B} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files (x86)\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DA4E14C-06DD-498D-8217-4755502737E1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-722231672-965411127-3486821242-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [128240 2016-02-03] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {2DA8EF45-C109-420E-93A4-971FEC877E27} - System32\Tasks\Avira\System Speedup\Delayed Startup\Admin\2 => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [4243408 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {30515FA6-F9ED-44C5-8EFA-8506DAE5A0F2} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-1U0LM3C-Admin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {378F7421-F8D8-44FB-8CE1-48B44639438B} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\4 => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [4124416 2022-05-17] (Opera Software AS -> Opera Software)
Task: {5A590DC1-4FD3-4C73-9D95-05C48F571510} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [259872 2023-01-26] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {66D4258B-FB2D-4822-827C-F667D673E544} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1695784 2023-01-26] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {73D6DECF-82F9-4D6A-9866-C7FD33DD1FD9} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {75EC3453-3A6D-4E59-8B4E-7561114DA633} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\5 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8DBC5B42-9DED-4C29-9E5D-040CE4E38D32} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => d:\prográmky\realplayer\Update\realsched.exe [347560 2021-12-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {8FF6D8D3-1266-4D7C-B1D0-D37DFFB2BCC7} - System32\Tasks\GoogleUpdateTaskMachineUA{32984F0D-7489-4194-9DDB-4946D2A65C44} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-11-26] (Google Inc -> Google Inc.)
Task: {9454FBBB-5CB0-48D2-AEBD-8254EB82CB1E} - System32\Tasks\GoogleUpdateTaskMachineCore{08E5070A-C385-4792-BF92-1F74F680059A} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-11-26] (Google Inc -> Google Inc.)
Task: {ABAB166C-020B-4747-9D9C-686F045835A4} - System32\Tasks\CCleaner Update => D:\Aviry\CCleaner\CCUpdate.exe [684976 2023-02-08] (Piriform Software Ltd -> Piriform)
Task: {B5397A57-7DF5-4425-8B44-C8938C5CC7EB} - System32\Tasks\CCleanerCrashReporting => D:\Aviry\CCleaner\CCleanerBugReport.exe [4703544 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "D:\Aviry\CCleaner\LOG" --programpath "D:\Aviry\CCleaner" --configpath "D:\Aviry\CCleaner\Setup" --guid "d4a0d706-3321-4b6e-9f14-d2d3bcba89e7" --version "6.09.10300" --silent
Task: {BA8F2F08-EF69-4280-8292-CC8649E65689} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\7 => D:\Prográmky\PDF24\pdf24.exe [619192 2023-01-02] (geek software GmbH -> geek software GmbH)
Task: {BB9C4A9E-8903-42A2-9BCF-77E08E69BE01} - System32\Tasks\klcp_update => D:\Prográmky\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-04-12] () [File not signed]
Task: {C058F360-D1E7-4B0B-817D-F6E7783E7B0F} - System32\Tasks\RealDownloader Update Check => d:\prográmky\realplayer\downloader2.exe [1167784 2021-12-26] (RealNetworks, Inc. -> )
Task: {C2D10D6C-2A67-4D2F-9AFC-3225FCE0153A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-722231672-965411127-3486821242-1001 => D:\prográmky\realplayer\RealUpgrade.exe [129960 2021-12-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {CC6528AE-229D-4529-9560-325BC1F601A7} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\6 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3503584 2023-01-19] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D23FE6F4-EA71-4639-ACE6-D0922061CC75} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3503584 2023-01-19] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D2C135A4-E491-469B-9EE5-8BBB500E2731} - System32\Tasks\CCleanerSkipUAC - Admin => D:\Aviry\CCleaner\CCleaner.exe [32631096 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {DD4DDD5E-C15D-41A6-BFE2-8EBFC70439DC} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-722231672-965411127-3486821242-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [128240 2016-02-03] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {DF0BA4DD-EBE6-4791-9C12-E16E675E04FC} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-26] (Adobe Inc. -> Adobe Inc.)
Task: {E948ECFF-5A89-46DA-AE8D-EFA7EF4E35F1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {EB2B61BF-C3A2-4F58-B725-387972CD7149} - System32\Tasks\doPDF 10 Update => C:\Program Files\Softland\novaPDF 10\Driver\UpdateApplication.exe [98096 2020-10-19] (Softland SRL -> )
Task: {F36A9778-2F93-41AA-88ED-CAFD9AB49CEE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-722231672-965411127-3486821242-1001 => D:\prográmky\realplayer\RealUpgrade.exe [129960 2021-12-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {FA6E3AFA-187C-4E34-AB13-74B7AD8D2E91} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [35437192 2023-02-09] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {FDEF45B1-CBD9-4E0C-B0B8-5B88C3E1DABF} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {FDEF45B1-CBD9-4E0C-B0B8-5B88C3E1DABF} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {FDEF45B1-CBD9-4E0C-B0B8-5B88C3E1DABF} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => D:\Aviry\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-722231672-965411127-3486821242-1001] => http=;ftp=;https=;
Tcpip\Parameters: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{2344692f-c41b-4ac7-9c50-43b9fc907f50}: [DhcpNameServer] 31.30.90.11 31.30.90.12

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 2i1040qs.default-1582311638745
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u4mgi7h5.default-release [2023-02-18]
FF Homepage: Mozilla\Firefox\Profiles\u4mgi7h5.default-release -> about:home
FF NewTab: Mozilla\Firefox\Profiles\u4mgi7h5.default-release -> about:newtab
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2i1040qs.default-1582311638745 [2023-02-18]
FF NewTab: Mozilla\Firefox\Profiles\2i1040qs.default-1582311638745 -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\2i1040qs.default-1582311638745 -> hxxps://www.slevomat.cz
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> D:\Prográmky\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> D:\Prográmky\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> D:\Prográmky\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> D:\Prográmky\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> D:\Prográmky\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> D:\Prográmky\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> D:\Prográmky\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-02-14] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-26] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=20.0.7.309 -> d:\prográmky\realplayer\Netscape6\nppl3260.dll [2021-12-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=20.0.7.309 -> d:\prográmky\realplayer\Netscape6\nprpplugin.dll [2021-12-26] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-26] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Profile 6
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-11-29]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 6 [2023-02-18]
CHR Notifications: Profile 6 -> hxxps://captchacoolnow.top
CHR Extension: (uBlock Origin) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-12-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-14]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-02-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-02]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2023-02-18]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
OPR Profile: C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable [2023-02-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-10-31]
OPR Extension: (Opera Wallet) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-02-18]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-15]
OPR Extension: (uBlock Origin) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2023-02-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.15.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe [1058032 2019-07-29] (ABBYY Production LLC -> ABBYY Production LLC)
S2 ABBYY.Licensing.PDFTransformer.Classic.4.0; D:\Programy\ABBYY PDF Transformer+\NetworkLicenseServer.exe [962256 2014-12-02] (ABBYY Production LLC -> ABBYY Production LLC)
R2 AdobeActiveFileMonitor10.0; D:\Fotoeditory\Adobe Photoshop Elements 11\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-26] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3896288 2023-01-19] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3729888 2023-01-19] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [768408 2023-02-18] (ASUSTeK Computer Inc. -> )
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6520504 2023-02-13] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3004688 2022-07-22] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [386864 2022-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [267096 2023-01-26] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [295920 2023-01-26] (Avira Operations GmbH -> Avira Operations GmbH)
S3 CCleanerPerformanceOptimizerService; D:\Aviry\CCleaner\CCleanerPerformanceOptimizerService.exe [1001272 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8937712 2023-02-17] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8937712 2023-02-17] (Avira Operations GmbH -> Avira Operations GmbH)
R2 MBAMService; D:\Aviry\Malwarebytes\Anti-Malware\MBAMService.exe [8966256 2023-02-02] (Malwarebytes Inc. -> Malwarebytes)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NovaPdf10Server; C:\Program Files\Softland\novaPDF 10\Server\novapdfs.exe [52528 2020-10-19] (Softland SRL -> Microsoft)
R3 PDF Architect 7; C:\Program Files\PDF Architect 7\ws.exe [2579752 2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 7 Creator; C:\Program Files\PDF Architect 7\creator\common\creator-ws.exe [692008 2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 7 Update Service; C:\Program Files\PDF Architect 7\updater-ws.exe [1832232 2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF24; D:\Prográmky\PDF24\pdf24.exe [619192 2023-01-02] (geek software GmbH -> geek software GmbH)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealPlayerUpdateSvc; D:\prográmky\UpdateService\RealPlayerUpdateSvc.exe [38856 2021-12-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
S2 RealTimes Desktop Service; d:\prográmky\realplayer\RPDS\Bin\rpdsvc.exe [991176 2021-12-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 vsmon; D:\Aviry\CheckPoint\ZoneAlarm\vsmon.exe [4528344 2020-01-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-13] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; D:\Aviry\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2020-01-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [185704 2022-06-13] (NortonLifeLock Inc. -> BullGuard Ltd.)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [263000 2023-01-31] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [100128 2022-06-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2019-11-11] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28128 2023-02-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
R2 rtp_filesystem_filter; C:\WINDOWS\System32\DRIVERS\rtp_filesystem_filter.sys [227616 2023-02-15] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_process_monitor; C:\WINDOWS\system32\DRIVERS\rtp_process_monitor.sys [238144 2023-02-15] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\WINDOWS\system32\DRIVERS\rtp_traverse.sys [64696 2023-02-15] (Avira Operations GmbH -> Avira Operations GmbH)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2019-07-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2023-02-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [473336 2023-02-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-18] (Microsoft Windows -> Microsoft Corporation)
U3 iswSvc; no ImagePath
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-18 00:57 - 2023-02-18 01:00 - 003088040 _____ C:\WINDOWS\system32\rtp.db
2023-02-17 16:03 - 2023-02-18 00:58 - 000021384 _____ C:\WINDOWS\system32\.tmp
2023-02-16 16:54 - 2023-02-16 16:54 - 000000000 ___HD C:\$WinREAgent
2023-02-16 16:35 - 2023-02-18 00:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2023-02-09 22:39 - 2023-02-09 22:39 - 000003792 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupVerify
2023-02-05 19:22 - 2023-02-05 19:22 - 006001320 ____T C:\Users\Admin\Downloads\Excelentní Jaroslav Foldyna - poslanec za SPD_.mp4
2023-02-02 20:39 - 2023-02-02 20:39 - 000003888 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Maintenance
2023-02-02 20:39 - 2023-02-02 20:39 - 000003428 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2023-02-02 20:39 - 2023-02-02 20:39 - 000002818 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Systray
2023-01-30 20:58 - 2023-01-30 21:07 - 000014146 _____ C:\Users\Admin\Documents\Mezinárodní utkání v pozemním hokeji v nové kbelské hale Sokol Kbely - HC Khalifa 20.1.2023.wlmp
2023-01-26 23:19 - 2022-03-01 03:19 - 000000773 _____ C:\Users\Admin\Downloads\HostDNSimport.bat
2023-01-26 23:16 - 2023-01-26 23:16 - 000000096 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2023-01-25 20:01 - 2023-01-25 20:01 - 000087532 _____ C:\Users\Admin\Downloads\Potvrzeni_platby - Ivo Antušek.pdf
2023-01-22 14:51 - 2023-01-22 14:51 - 000010136 _____ C:\Users\Admin\Documents\Cimbálová muzika Trnka na plese Sokola Praha vršovice 21.1.2023.wlmp
2023-01-22 12:17 - 2023-01-22 13:55 - 000056862 _____ C:\Users\Admin\Documents\Ples Sokola Praha vršovice v kině Vzlet 21.1.2023wlmp.wlmp

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-02-18 19:49 - 2020-02-14 18:00 - 000000000 ____D C:\FRST
2023-02-18 19:47 - 2021-12-27 21:19 - 000000000 ____D C:\Users\Admin\.cache
2023-02-18 19:38 - 2021-12-26 18:07 - 000003556 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-722231672-965411127-3486821242-1001
2023-02-18 19:38 - 2021-12-26 18:07 - 000003492 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-722231672-965411127-3486821242-1001
2023-02-18 19:29 - 2020-04-28 21:25 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-02-18 19:26 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-18 19:26 - 2019-11-26 21:30 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-18 15:09 - 2020-02-05 19:20 - 000000000 ____D C:\Users\Admin\AppData\Roaming\vlc
2023-02-18 12:57 - 2019-11-27 01:56 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2023-02-18 12:22 - 2020-11-05 23:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-18 12:15 - 2020-06-14 18:30 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-18 12:15 - 2020-06-14 18:30 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-18 12:15 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-18 12:15 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-18 11:36 - 2020-11-05 23:18 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-18 11:36 - 2019-12-07 15:41 - 000716764 _____ C:\WINDOWS\system32\perfh005.dat
2023-02-18 11:36 - 2019-12-07 15:41 - 000144942 _____ C:\WINDOWS\system32\perfc005.dat
2023-02-18 11:36 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-02-18 11:34 - 2019-11-26 22:04 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2023-02-18 11:33 - 2021-12-10 23:41 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-722231672-965411127-3486821242-1001
2023-02-18 11:33 - 2020-11-05 23:16 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-722231672-965411127-3486821242-1001
2023-02-18 11:33 - 2020-11-05 23:10 - 000002377 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-18 11:32 - 2022-07-10 00:00 - 000000000 ____D C:\Users\Public\Speedup Sessions
2023-02-18 11:32 - 2020-11-05 23:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-18 11:32 - 2020-11-05 23:09 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-18 11:32 - 2019-11-20 19:04 - 000807280 _____ C:\WINDOWS\system32\wpbbin.exe
2023-02-18 11:32 - 2019-11-20 19:04 - 000768408 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2023-02-18 11:32 - 2019-11-20 12:12 - 000000000 ____D C:\ProgramData\NVIDIA
2023-02-18 01:00 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-02-18 01:00 - 2019-11-20 19:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-18 00:58 - 2022-09-21 18:29 - 000000696 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-02-18 00:58 - 2020-11-05 23:09 - 000783640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-02-18 00:58 - 2019-11-26 21:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-18 00:58 - 2019-11-26 21:33 - 000000000 ____D C:\Program Files (x86)\Opera
2023-02-18 00:57 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-18 00:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-02-18 00:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-18 00:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-18 00:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-18 00:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-02-18 00:57 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-18 00:56 - 2019-11-27 01:03 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2023-02-18 00:42 - 2022-02-08 17:57 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-16 18:57 - 2021-10-10 20:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-16 18:57 - 2019-11-26 21:34 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-16 17:01 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-16 16:59 - 2020-11-05 23:11 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-02-16 16:48 - 2022-10-15 15:48 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-02-16 16:48 - 2022-10-15 15:48 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-02-16 16:48 - 2020-11-05 23:16 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-02-15 23:57 - 2022-09-21 18:29 - 000003408 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-02-15 23:57 - 2020-11-05 23:16 - 000003920 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-02-15 22:47 - 2019-11-26 20:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-02-15 22:44 - 2019-11-26 20:09 - 149955784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-02-15 18:30 - 2022-07-12 18:05 - 000238144 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_process_monitor.sys
2023-02-15 18:30 - 2022-07-12 18:05 - 000227616 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_filesystem_filter.sys
2023-02-15 18:30 - 2022-07-12 18:05 - 000064696 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_traverse.sys
2023-02-15 18:30 - 2022-07-12 18:05 - 000028128 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_elam.sys
2023-02-14 23:07 - 2020-02-05 19:19 - 000000789 _____ C:\Users\Public\Desktop\VLC media player.lnk
2023-02-14 00:09 - 2019-11-26 21:30 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-14 00:09 - 2019-11-26 21:30 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-02-13 19:55 - 2022-12-14 23:12 - 000003706 _____ C:\WINDOWS\system32\Tasks\Avira_FallbackUpdater
2023-02-11 23:03 - 2019-11-26 21:47 - 000000000 ____D C:\Users\Admin\AppData\Local\Adobe
2023-02-10 21:46 - 2021-12-19 01:46 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-10 19:25 - 2020-11-05 23:16 - 000003970 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1574800406
2023-02-10 19:25 - 2019-11-26 21:33 - 000001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2023-02-07 17:09 - 2020-11-05 23:16 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-07 17:09 - 2020-11-05 23:16 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-06 19:39 - 2020-11-05 23:16 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2023-02-03 16:25 - 2019-11-20 12:16 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2023-02-03 14:58 - 2019-12-07 15:42 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-02-02 20:39 - 2022-07-10 00:00 - 000003478 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2023-02-02 20:39 - 2022-07-09 22:05 - 000001078 _____ C:\Users\Public\Desktop\Avira.lnk
2023-02-02 20:39 - 2019-11-26 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2023-02-01 20:45 - 2022-07-10 00:02 - 000000000 ____D C:\Users\Public\Security Sessions
2023-01-31 19:38 - 2022-07-12 18:05 - 000263000 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\BdSentry.sys
2023-01-26 17:38 - 2020-10-05 18:54 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2022-09-04 14:00 - 2022-09-04 14:00 - 000000000 _____ () C:\Users\Admin\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 18 úno 2023 20:09
od Antusek
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2023
Ran by Admin (18-02-2023 19:51:02)
Running from D:\Aviry
Microsoft Windows 10 Home Version 22H2 19045.2604 (X64) (2020-11-05 22:16:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Admin (S-1-5-21-722231672-965411127-3486821242-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-722231672-965411127-3486821242-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-722231672-965411127-3486821242-503 - Limited - Disabled)
Guest (S-1-5-21-722231672-965411127-3486821242-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-722231672-965411127-3486821242-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Security (Enabled - Up to date) {76C0BF9F-9FD3-D249-DE2F-7A33A59B9258}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {217C3BCF-3FBD-7C30-A427-2D11E16F3BEB}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {8D637332-9C08-995E-98D7-8237936B0E9F}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 19.01 alpha (x64) (HKLM\...\7-Zip) (Version: 19.01 alpha - Igor Pavlov)
A Sharper Scaling version 1.2 (HKLM-x32\...\{7CFADE53-9599-48C5-9FE3-689E56C1D96B}_is1) (Version: 1.2 - )
ABBYY FineReader 15 (HKLM\...\{F15000FE-0001-6400-0000-074957833700}) (Version: 15.0.1496 - ABBYY Production LLC)
ABBYY PDF Transformer+ (HKLM\...\{FA400000-0001-6400-0000-074957833700}) (Version: 4.2.186 - ABBYY Production LLC)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 22.003.20322 - Adobe)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.515 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.2.0.18 - Adobe Inc.)
Adobe PageMaker 7.0 (HKLM-x32\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avira (HKLM-x32\...\{0A659D39-DDCC-4793-BEA2-8D205284272B}) (Version: 1.2.162.7474 - Avira Operations GmbH & Co. KG) Hidden
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version: - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.41.1.25731 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.83.5 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.24.0.14 - Avira Operations GmbH) Hidden
BAHN 3.81r1 (HKLM-x32\...\BAHN381r1_is1) (Version: 3.81 - JBSS Chemnitz/Dresden)
calibre 64bit (HKLM\...\{6DB760DC-BEC5-4727-AA50-722D2881725E}) (Version: 5.9.0 - Kovid Goyal)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.09 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF (HKLM\...\{3A2B5138-BDC2-4905-8683-0F416835A4FD}) (Version: 10.9.132 - Softland) Hidden
doPDF 10 add-in for Microsoft Office (x64) (HKLM\...\{064F8223-4848-4562-B77E-997C3E74E749}) (Version: 10.6.122 - Softland)
doPDF 10 add-in for Microsoft Office (x86) (HKLM-x32\...\{705BC7F6-DE19-4764-A8C2-0162DC824AB9}) (Version: 10.6.122 - Softland)
doPDF 10 Printer Driver (HKLM\...\{786E2F7E-E97D-46B7-A9B1-FDEF161F9FE0}) (Version: 10.9.132 - Softland)
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2206.3019 - Avira Operations GmbH & Co. KG) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (HKLM-x32\...\{F37D360D-9308-4BB1-8515-DC6B637B9486}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.97 - Google LLC)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{8C925017-72A8-4C4A-AF21-84901E26638F}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
K-Lite Mega Codec Pack 16.4.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.4.5 - KLCP)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
LibreOffice 6.3.3.2 (HKLM\...\{4DACF7A7-C851-4943-A63D-3CAE495C48E0}) (Version: 6.3.3.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes version 4.5.21.231 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.21.231 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.49 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.49 - Microsoft Corporation)
Microsoft Office Access MUI (Czech) 2010 (HKLM-x32\...\{90140000-0015-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Czech) 2010 (HKLM-x32\...\{90140000-0016-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Czech) 2010 (HKLM-x32\...\{90140000-00BA-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (HKLM-x32\...\{90140000-00BA-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2010 (HKLM-x32\...\{90140000-0044-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (HKLM-x32\...\{90140000-0044-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - Czech/èeština (HKLM-x32\...\Office14.OMUI.cs-cz) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office O MUI (Czech) 2010 (HKLM-x32\...\{90140000-0100-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2010 (HKLM-x32\...\{90140000-00A1-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Czech) 2010 (HKLM-x32\...\{90140000-001A-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2010 (HKLM-x32\...\{90140000-0018-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Proof (Czech) 2010 (HKLM-x32\...\{90140000-001F-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2010 (HKLM-x32\...\{90140000-001F-041B-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2010 (HKLM-x32\...\{90140000-002C-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2010 (HKLM-x32\...\{90140000-0019-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2010 (HKLM\...\{90140000-002A-0405-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2010 (HKLM-x32\...\{90140000-006E-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (Czech) 2010 (HKLM-x32\...\{90140000-0017-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2010 (HKLM-x32\...\{90140000-001B-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}) (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (Czech) 2010 (HKLM-x32\...\{90140000-0101-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\OneDriveSetup.exe) (Version: 23.023.0129.0002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.15.26706 (HKLM\...\{F106B700-BFF8-3065-B305-14D36AD40539}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.15.26706 (HKLM\...\{C77195A4-CEB8-38EE-BDD6-C46CB459EF6E}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (HKLM-x32\...\{2757496A-3E74-320A-B007-36120A9F126D}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (HKLM-x32\...\{39E15475-23F2-345D-8977-B5DC47A94E26}) (Version: 14.15.26706 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3D2CF65C-B544-4308-B996-700D3E5F6C4C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 110.0 (x64 cs)) (Version: 110.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Ovladač HD audia 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Opera Stable 95.0.4635.37 (HKLM-x32\...\Opera 95.0.4635.37) (Version: 95.0.4635.37 - Opera Software)
PDF Architect 7 (HKLM-x32\...\PDF Architect 7) (Version: 7.1.13.1755 - pdfforge GmbH)
PDF Architect 7 Create Module (HKLM\...\{B600CC13-8F68-4D44-8867-93490894FAE5}) (Version: 7.1.14.4969 - pdfforge GmbH) Hidden
PDF Architect 7 Edit Module (HKLM\...\{BA2C2671-B379-4101-A21C-4C549671FC8D}) (Version: 7.1.14.4969 - pdfforge GmbH) Hidden
PDF Architect 7 View Module (HKLM\...\{E947A304-6110-4CFE-98AD-E6909072E87D}) (Version: 7.1.14.4969 - pdfforge GmbH) Hidden
PDF24 Creator 11.9.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.9.1 - PDF24.org)
Photo Common (HKLM-x32\...\{15BFD731-A10E-43E9-9D18-0F682BC0480F}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (HKLM-x32\...\{07AAB66E-4718-422D-9218-4AFB3C922A71}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Rajče verze 2.5.9 sestavení 290 (HKLM-x32\...\Rajče.net_is1) (Version: - rajče.net)
RealDownloader (HKLM-x32\...\{48D18738-099C-4FAA-AFD9-80B592A25478}) (Version: 18.1.3.103 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 20.0) (Version: 20.0.7 - RealNetworks)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{2554816C-7768-46D5-A527-DAE1EED850CC}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{A71E3AD4-5545-4D59-9F11-75F363563C6A}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-041B-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{0C337AF5-E6A7-4B6B-8F8E-08F9C6F956B4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0405-1000-0000000FF1CE}_Office14.OMUI.cs-cz_{7F5CE17A-23B9-4EED-B017-A7EF4547476C}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{EA82267F-4AAB-46BA-AD6A-9EBB544D0EF7}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0044-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{2C911571-C8B6-400B-B323-417C1806E866}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00BA-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{DAB3EE22-FB0E-401F-9418-E9F0B08AEB39}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{1FCBAAF2-0321-4986-8DAE-5F2891EC6E8E}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0101-0405-0000-0000000FF1CE}_Office14.OMUI.cs-cz_{3AC03A87-33F2-41DC-8BA3-EA4B3EC5E4AA}) (Version: - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype verze 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version: - VSO-Software SARL)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66B5819D-DE70-42BE-B40F-978FBA12452E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{9A470EA9-FF86-4C0E-992C-572BF2B9D6FF}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{6522F5F9-411B-4513-A75B-CEA00395F032}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{E100E2B5-F2EF-4955-AB7A-C3F2125A3BCD}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinZip (HKLM-x32\...\WinZip) (Version: 10.0 (6667) - WinZip Computing LP)
WinZip 24.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24127}) (Version: 24.0.14033 - Corel Corporation)
XMedia Recode 64bit verze 3.5.3.7 (HKLM\...\{D31E6E69-4C6A-42CC-926F-CC7B186864EB}_is1) (Version: 3.5.3.7 - XMedia Recode 64bit)
ZoneAlarm Firewall (HKLM-x32\...\{2F77A309-CAB9-4C8A-8ED0-8C8DA3FF0744}) (Version: 15.8.038.18284 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.8.038.18284 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{DA17D180-7193-4070-B085-9827DB80C2F8}) (Version: 15.8.038.18284 - Check Point Software Technologies Ltd.) Hidden
Zoner Photo Studio 8 (HKLM-x32\...\Zoner Photo Studio 8_is1) (Version: - ZONER software)

Packages:
=========
ASUS Grid (Beta) -> C:\Program Files\WindowsApps\B9ECED6F.133F79A42C6_1.0.14.0_x64__qmba6cd70vzyy [2020-07-12] (ASUSTeK COMPUTER INC.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.30.50.0_x64__kgqvnymyfvs32 [2023-02-13] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.96.1.0_x64__kgqvnymyfvs32 [2023-02-03] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-07-12] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-07-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-07-12] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.3.2020.0_x64__8wekyb3d8bbwe [2023-02-15] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.89.6271.0_x64__8wekyb3d8bbwe [2023-02-07] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-15] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-09] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0 [2023-02-15] (Spotify AB) [Startup Task]
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-03] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x86__8wekyb3d8bbwe [2023-02-03] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-722231672-965411127-3486821242-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> D:\Archivace\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
CustomCLSID: HKU\S-1-5-21-722231672-965411127-3486821242-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Archivace\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [FineReader15ContextMenu] -> {53339754-4DD1-438B-8D24-0D0730F1A591} => C:\Program Files (x86)\ABBYY FineReader 15\x64\FRIntegration.x64.dll [2019-08-22] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [PDFArchitect7_ManagerExt] -> {21989F59-B260-4302-90C3-E51740E03639} => C:\Program Files\PDF Architect 7\context-menu.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers1-x32: [Transformer4ContextMenu] -> {558BA64F-C7A8-4B96-BCDD-B46E9D00756A} => D:\Programy\ABBYY PDF Transformer+\TRIntegration.dll [2015-01-28] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext32.dll -> No File
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Archivace\WinZip\wzshls64.dll [2020-02-24] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-01-26] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-01-26] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Aviry\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => d:\prográmky\realplayer\RPDS\Bin64\rpcontextmenu.dll [2021-12-26] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Archivace\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => D:\Aviry\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Archivace\WinZip\wzshls64.dll [2020-02-24] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-02-03] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Archivace\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [FineReader15ContextMenu] -> {53339754-4DD1-438B-8D24-0D0730F1A591} => C:\Program Files (x86)\ABBYY FineReader 15\x64\FRIntegration.x64.dll [2019-08-22] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\Aviry\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-21] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => D:\Aviry\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6-x32: [Transformer4ContextMenu] -> {558BA64F-C7A8-4B96-BCDD-B46E9D00756A} => D:\Programy\ABBYY PDF Transformer+\TRIntegration.dll [2015-01-28] (ABBYY Production LLC -> ABBYY Production LLC.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext32.dll -> No File
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => D:\Archivace\WinZip\wzshls64.dll [2020-02-24] (Corel Corporation -> WinZip Computing)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\WINDOWS\system32\huffyuv.dll [55296 2005-01-22] () [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.HFYU] => C:\Windows\SysWOW64\huffyuv.dll [39936 2004-05-18] (Disappearing Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\SysWOW64\lameACM.acm [473088 2015-02-25] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) =============

2009-11-17 22:58 - 2009-11-17 22:58 - 000342656 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2009-11-17 22:58 - 2009-11-17 22:58 - 000559232 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2012-05-27 16:44 - 2012-05-27 16:44 - 000032256 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2011-04-29 11:34 - 2011-04-29 11:34 - 000934400 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2011-04-29 11:34 - 2011-04-29 11:34 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2011-04-29 19:08 - 2011-04-29 19:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] [File is in use] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2010-08-06 11:15 - 2010-08-06 11:15 - 000054784 _____ (Hewlett-Packard) [File not signed] C:\WINDOWS\SYSTEM32\hpzipr12.dll
2020-01-20 21:16 - 2020-01-20 21:16 - 000986112 _____ (Microsoft Corporation) [File not signed] D:\Aviry\CheckPoint\ZoneAlarm\dbghelp.dll
2020-10-19 14:04 - 2020-10-19 14:04 - 000018944 _____ (Softland) [File not signed] C:\WINDOWS\System32\novamn10.dll
2018-12-10 10:29 - 2018-12-10 10:29 - 000438272 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\PDF Architect 7\libcurl.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: PDF Architect 7 Helper -> {2B035CAB-1F3D-4DE6-A32D-39B9E5F456D0} -> C:\Program Files\PDF Architect 7\creator\plugins\IEAddin\creator-ie-helper.dll [2019-10-07] (pdfforge GmbH -> pdfforge GmbH)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> d:\prográmky\realplayer\BrowserRecordPlugin\IE\rndlbrowserrecordplugin64.dll [2021-12-26] (RealNetworks, Inc. -> RealPlayer)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> d:\prográmky\realplayer\BrowserRecordPlugin\IE\rndlbrowserrecordplugin.dll [2021-12-26] (RealNetworks, Inc. -> RealPlayer)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2022-09-02 19:47 - 2022-09-02 19:47 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-722231672-965411127-3486821242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\Pictures\Saved Pictures\m104 - sombrero.bmp
DNS Servers: 31.30.90.11 - 31.30.90.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F1C3FD45-225F-4248-BB58-CC07D80EA9B9}] => (Allow) D:\Aviry\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{7FE0D65D-4851-4F77-BD27-FF9EE5C9BCAA}] => (Allow) D:\Aviry\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{98E55126-E08E-4283-BC9F-1CD4487C5376}] => (Allow) D:\Aviry\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{463A6C42-0E1B-4675-8A95-5E8E0F425848}] => (Allow) D:\Aviry\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{7059C7E5-30C1-4084-A8C6-CA7C0AB13286}] => (Allow) LPort=8501
FirewallRules: [{D9603B5C-325E-4237-BC4E-91DCA55B90A1}] => (Allow) LPort=8501
FirewallRules: [{D33BCFB3-EA54-4BD5-954B-45F544174DFE}] => (Allow) C:\Program Files (x86)\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{87F08FF4-AAB0-4911-9194-EB67A27D0ED3}] => (Allow) C:\Program Files (x86)\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{63FD2332-F2D6-45A0-8793-C7410883EF3D}] => (Allow) LPort=1900
FirewallRules: [{09D0FD54-F9E5-4E9B-B5EC-8C5985AB222F}] => (Allow) LPort=2869
FirewallRules: [{13FD4DA9-5757-49F9-987F-7641F63CD5D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D53AC4E9-924B-48B4-A6E6-95AF36DAFFDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3F60A5E6-326B-4D15-A51D-52B43BF1ABC4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CA0013FD-B126-4C46-BEE0-597F4DDB0B80}] => (Allow) C:\Program Files (x86)\Office14\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0BBCD6C0-2206-46C3-A2BD-0348B1897A4D}] => (Allow) C:\Program Files (x86)\Office14\GROOVE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6C8F3AE3-4336-4D9E-BA25-A3671EE747A8}] => (Allow) C:\Program Files (x86)\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B5E2AB7-51AF-4ED3-B069-4EB883C9A166}] => (Allow) C:\Program Files (x86)\Office14\ONENOTE.EXE (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{91181CAB-8ADE-439A-8631-8327892A308B}] => (Allow) C:\Program Files (x86)\Office14\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0CE445A5-21BB-467A-A270-7065480A7DB2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A0EB60E-5410-48B5-85F9-1C9B71271994}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E6EC08C9-BC65-4D7B-B033-5092276B64F8}] => (Allow) d:\prográmky\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{EEBDC094-AAA2-4871-AD93-AEBBD357AF94}] => (Allow) d:\prográmky\realplayer\RealPlay.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{3272F68C-21FE-4394-B410-D7EB78BD4C2B}] => (Allow) C:\Program Files (x86)\Opera\94.0.4606.76\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{6A6A0F7D-68BC-4CB0-ABD2-A6950CB2E06A}] => (Allow) C:\Program Files (x86)\Opera\95.0.4635.37\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{8D109BC4-67C6-4499-BC3F-0FCA99944FCE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DA422597-E1C5-41BD-883E-C694F634C172}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{819B3D51-202F-4609-BAE6-DBD1CDD1888C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FF89F9C3-543F-4139-A6E8-35B05E4E8984}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7504F7A2-B959-4629-8B1E-F36948F4BCA0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7DECB2E0-F7B7-4447-AF52-DB678B7C4019}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EF14561A-AEAB-4864-AD23-B90306A0FDF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5AEFBE63-C67F-4736-8D34-4D9444AF2AFD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1E37F0D9-73C4-4B1E-AE0E-B98E2A83D3ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EA00C40F-2428-4C07-91B2-6ADAD651C6A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{62961945-0876-4173-A024-64568F942EFA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{71D8912C-6EDD-4508-A3C5-CC474D33F3B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C448F385-B9FF-4962-B0B1-78BB84D4C2ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{02BE3951-A3AF-496E-A977-81AE752FDB4B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.49\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

30-01-2023 22:09:11 Naplánovaný kontrolní bod
10-02-2023 18:13:10 Naplánovaný kontrolní bod
16-02-2023 16:53:45 Instalační služba modulů systému Windows
16-02-2023 16:54:18 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/18/2023 11:32:20 AM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (02/18/2023 01:00:36 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (02/18/2023 12:58:31 AM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (02/18/2023 12:57:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (02/18/2023 12:57:47 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (02/18/2023 12:57:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (02/18/2023 12:57:47 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (02/18/2023 12:57:47 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (02/18/2023 11:34:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x8024200b): Aktualizace bezpečnostních informací pro produkt Microsoft Defender Antivirus - KB2267602 (verze 1.383.190.0).

Error: (02/18/2023 11:33:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba RealTimes Desktop Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/18/2023 11:33:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby ABBYY PDF Transformer+ - Licensing Service bylo dosaženo časového limitu (60000 ms).

Error: (02/18/2023 01:00:36 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba AsusUpdateCheck se po přijetí pokynu pro vypnutí neukončila správně.

Error: (02/18/2023 01:00:20 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Aktualizovat službu Orchestrator se po přijetí pokynu pro vypnutí neukončila správně.

Error: (02/18/2023 12:59:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba RealTimes Desktop Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (02/18/2023 12:59:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby ABBYY PDF Transformer+ - Licensing Service bylo dosaženo časového limitu (60000 ms).

Error: (02/18/2023 12:57:44 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba AsusUpdateCheck se po přijetí pokynu pro vypnutí neukončila správně.


Windows Defender:
================
Date: 2022-07-14 23:04:13
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BAE77276-BB3A-4574-B405-134E8F160955}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-07-14 17:44:24
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C3325DBB-7B3C-4069-9C6D-78A98858D543}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-07-14 17:34:55
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {C6D090B6-C9B4-487D-88B2-E1B13A13F0A0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-07-14 15:59:48
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {7D66AE97-14F9-4FD9-941B-87D4D1D0B7AD}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2022-07-12 21:38:39
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_C:\Windows\KMSEmulator.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-1U0LM3C\Admin
Název procesu: D:\Aviry\FRST64.exe
Verze bezpečnostních informací: AV: 1.371.60.0, AS: 1.371.60.0, NIS: 1.371.60.0
Verze modulu: AM: 1.1.19400.3, NIS: 1.1.19400.3
Event[0]:

Date: 2023-02-18 11:34:06
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.383.190.0
Předchozí verze bezpečnostních informací: 1.381.3040.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.20000.2
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80509004
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

Date: 2023-02-18 11:34:06
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.383.190.0
Předchozí verze bezpečnostních informací: 1.381.3040.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.20000.2
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80509004
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

Date: 2023-02-18 11:34:06
Description:
Program Antivirová ochrana v programu Microsoft Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu: 1.1.20000.2
Předchozí verze modulu: 1.1.19900.2
Uživatel: NT AUTHORITY\SYSTEM
Kód chyby: 0x80509004
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

Date: 2023-02-18 01:00:15
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.381.3040.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.19900.2
Kód chyby: 0x80240017
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2022-12-22 18:39:34
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.381.895.0
Předchozí verze bezpečnostních informací: 1.379.1277.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.19900.2
Předchozí verze modulu: 1.1.19800.4
Kód chyby: 0x80509004
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

CodeIntegrity:
===============
Date: 2023-02-18 19:32:17
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 2901 10/16/2019
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B450-F GAMING
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 63%
Total physical RAM: 8124.13 MB
Available physical RAM: 3000.41 MB
Total Virtual: 9404.13 MB
Available Virtual: 2751.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.84 GB) (Free:146 GB) (Model: ADATA SX8200PNP) NTFS
Drive d: (Místní disk) (Fixed) (Total:931.5 GB) (Free:309.61 GB) (Model: WDC WD10EZEX-60WN4A1) NTFS

\\?\Volume{d6458fe6-83f6-4935-9c1d-28a7f72e381b}\ () (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{b5a6f67e-0283-4ca7-8508-df1d94760cbf}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 39AE08EB)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 18 úno 2023 20:39
od Antusek
Teď tam na mě vyskočilo další okno s viry. viz.
Viry v PC 2.jpg
Viry v PC 2.jpg (46.97 KiB) Zobrazeno 1070 x
Obrázek.
Díky za rady. :)

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 18 úno 2023 20:59
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 18 úno 2023 21:14
od Antusek
Posílám log. Ale nebylo tam clean a repair a v textu je, že to nesmazáno. A když jsem jen program spustil podruhé stále 7 hrozeb. A teď norton an mě cyskočil že Neschopný se bránit trojanu Zeus C://Windows/Systém32 a 217 dalších složek a spusťe kontrolu systému. Ale tento antivirus nevím, že tam mám. Používám Aviru.
Díky za rady asi to je vážné.
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-18-2023
# Duration: 00:00:00
# OS: Windows 10 (Build 19045.2604)
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1560 octets] - [28/01/2022 18:42:57]
AdwCleaner[C00].txt - [1692 octets] - [28/01/2022 18:43:25]
AdwCleaner[S01].txt - [1569 octets] - [13/07/2022 18:46:04]
AdwCleaner[C01].txt - [1739 octets] - [13/07/2022 18:46:34]
AdwCleaner[S02].txt - [1691 octets] - [13/07/2022 18:50:07]
AdwCleaner[S03].txt - [1752 octets] - [13/07/2022 18:50:55]
AdwCleaner[C03].txt - [1922 octets] - [13/07/2022 18:51:28]
AdwCleaner[S04].txt - [1888 octets] - [18/02/2023 21:06:21]
AdwCleaner[C04].txt - [2058 octets] - [18/02/2023 21:07:02]
AdwCleaner[S05].txt - [1969 octets] - [18/02/2023 21:08:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C05].txt ##########

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 18 úno 2023 22:03
od Rudy
ADW neukázal nic. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext32.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext32.dll -> No File
C:\Windows\KMSEmulator.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\Run: [] => [X]
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\RunOnce: [Uninstall 23.020.0125.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\23.020.0125.0003" (No File)
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
U3 iswSvc; no ImagePath
C:\WINDOWS\system32\.tmp
C:\DumpStack.log.tmp

EmptyTemp:
End
Uložte do D:\Aviry jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 18 úno 2023 22:08
od Antusek
Udělám a teď vyskočilo okno, že MC Afee chce aktivní předplatné, abych byl chráněn. To také nemám. Nanic neklikám.

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 18 úno 2023 22:14
od Antusek
Posílám log. Díky za další rady.
Na ty hlášky nereaguji. Je to o.k.?
Fix result of Farbar Recovery Scan Tool (x64) Version: 16-02-2023
Ran by Admin (18-02-2023 22:11:07) Run:3
Running from D:\Aviry
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext.dll -> No File
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext32.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext.dll -> No File
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\ Archivace\WinRar 5.91\rarext32.dll -> No File
C:\Windows\KMSEmulator.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\Run: [] => [X]
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-722231672-965411127-3486821242-1001\...\RunOnce: [Uninstall 23.020.0125.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\23.020.0125.0003" (No File)
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
U3 iswSvc; no ImagePath
C:\WINDOWS\system32\.tmp
C:\DumpStack.log.tmp

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully
"C:\Windows\KMSEmulator.exe" => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKU\S-1-5-21-722231672-965411127-3486821242-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-722231672-965411127-3486821242-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => removed successfully
"HKU\S-1-5-21-722231672-965411127-3486821242-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => removed successfully
"HKU\S-1-5-21-722231672-965411127-3486821242-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 23.020.0125.0003" => removed successfully
C:\Program Files (x86)\Mozilla Firefox\distribution\policies.json => moved successfully
HKLM\System\CurrentControlSet\Services\iswSvc => removed successfully
iswSvc => service removed successfully
C:\WINDOWS\system32\.tmp => moved successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30745250 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 64216 B
Windows/system/drivers => 309592000 B
Edge => 0 B
Chrome => 415152773 B
Firefox => 17738581 B
Opera => 11211436 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18766 B
NetworkService => 147482121 B
Admin => 299062584 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-02-2023 22:12:51)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 22:12:51 ====

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 19 úno 2023 09:55
od JaRon
Zaskocim:
Vypni oznamenia https://theweb.sk/ako-vypnut-oznamenia-vo-windows-10/

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 19 úno 2023 10:07
od Antusek
Děkuji. To bych zatím raději nevypínal, abych věděl, když to něco ohlásí. Šlo mi při řešení problému o to jestli na to reagovat či ne neb nevím o tom, že bych tam takový program instaloval a když se něco instaluje občas to chce instalovat i další aplikace, to vždy odškrtnu, že nechci. A třeba to mohl strašit útočník. Počkám na další rady. :)

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 19 úno 2023 10:14
od JaRon
:) Ako chces :James008:

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 19 úno 2023 10:23
od Antusek
Počkám na další rady, Zatím mi tam nevyskakují hlášky od MC Afee či Nortona. Používám Aviru a nevím, že bych tam tyto programy instaloval.
Jak jsem spustil dle rady ten log v RSIT a fix udělalo to něco pozitivního?
:)

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 19 úno 2023 11:19
od Rudy
OK, bylo smazáno. Jak to vypadá nyní?

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 19 úno 2023 11:41
od Antusek
Již hlášky nechodí, ale když jenom spustím Adaware (jako správce), a udělám scan, tak to pořád hlásí, že je tam několk hrozeb (8). Ale nikde nevidím možnost jaké hrozby to jsou. Malwarebytes nic nenašel a Avira po rychlém scanu hlasí, že nejsou žádné viry.
Je to již O.k.? Programy fungují a k těm důležitým souborům jsem se dostal obrázky, Pagemaker (tvorba časopisu, který máme před dokončením). Web také funguje. PC a modem jsem přes noc pro jistotu nevypínal jen dal do spícího režimu.
Díky za info a další radu. :)

Re: Prosím o kontrolu logu - PC byl teď infikován 5-7 viry

Napsal: 19 úno 2023 11:44
od Antusek
A pro jistotu jsem teď udělal scan Adawarem a najednou už to nic nehlásí. Do karantény přesunulo pouze jednoho zástupce na e-mail.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz