Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu/opravu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz

Ve dnech 5.9. - 7.9.2025 budou někteří z nás na každoročním srazu teamu našeho fóra. V této době se může stát, že budete o něco déle čekat na naší odezvu. Děkujeme a omlouváme se.
Odpovědět
Zpráva
Autor
Koty30
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 24 črc 2023 18:57

Prosím o kontrolu/opravu logu

#1 Příspěvek od Koty30 »

Dobrý den, dostal jsem tip na toto fórum od kamaráda, tedy s omlouvám předem, že vůbec nevím :( , nicméně prosím o pomoc s opravou Logu, do mailu mi chodí divné věci, přišel screen obrazovky, vypsané veškeré emailové adresy které mám na seznamu včetně hesel (cca 50 hesel z toho asi tak 70% správně), malinko mě to vyděsilo. Předem moc děkuji za pomoc

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2023
Ran by Admin (24-07-2023 20:27:32)
Running from G:\
Microsoft Windows 10 Pro Version 22H2 19045.3208 (X64) (2021-11-27 17:57:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Admin (S-1-5-21-143178146-412184928-716911168-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-143178146-412184928-716911168-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-143178146-412184928-716911168-503 - Limited - Disabled)
Guest (S-1-5-21-143178146-412184928-716911168-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-143178146-412184928-716911168-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-143178146-412184928-716911168-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3uTools (HKLM-x32\...\3uTools) (Version: 2.39.032 - ShangHai ZhangZheng Network Technology Co., Ltd.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.003.20244 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AnyMP4 Screen Recorder 1.5.6 (HKLM-x32\...\{BDB6239B-2754-49bc-98A7-B9C28D4D74F1}_is1) (Version: 1.5.6 - AnyMP4 Studio)
Apple Mobile Device Support (HKLM\...\{065D0CC8-C382-48AF-8A88-0DD3366EB26C}) (Version: 16.0.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASUS MultiFrame (HKLM-x32\...\{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}) (Version: 1.1.1 - ASUS)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 23.1.13415.12138 - Avast Software)
Avast License by ZeNiX [2012-06-29] (HKLM-x32\...\Avast_2050_ZeNiX [2012-06-29]_is1) (Version: - )
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 23.6.6070 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.25.7922.7760 - Avast Software)
balenaEtcher 1.13.1 (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.13.1 - Balena Inc.)
Balíček ovladače systému Windows - Microsoft PS Vita Type B (02/22/2013 6.1.7600.16385) (HKLM\...\A0EC80B5719D4DA4CF40C9219D7CB9CCAD6DBA40) (Version: 02/22/2013 6.1.7600.16385 - Microsoft)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
CMSClient 1.0.0.53 (HKLM-x32\...\CMSClient) (Version: 1.0.0.53 - )
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
Elcomsoft Phone Breaker (HKLM-x32\...\{D9762DC3-2E37-4F6D-B095-CFB8E7F9AA6C}) (Version: 6.45.18347.3529 - Elcomsoft Co. Ltd.)
eObčanka (HKLM\...\{45F6BE7F-4C79-4E99-A6C8-63919DFF6F87}) (Version: 3.1.1.19123 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Epic Games Launcher (HKLM-x32\...\{FAC47927-1A6A-4C6E-AD7D-E9756794A4BC}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
EPSON L130 Series Printer Uninstall (HKLM\...\EPSON L130 Series) (Version: - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.199 - Google LLC)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Chrome Remote Desktop Host (HKLM-x32\...\{C17C2857-FF33-4EA0-8220-14A17DF82668}) (Version: 116.0.5845.9 - Google LLC)
Intel(R) Chipset Device Software (HKLM\...\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}) (Version: 10.1.1.9 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{54EC951C-4197-4AA4-803B-101F127BBB38}) (Version: 11.0.6.1194 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{335F9123-9306-4DB0-AF07-9C636317EE9D}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
iRemove Tools (HKLM-x32\...\{182058BA-0FB5-4AF9-841E-7DE97464793A}) (Version: 6.2.6 - iRemoveTools)
IrfanView 4.56 (64-bit) (HKLM\...\IrfanView64) (Version: 4.56 - Irfan Skiljan)
iTools 3 version 3.3.7.7 (HKLM-x32\...\{9AD3B3CA-16DF-4113-9178-89263F2E3820}_is1) (Version: 3.3.7.7 - Thinksky, Inc.)
iTunes (HKLM\...\{7C560654-7A19-4ECD-A146-9DEC0360A245}) (Version: 12.12.7.1 - Apple Inc.)
Java 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MERCUSYS MW300UM Driver (HKLM-x32\...\{64F44E9D-71CB-4EC0-BB4B-950A5E39449A}) (Version: 1.3.1 - MERCUSYS)
Microsoft .NET Framework 4.5 CHS Language Pack (HKLM\...\{9CA44204-CCC7-337A-B039-3ABF998AB8A9}) (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (CSY) (HKLM\...\{F4C44834-E4FA-3DA9-B999-A30EC54E95B0}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.16 (x64) (HKLM\...\{DAA471F4-54A9-4820-A1C5-266B5153C144}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.16 (x86) (HKLM-x32\...\{C9EC1A1F-33A6-4162-A4A6-99226A13F123}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.16 (x64) (HKLM\...\{29CBA832-8D09-42D0-82F4-3583EE247A5E}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.16 (x86) (HKLM-x32\...\{D2C9A93A-A18E-4C3B-ACED-F3C36071DA23}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.16 (x64) (HKLM\...\{16E242C4-24A9-4381-8023-0F246750CA47}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.16 (x64) (HKLM-x32\...\{68696b91-f423-4e8e-a58f-631366d0f77a}) (Version: 5.0.16.31117 - Microsoft Corporation)
Microsoft .NET Runtime - 5.0.16 (x86) (HKLM-x32\...\{3081CF2A-E29B-446C-83F5-EDEFE1AAD029}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.16 (x86) (HKLM-x32\...\{50c7f716-ab0c-4ca0-9f30-568fa58db913}) (Version: 5.0.16.31117 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft Office Access MUI (Czech) 2007 (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Czech) 2007 (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\OneDriveSetup.exe) (Version: 23.137.0702.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127 (HKLM-x32\...\{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127 (HKLM-x32\...\{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM\...\{90B8150E-08C5-4225-9F94-9BBB39D82601}) (Version: 40.64.31121 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM-x32\...\{c34fb08d-bd27-4d0b-a7bc-f7d5359f9518}) (Version: 5.0.16.31121 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.16 (x86) (HKLM-x32\...\{00bb4f4f-2d69-4ca8-bde7-4709f108a086}) (Version: 5.0.16.31121 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.16 (x86) (HKLM-x32\...\{BF7F9D94-26FE-4607-A304-E8EDEF9F6739}) (Version: 40.64.31121 - Microsoft Corporation) Hidden
Minecraft1.9 (HKLM-x32\...\Minecraft1.9) (Version: - )
MiniTool Partition Wizard Professional Edition 9.1 (HKLM\...\{69237D97-3063-450F-AE49-2357B191EA5D}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 110.0.1 (x64 cs)) (Version: 110.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 110.0.1.8458 - Mozilla)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.04 - MSI)
Nefarius Software Solutions e.U. HidHide (x64) (HKLM\...\{B62A2DE2-E6A8-438B-B05B-6E9287A0191D}) (Version: 1.0.30.0 - Nefarius Software Solutions e.U.)
Nefarius Virtual Gamepad Emulation Bus Driver (HKLM\...\{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
ocenaudio (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.318.0 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM\...\{958196BD-BBC3-452F-B1FC-EAFDEDD7ACA3}) (Version: 9.4.364.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{a3ff1f80-04b5-4da5-974c-150731035393}) (Version: 9.4.364.0 - Tracker Software Products (Canada) Ltd.)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Podpora pro iPod (HKLM\...\{17D009B8-95CC-47A3-93A8-46ABE4CEFC4A}) (Version: 12.11.3.7 - Apple Inc.)
QLRepairHelper (HKLM-x32\...\{12F2E764-2F05-4EDB-BAAB-6FA9505C3084}) (Version: 3.1.3 - QianLi)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7855 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation)
Roblox Player for Admin (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Admin (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\roblox-studio) (Version: - Roblox Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.31.0 - Samsung Electronics Co., Ltd.)
SnapDownloader 1.13.1 (HKLM\...\1fa2710c-1b1c-5510-a180-c518e4ae80f3) (Version: 1.13.1 - SnapDownloader)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.25.5 - TeamViewer)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
TransMac version 12.9 (HKLM-x32\...\TransMac_is1) (Version: 12.9 - Acute Systems)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.825 - McAfee, LLC)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-08-07] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-08-07] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-04-24] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-143178146-412184928-716911168-1000\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-143178146-412184928-716911168-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23061.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-143178146-412184928-716911168-1000_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6797382daf01d86\igfxDTCM.dll [2022-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\pdvcodec.dll [265797 2010-03-12] (Matsushita Electric Industrial Co., Ltd.) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Admin\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e645e09b181530a\Zpětná vazba.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl

==================== Loaded Modules (Whitelisted) =============

2009-06-24 11:57 - 2009-06-24 11:57 - 000029696 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\DebugLogger.dll
2009-06-24 11:57 - 2009-06-24 11:57 - 000032768 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2009-06-24 11:57 - 2009-06-24 11:57 - 000031744 _____ (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5CD31017 [155]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7182]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {18F2CE8E-8A77-4E45-8222-FB5C29F61732} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {31EFD4F2-3CE9-4EF6-B3D0-6718E9A34C0D} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {516DCEEA-8D16-475A-A205-5E356A4E869C} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {A6E55C08-C088-4F52-944F-2BB357D212D3} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {BAD7F22C-A9CB-4C99-8368-D180789DEFA5} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {D57C9148-0497-43F4-90DD-4A6C3EC92746} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {D6681A67-A32C-4C81-ACDB-FD52CB87380E} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {D8004F79-83EC-4724-A450-E3F8E9896D65} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {D99AA801-64FB-48FB-882A-45C8BA18A283} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-21] (McAfee, LLC -> McAfee, LLC)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll [2021-12-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-21] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-12-11] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2021-05-13 23:43 - 000001227 _____ C:\WINDOWS\system32\drivers\etc\hosts
111.118.212.124 pagead2.googlesyndication.com
111.118.212.124 tpc.googlesyndication.com
111.118.212.124 s7.addthis.com
111.118.212.124 contextual.media.net
111.118.212.124 connect.facebook.net
111.118.212.124 s3.buysellads.com
111.118.212.124 resources.infolinks.com
111.118.212.124 stats.g.doubleclick.net
111.118.212.124 www.googletagmanager.com
111.118.212.124 google-analytics.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files\dotnet\
HKU\S-1-5-21-143178146-412184928-716911168-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\Desktop\Hurník fotky\DSC01432_plne rozliseni.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: com.squirrel.Teams.Teams => C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TuneupUI.exe => "C:\Program Files\Avast Software\Cleanup\TuneupUI.exe" /nogui
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{03EB2CD8-8415-4FDA-B417-C506015C53FD}C:\program files (x86)\cmsclient\cmsclient.exe] => (Allow) C:\program files (x86)\cmsclient\cmsclient.exe () [File not signed]
FirewallRules: [TCP Query User{798BAD37-4748-42A4-B326-80758DF4181C}C:\program files (x86)\cmsclient\cmsclient.exe] => (Allow) C:\program files (x86)\cmsclient\cmsclient.exe () [File not signed]
FirewallRules: [UDP Query User{1E45C4E6-F19B-4386-A653-4EF53A5055B8}D:\bin\miniweb.exe] => (Allow) D:\bin\miniweb.exe => No File
FirewallRules: [TCP Query User{745526C4-501C-46B6-80AB-C3396AC51E23}D:\bin\miniweb.exe] => (Allow) D:\bin\miniweb.exe => No File
FirewallRules: [{DBF71708-C641-42B2-84A9-3BC0B15BCF44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46D95F4E-A4B2-4AF7-8544-94D02899D3A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{324CBD78-F45D-474D-8760-07F7CAD2EE66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5E794800-E2BA-4329-B504-BC1594381E0D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7607F484-7BBF-428B-B32F-37AD7D837F8A}] => (Allow) LPort=27015
FirewallRules: [{F625C878-F42E-4130-826D-7E9B0C14C688}] => (Allow) LPort=80
FirewallRules: [{C2688DC7-ECC3-434B-ADD5-E63090514DC9}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{BFBF2657-1E52-489E-8EE5-1D7F6FFA4F42}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{F5B3ED8A-CF69-4093-B670-0DF967979284}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{8AD369A7-23ED-4B89-A195-7F4CA48B4476}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{C6CE3EA4-1791-45CD-AF03-7E2462058CBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{929E080B-C4FF-4B86-B127-15D4455D1E33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F3D8D843-D8D2-4905-BDD1-39129EA36C06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F91E12AF-BEE6-4754-858D-86F5A740BD46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2BF2EC68-2E5C-4E36-97B0-E6309318FC9D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C2C056D7-C684-4EB6-8454-9FADB98B21D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FD0D1261-9645-4429-BF9F-E4F48A6BFD6A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{53FEED01-7CC7-4D75-A1B0-180E431B2E37}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6ED7C212-D263-4B2C-9B20-78B87AD02CD1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AAF6B69F-96B5-4B65-AC86-047E84AD1657}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B8177C7-EE5F-432D-B20A-F52795DCD23E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2B18119A-B1B8-4971-B242-B3F0197C81F3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E23E1AA1-906B-4787-AF5F-B6B814E471A0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AC411FC5-D417-40C0-BF43-104FCD25F2BC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{5C16F801-B928-4B0A-9DBA-99D85EF8C317}C:\users\admin\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\admin\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{4FA3156D-E441-4917-89DB-A3FBADA50056}C:\users\admin\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\admin\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E57A9D33-DB74-4FFC-8D58-A47C6CCEE9A4}C:\program files (x86)\common files\oracle\java\javapath_target_356021703\javaw.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_356021703\javaw.exe
FirewallRules: [UDP Query User{C9B8D6E0-4DA0-42C4-9691-769FA9ABD841}C:\program files (x86)\common files\oracle\java\javapath_target_356021703\javaw.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_356021703\javaw.exe
FirewallRules: [{54CDF195-F0E3-4742-ADCD-E7FAA8EB50D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37FDAD1C-0798-4833-A40B-0DBC83BDD751}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe => No File
FirewallRules: [{8E34A96E-0400-4E3E-B5F3-4E707874873E}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe => No File
FirewallRules: [{8B0EEC35-6D37-4F78-BD16-8D8BD33A3C8F}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D0CBAE3A-1872-491D-9D83-B6416C99D853}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{742DA7E2-FE1F-4656-81C6-02405699EFB0}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0DC4798A-F78F-4F04-955F-FA5192F755AF}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{50403F7E-61A6-4DB0-90C8-FCFFB0D0B423}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C3426367-BBCA-48B0-B4A0-66D5724EAF6A}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4C4FFD12-05C4-4B1E-812D-26D4E02F65E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{71D2606F-29AF-4855-A4F3-75A4C72D668B}] => (Allow) C:\Program Files\AnyMP4 Studio\AnyMP4 Screen Recorder\MirrorRender.exe (OKWare Co., Ltd -> )
FirewallRules: [{63614AAB-12EA-42BE-A74A-69F8A4372040}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DB5E85B3-B0FD-4556-AAA3-30B83DC16512}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1BF84BD6-BF0C-4B94-8BB4-24220898D3F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{715A24E7-6BD2-4B29-89A9-58A320F7FEB3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{303486AF-F733-4FC6-B2B6-72E669D3B08C}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{63F038B4-7360-4939-AC02-460E546CC3BC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:111.17 GB) (Free:18.87 GB) (17%)

==================== Faulty Device Manager Devices ============

Name: Řadič PCI pro získávání dat a zpracování signálu
Description: Řadič PCI pro získávání dat a zpracování signálu
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/24/2023 06:32:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/24/2023 05:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.3155, časové razítko: 0xfc2dd1ae
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x731e81f0
ID chybujícího procesu: 0x1498
Čas spuštění chybující aplikace: 0x01d9be442a19e9bd
Cesta k chybující aplikaci: C:\WINDOWS\SysWOW64\explorer.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: fa73af11-5eb0-4fca-a90f-aa76ba4615c7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/24/2023 12:10:18 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Zálohování nebylo úspěšné. Chyba: Na této jednotce není dost místa pro uložení zálohy. Uvolněte místo odstraněním starších záloh a nepotřebných dat nebo změňte nastavení zálohování. (0x81000005).

Error: (07/17/2023 12:18:02 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/17/2023 12:12:16 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Zálohování nebylo úspěšné. Chyba: Na této jednotce není dost místa pro uložení zálohy. Uvolněte místo odstraněním starších záloh a nepotřebných dat nebo změňte nastavení zálohování. (0x81000005).

Error: (07/10/2023 09:00:02 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/10/2023 12:20:08 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Zálohování nebylo úspěšné. Chyba: Na této jednotce není dost místa pro uložení zálohy. Uvolněte místo odstraněním starších záloh a nepotřebných dat nebo změňte nastavení zálohování. (0x81000005).

Error: (07/05/2023 04:16:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ServiceHost.exe, verze: 4.1.1.820, časové razítko: 0x6499aae8
Název chybujícího modulu: TaskManager.dll, verze: 4.1.1.820, časové razítko: 0x6499a9f0
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000025a5e0
ID chybujícího procesu: 0x127c
Čas spuštění chybující aplikace: 0x01d9af4b432e8c1a
Cesta k chybující aplikaci: C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
Cesta k chybujícímu modulu: C:\Program Files\McAfee\WebAdvisor\TaskManager.dll
ID zprávy: 8b62fe7f-241a-45a6-84ac-74e9c55c8d70
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (07/22/2023 09:42:45 AM) (Source: DCOM) (EventID: 10010) (User: Admin-PC)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/11/2023 11:28:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba cphs byla ukončena s následující chybou:
Neplatný popisovač

Error: (07/11/2023 10:24:07 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Optimalizace doručení se po přijetí pokynu pro vypnutí neukončila správně.

Error: (07/11/2023 10:23:50 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby TrustedInstaller s argumenty Není k dispozici za účelem spuštění serveru:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/11/2023 10:23:49 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1115 při pokusu o spuštění služby TrustedInstaller s argumenty Není k dispozici za účelem spuštění serveru:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/11/2023 10:22:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba cphs byla ukončena s následující chybou:
Neplatný popisovač

Error: (07/11/2023 10:22:20 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus se po přijetí pokynu pro vypnutí neukončila správně.

Error: (07/11/2023 12:05:32 PM) (Source: DCOM) (EventID: 10010) (User: Admin-PC)
Description: Server {FD06603A-2BDF-4BB1-B7DF-5DC68F353601} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2023-04-15 00:47:20
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Program:AndroidOS/Multiverze
Závažnost: Vysoké
Kategorie: Program měnící nastavení
Cesta: file:_C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: Admin-PC\Admin
Název procesu: C:\Users\Admin\Desktop\krnl_beta.exe
Verze bezpečnostních informací: AV: 1.387.968.0, AS: 1.387.968.0, NIS: 1.387.968.0
Verze modulu: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-15 00:47:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Trickbot!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Admin\AppData\Roaming\Krnl\krnl.dll
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: Admin-PC\Admin
Název procesu: C:\Users\Admin\Desktop\krnl_beta.exe
Verze bezpečnostních informací: AV: 1.387.968.0, AS: 1.387.968.0, NIS: 1.387.968.0
Verze modulu: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-14 19:42:47
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3AD79133-7C88-466B-92E0-C2DECFA9255E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-04-13 19:46:04
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/SmokeLoader.C!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Admin\Desktop\Pet Simulator X Menu\Pet Simulator X Menu.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: Admin-PC\Admin
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.387.913.0, AS: 1.387.913.0, NIS: 1.387.913.0
Verze modulu: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-13 19:46:00
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/SmokeLoader.C!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Admin\Desktop\Pet Simulator X Menu\Pet Simulator X Menu.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: Admin-PC\Admin
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.387.913.0, AS: 1.387.913.0, NIS: 1.387.913.0
Verze modulu: AM: 1.1.20200.4, NIS: 1.1.20200.4

CodeIntegrity:
===============
Date: 2023-07-24 19:50:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2023-07-24 19:38:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.80 07/27/2016
Motherboard: MSI B150M PRO-VH (MS-7996)
Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 40%
Total physical RAM: 16275.03 MB
Available physical RAM: 9615.32 MB
Total Virtual: 32659.03 MB
Available Virtual: 24961.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.17 GB) (Free:18.87 GB) (Model: KINGSTON SV300S37A120G) NTFS
Drive f: (Nový svazek) (Fixed) (Total:931.51 GB) (Free:0.01 GB) (Model: WDC WD10EZEX-21WN4A0) NTFS
Drive g: (Karolína) (Fixed) (Total:1863.01 GB) (Free:1531.42 GB) (Model: Seagate Expansion SCSI Disk Device) NTFS

\\?\Volume{b56ee943-a7db-11e6-80a9-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{0c0c4f55-0000-0000-0000-10d11b000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 0C0C4F55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=534 MB) - (Type=27)

==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 5FF97E03)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-07-2023
Ran by Admin (administrator) on ADMIN-PC (MSI MS-7996) (24-07-2023 20:26:26)
Running from G:\\FRST64.exe
Loaded Profiles: Admin
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3208 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_e6797382daf01d86\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6797382daf01d86\igfxEM.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <46>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Admin\AppData\Local\Microsoft\OneDrive\23.137.0702.0001\Microsoft.SharePoint.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe <2>
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (HP) [File not signed] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6797382daf01d86\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6797382daf01d86\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Shenzhen Thinksky Technology Co.,Ltd -> ) C:\Program Files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8842496 2016-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [366944 2022-12-08] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [220056 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [4499864 2023-05-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) [File not signed]
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [41572768 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\EPSON L130 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBN6E.DLL [180224 2014-03-04] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [956672 2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\Installer\chrmstp.exe [2023-06-30] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2023-05-06]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5205A186-E46C-4445-958B-2C1FC1F4C8D4} - \avast! Emergency Update -> No File <==== ATTENTION
Task: {BA9C2DF7-2FEA-4E12-A5D4-791D8737F5C9} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {E0CF2A7A-6278-4BB7-AD18-FAB753D1D782} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {A166A8EE-F6A2-4262-94AE-D09B680C0F0C} - System32\Tasks\{064F3927-41EC-413E-9662-AAE0D5D6982D} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\Nová složka (4)\templatepack902.exe" -d "C:\Users\Admin\Desktop\Nová složka (4)"
Task: {C2F3781B-F717-4357-B39F-27606F7FD88C} - System32\Tasks\{17395116-1368-4685-8EFD-7181E225B481} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Admin\Desktop\irfanview_plugins_441_setup.exe -d C:\Users\Admin\Desktop
Task: {E62AF31E-3B1C-48EC-A3F6-B70DD1AC3617} - System32\Tasks\{2EEE7A4C-B597-4D19-B078-A657A6102B58} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\Nová složka (2)\setup.exe" -d "C:\Users\Admin\Desktop\Nová složka (2)"
Task: {FAA94AB7-5E0F-463D-BED6-2DEFFA32A335} - System32\Tasks\{40E17AE3-7E9D-40C3-8217-BCB77BBBC30D} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\IrfanView + PlugIns 4.40\irfanview_lang_czech.exe" -d "C:\Users\Admin\Desktop\IrfanView + PlugIns 4.40"
Task: {FC9A9785-5033-4802-ACB1-3F2AE35B209E} - System32\Tasks\{69C176E0-CBB7-4266-AA3A-5A5376A978F2} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\TeamViewer_Setup full #64 & 32(86)(recommended).exe" -d C:\Users\Admin\Desktop
Task: {352CA94F-C71C-4078-A7C2-BFB1920A87BC} - System32\Tasks\{84B02D73-6DDD-4AD7-A99C-F120BCE71C06} => C:\Program Files\iTunes\iTunes.exe [39259488 2022-12-08] (Apple Inc. -> Apple Inc.)
Task: {378CEEF7-E235-4BCE-A702-042887A68A1C} - System32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC} => C:\Program Files (x86)\TeamViewer\TeamViewer.exe (No File)
Task: {779D5CD2-1A71-4CAE-8D67-49FEB67DD4A6} - System32\Tasks\{C687A8A6-D3EC-44A6-8941-21F0209954A4} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -c /M{79A933C8-E333-4D8D-9D5C-86945715E532}
Task: {B080CEE6-DD1E-47F2-AB2A-A338C1D3ED96} - System32\Tasks\{EA407D4A-B63E-4637-8D62-0E4B5B7C70FA} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe"
Task: {79F96CD4-7680-4673-A9DF-9F705C5F417B} - System32\Tasks\{FDDA92B0-4DC2-4EB8-87B5-D7DC7376718E} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\IrfanView + PlugIns 4.40\irfanview_plugins_440_setup.exe" -d "C:\Users\Admin\Desktop\IrfanView + PlugIns 4.40"
Task: {CA1CBA28-8923-41AB-A2A0-8AD142249111} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {AA22B15A-3B75-45AD-9535-5848A89A09DB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (No File)
Task: {5ACB06EC-0541-476F-A20C-E383C2C002F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {422F8D5A-9994-43A6-8AE4-22E770FF407F} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4940696 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
Task: {007E8B56-8950-49A2-B7BA-9D715844925E} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1243544 2023-05-06] (Avast Software s.r.o. -> AVAST Software)
Task: {52A32223-2AC6-4C84-B568-24554EA3D201} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [5029784 2023-05-04] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\A (the data entry has 70 more characters).
Task: {14A60EBD-D2FD-4D33-B9C4-600078E5693F} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [7092120 2023-05-03] (Avast Software s.r.o. -> Avast Software)
Task: {9F4E010E-1A2C-4159-8D93-6C319AA8FA8D} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [5030808 2023-05-06] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramDat (the data entry has 80 more characters).
Task: {6A87D04E-49F9-4381-945A-099EE2109F76} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [7092120 2023-04-26] (Avast Software s.r.o. -> Avast Software)
Task: {ECFC4C4B-A935-4246-BDD4-E651506577B8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2135448 2023-04-15] (Avast Software s.r.o. -> Avast Software)
Task: {0A2C4856-E9C5-4E5C-AE77-72FB73033236} - System32\Tasks\CCleaner Update => C:\Program Files (x86)\CCleaner\CCUpdate.exe [714256 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {CA35D25D-288C-463E-8CC2-2DFF09CE3761} - System32\Tasks\CCleanerCrashReporting => C:\Program Files (x86)\CCleaner\CCleanerBugReport.exe [4703648 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files (x86)\CCleaner\LOG" --programpath "C:\Program Files (x86)\CCleaner" --configpath "C:\Program Files (x86)\CCleaner\Setup" --guid "03666bd6-6dd3-4bb0-8992-c84806ba71f6" --version "6.14.10584" --silent
Task: {335E135C-988F-4642-A1F9-99C4373603AC} - System32\Tasks\CCleanerSkipUAC - Admin => C:\Program Files (x86)\CCleaner\CCleaner.exe [34677664 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {359F1B33-C35A-467B-9A22-2EA626FF8E59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-11-11] (Google Inc -> Google Inc.)
Task: {08D8AA16-CF87-4A22-A388-F830788E92C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-11-11] (Google Inc -> Google Inc.)
Task: {2544E44D-5FBD-41DC-A92A-41FFB79BA6C0} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {45B2586D-BC42-4B81-9C22-536BBB29AAE2} - System32\Tasks\iToolsDaemon => C:\program files (x86)\thinksky\itools 3\iToolsDaemon.exe [494480 2016-09-19] (Shenzhen Thinksky Technology Co.,Ltd -> )
Task: {D8B51464-2C32-4F13-97F6-6759907C400E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-11] (Microsoft Corporation) [File not signed]
Task: {6B3467C7-A3E2-49FA-BDD5-D2708E1E9432} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-11] (Microsoft Corporation) [File not signed]
Task: {612A4AE3-9432-4BD9-8251-1CE3903146F6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6AC81BC1-158F-45BD-A385-8652FD6DBB85} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {097BE63B-972D-4E3E-99F9-CDC86DB2E53A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {24718C1E-1E04-463B-AACF-D4137A2E064E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {1EA28A51-E5CA-4449-93FD-DFF735481760} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {166078C5-21A8-4C65-A03F-596D0DC1430D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {4C41C56F-4FD4-421E-9A52-837498F9D126} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {485E3375-D6CC-43D3-A692-AA2040BBDD24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {33907ACB-82FC-4D09-8666-744AF0BE0B01} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {8883AB7C-DA5E-4D18-9401-085274A96C8A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {DF25D3CD-F491-4248-92AD-CCA3367FF705} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {6329346D-7223-4F41-880B-110F5BDD34B6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {05EF8171-0DE2-41B3-9C23-B8C5C35740DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {9874E1B1-F406-4680-8233-3CFBB9A626DB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {BAD6E523-296C-44BA-8F14-DD7888774D4E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {15CC9174-D3BB-487B-9066-02077BCA55FA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {54C15168-8B7F-4CC9-9606-27157AA5F353} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {F95D7ED4-3910-4F66-A9BC-E95994F04172} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {152AA076-E445-45ED-8EF6-F1DF4E070885} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {0948CC1E-2BA7-4F48-8617-12160BDA0B51} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {5ED85F4F-522E-459F-86D4-E191C04AF68F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {A08A1B20-5D75-4BE8-AADD-ECC89814C23A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {9A7266B3-7BF0-4508-A0F9-063D52C6C0E2} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4ED0B296-4EF4-48F4-A4AE-8307D6F4CDFB} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {96A19FE4-94A5-4C8E-B9FB-B0C401FFC56B} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {2A9E88F0-F337-4347-ADA4-9675FC128875} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {B9B65DF0-7C51-421B-BFE2-A97F8B92C1FD} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {04C4D42E-C8C9-47CB-A875-D782F79A1DCD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716704 2023-03-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {A2641A6B-9D1C-4901-9701-42A97AE2F351} - System32\Tasks\Opera scheduled assistant Autoupdate 1602699805 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {DDF6C831-44A6-47F9-A9B5-38D3E3713A1B} - System32\Tasks\Opera scheduled Autoupdate 1602699804 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files (x86)\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{14449170-290C-4C2F-B99D-F8798D7BE1FA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1D192B6C-6F2F-4566-9425-FAE6132241C8}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{67F8B94B-8DE6-4E50-921D-23A78F2CE2EF}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{6B5188A0-0BF8-436B-A697-4A630D7FDD3A}: [DhcpNameServer] 172.20.10.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-01]
Edge DownloadDir: Default -> C:\Users\Admin\Desktop
Edge Extension: (Edge relevant text changes) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-27]

FireFox:
========
FF DefaultProfile: sp231fgl.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default [2023-07-24]
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\user.js [2018-06-28]
FF DownloadDir: C:\Users\Admin\Desktop
FF Homepage: Mozilla\Firefox\Profiles\sp231fgl.default -> hxxps://www.seznam.cz/
FF NetworkProxy: Mozilla\Firefox\Profiles\sp231fgl.default -> type", 4
FF Notifications: Mozilla\Firefox\Profiles\sp231fgl.default -> hxxps://www.carsontheweb.com; hxxps://www.letgo.cz; hxxps://fastshare.cz; hxxps://www.emimino.cz; hxxps://www.fischer.cz; hxxps://aukro.cz; hxxps://www.ceskyali.cz; hxxps://www.aliznacky.cz; hxxps://www.alibrands.tk; hxxps://www.urbanstore.cz; hxxps://www.cestujlevne.com; hxxps://www.ozp.cz; hxxps://jablickar.cz
FF Extension: (anonymoX) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\Extensions\client@anonymox.net.xpi [2020-09-24]
FF Extension: (Seznam doplněk - Esko) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\Extensions\sko-extension@firma.seznam.cz.xpi [2023-03-03]
FF Extension: (Seznam doplněk - Email) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2023-03-03]
FF Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\Extensions\{ea692a27-4873-406e-bbc6-010c2dd9e9b5}.xpi [2021-10-14]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn => not found
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-13] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-07-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-13] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-12-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-12-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-143178146-412184928-716911168-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-13] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-143178146-412184928-716911168-1000: ipcamera.com/IPCamPlug -> C:\Windows\npIPCamPlug.dll [2016-04-11] (Shenzhen Yishengneng Technology Co., Ltd -> IPCamera)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2023-07-24]
CHR DownloadDir: C:\Users\Admin\Desktop
CHR Notifications: Default -> hxxps://expocaptcha.top; hxxps://www.netflix.com; hxxps://www.ozp.cz
CHR Extension: (Easy Auto Refresh) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2022-10-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-21]
CHR Extension: (anonymoX) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2020-09-17]
CHR Extension: (Kopírování a vkládání v Office Online) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-03-12]
CHR Extension: (FormApps Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2022-10-11]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-01-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Page Monitor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogeebjpdeabhncjpfhgdibjajcajepgg [2021-07-30]
CHR Extension: (Seznam.cz) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2023-05-22]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-29]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-15]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-15]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-09-25]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-25]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-15]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-15]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-15]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-09-25]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-25]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-25]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-12]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-12]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-143178146-412184928-716911168-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

Opera:
=======
OPR Profile: C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable [2023-05-29]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-14]
OPR Extension: (Safe Torrent Scanner) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\gpabaecgmgbeapjghcfhohnbljcocknl [2020-10-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103280 2022-09-01] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8892824 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [578968 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2091928 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [579992 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-04-15] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2022-04-11] (BattlEye Innovations e.K. -> )
S3 CCleanerPerformanceOptimizerService; C:\Program Files (x86)\CCleaner\CCleanerPerformanceOptimizerService.exe [1074080 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe [74520 2023-06-26] (Google LLC -> Google LLC)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [17477528 2023-05-04] (Avast Software s.r.o. -> AVAST Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2022-04-11] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126880 2012-09-27] (Hewlett-Packard Company -> HP)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [871752 2023-07-20] (McAfee, LLC -> McAfee, LLC)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [10043288 2023-05-06] (Avast Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402216 2023-07-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14544680 2021-12-13] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [237424 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [392832 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2023-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39600 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [272016 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [556576 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80416 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [943456 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [704264 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [53904 2018-08-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319512 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [76664 2023-05-06] (Avast Software s.r.o. -> Avast Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [42256 2019-11-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [59360 2019-11-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-08-01] (Symantec Corporation -> Symantec Corporation)
R3 HidHide; C:\WINDOWS\System32\drivers\HidHide.sys [61408 2021-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2020-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E020.00D\SYMEFASI64.SYS [1942096 2018-05-30] (Symantec Corporation -> Symantec Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [238352 2020-09-04] (Oracle Corporation -> Oracle Corporation)
U5 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174536 2020-09-04] (Oracle Corporation -> Oracle Corporation)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [497920 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-24 20:18 - 2023-07-24 20:18 - 000027528 _____ C:\Users\Admin\Desktop\LOG2.rar
2023-07-24 20:18 - 2023-07-24 20:18 - 000000964 _____ C:\Users\Admin\Desktop\LOG3.rar
2023-07-24 20:18 - 2023-07-24 20:18 - 000000000 ____D C:\Users\Admin\Desktop\LOG3
2023-07-24 20:17 - 2023-07-24 20:17 - 000000000 ____D C:\Users\Admin\Desktop\LOG2
2023-07-24 20:14 - 2023-07-24 20:15 - 000028045 _____ C:\Users\Admin\Desktop\LOG.rar
2023-07-24 20:14 - 2023-07-24 20:14 - 000000000 ____D C:\Users\Admin\Desktop\LOG
2023-07-24 20:10 - 2023-07-24 20:26 - 000000000 ____D C:\FRST
2023-07-24 20:08 - 2023-07-24 20:08 - 002384384 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2023-07-18 19:39 - 2023-07-18 19:39 - 000658038 _____ C:\Users\Admin\Desktop\Tiskopis_oznameni_zmeny_zamestnavatele_-_CZE-UKR.pdf
2023-07-18 19:36 - 2023-07-18 19:36 - 000215492 _____ C:\Users\Admin\Desktop\priloha_1217186501_0_MV_SLUŽEBNÍ.pdf
2023-07-13 17:34 - 2023-07-13 17:34 - 000321499 _____ C:\Users\Admin\Desktop\2023-07-13-gmh5yqw8-zadost202308763.zip
2023-07-13 13:45 - 2023-07-13 13:53 - 000000000 ____D C:\Users\Admin\Desktop\MV
2023-07-12 21:55 - 2023-07-24 19:24 - 000000000 ____D C:\Users\Admin\Desktop\Zbraslav
2023-07-11 20:11 - 2023-07-11 20:11 - 000000000 ___HD C:\$WinREAgent
2023-07-05 16:41 - 2023-07-05 16:41 - 000313240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-07-03 01:04 - 2023-07-03 01:04 - 000300492 _____ C:\Users\Admin\Desktop\drazebni-vyhlaska (1).pdf
2023-07-01 13:36 - 2023-07-01 13:36 - 002170168 _____ ( ) C:\Users\Admin\Desktop\screen-recorder (1).exe
2023-07-01 13:27 - 2023-07-01 13:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\AnyMP4 Studio
2023-07-01 13:26 - 2023-07-01 13:26 - 002170168 _____ ( ) C:\Users\Admin\Desktop\screen-recorder.exe
2023-07-01 13:26 - 2023-07-01 13:26 - 000002103 _____ C:\Users\Public\Desktop\AnyMP4 Screen Recorder.lnk
2023-07-01 13:26 - 2023-07-01 13:26 - 000000000 ____D C:\Users\Admin\AppData\Local\AnyMP4 Studio
2023-07-01 13:26 - 2023-07-01 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyMP4
2023-07-01 13:26 - 2023-07-01 13:26 - 000000000 ____D C:\ProgramData\AnyMP4 Studio
2023-07-01 13:26 - 2023-07-01 13:26 - 000000000 ____D C:\Program Files\AnyMP4 Studio
2023-06-27 11:52 - 2023-06-27 11:52 - 007652571 _____ C:\Users\Admin\Desktop\PD.zip
2023-06-26 00:45 - 2023-06-26 00:45 - 000255127 _____ C:\Users\Admin\Desktop\drazebni-vyhlaska.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-24 20:25 - 2021-12-18 02:52 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-24 20:25 - 2016-11-11 09:16 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-24 20:05 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-24 19:35 - 2018-08-14 14:21 - 000000000 ____D C:\Users\Admin\AppData\Local\AVAST Software
2023-07-24 18:54 - 2016-11-16 16:30 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Word
2023-07-24 18:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-24 18:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-24 17:44 - 2023-04-15 01:17 - 000000000 ____D C:\Program Files (x86)\CCleaner
2023-07-24 17:38 - 2021-08-01 15:09 - 000000000 ____D C:\Program Files\TeamViewer
2023-07-24 17:36 - 2023-04-19 18:51 - 000004192 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8C5DDCB1-8E41-4A00-9EDD-2CBAC83382E4}
2023-07-24 17:33 - 2023-04-15 01:18 - 000003948 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-07-24 17:33 - 2023-04-15 01:18 - 000003518 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-07-24 17:33 - 2023-04-15 01:18 - 000000808 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-07-24 17:33 - 2018-02-14 11:21 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2023-07-24 17:32 - 2021-11-27 19:56 - 000003420 _____ C:\WINDOWS\system32\Tasks\iToolsDaemon
2023-07-24 17:32 - 2016-11-11 09:10 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2023-07-24 00:36 - 2023-04-15 01:18 - 000002260 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Admin
2023-07-24 00:36 - 2023-04-15 01:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-07-24 00:36 - 2022-03-14 19:20 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-07-24 00:36 - 2021-12-12 00:09 - 000003054 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-143178146-412184928-716911168-1000
2023-07-24 00:36 - 2021-11-28 18:26 - 000003220 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2023-07-24 00:36 - 2021-11-27 20:03 - 000002850 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-143178146-412184928-716911168-1000
2023-07-24 00:36 - 2021-11-27 19:56 - 000003806 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1602699805
2023-07-24 00:36 - 2021-11-27 19:56 - 000003572 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1602699804
2023-07-24 00:36 - 2021-11-27 19:56 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-24 00:36 - 2021-11-27 19:56 - 000003410 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-07-24 00:36 - 2021-11-27 19:56 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-24 00:36 - 2021-11-27 19:56 - 000003186 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-24 00:36 - 2021-11-27 19:56 - 000002408 _____ C:\WINDOWS\system32\Tasks\{FDDA92B0-4DC2-4EB8-87B5-D7DC7376718E}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002394 _____ C:\WINDOWS\system32\Tasks\{40E17AE3-7E9D-40C3-8217-BCB77BBBC30D}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002352 _____ C:\WINDOWS\system32\Tasks\{69C176E0-CBB7-4266-AA3A-5A5376A978F2}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002348 _____ C:\WINDOWS\system32\Tasks\{C687A8A6-D3EC-44A6-8941-21F0209954A4}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002348 _____ C:\WINDOWS\system32\Tasks\{064F3927-41EC-413E-9662-AAE0D5D6982D}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002328 _____ C:\WINDOWS\system32\Tasks\{2EEE7A4C-B597-4D19-B078-A657A6102B58}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002300 _____ C:\WINDOWS\system32\Tasks\{17395116-1368-4685-8EFD-7181E225B481}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002296 _____ C:\WINDOWS\system32\Tasks\{EA407D4A-B63E-4637-8D62-0E4B5B7C70FA}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002108 _____ C:\WINDOWS\system32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002080 _____ C:\WINDOWS\system32\Tasks\{84B02D73-6DDD-4AD7-A99C-F120BCE71C06}
2023-07-24 00:06 - 2023-01-17 00:11 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-07-24 00:06 - 2021-01-10 15:18 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-22 09:31 - 2021-11-27 19:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-22 09:02 - 2021-11-27 19:54 - 000002411 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-22 08:49 - 2023-05-15 09:07 - 000001455 _____ C:\Users\Admin\Desktop\Roblox Player.lnk
2023-07-22 08:49 - 2022-08-31 19:15 - 000001278 _____ C:\Users\Admin\Desktop\Roblox Studio.lnk
2023-07-22 08:49 - 2022-02-19 13:24 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-07-18 22:10 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-17 00:18 - 2021-11-27 20:05 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2023-07-13 18:23 - 2021-11-27 19:54 - 001885540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-13 18:23 - 2019-12-07 16:43 - 000779882 _____ C:\WINDOWS\system32\perfh005.dat
2023-07-13 18:23 - 2019-12-07 16:43 - 000177868 _____ C:\WINDOWS\system32\perfc005.dat
2023-07-13 18:23 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-07-12 10:02 - 2023-02-28 11:30 - 000000000 ____D C:\Users\Admin\Desktop\Tesco
2023-07-11 23:42 - 2022-10-14 19:22 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-07-11 23:42 - 2022-10-14 19:22 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-07-11 23:29 - 2023-05-06 22:39 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2023-07-11 23:29 - 2023-04-15 01:00 - 000000000 ____D C:\ProgramData\Avast Software
2023-07-11 23:28 - 2022-07-20 00:31 - 000008192 ___SH C:\DumpStack.log.tmp
2023-07-11 23:28 - 2021-11-27 19:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-11 23:28 - 2020-10-16 15:29 - 000000000 ____D C:\Intel
2023-07-11 22:24 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-07-11 22:23 - 2021-11-27 19:52 - 000541440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-11 22:17 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-11 20:25 - 2023-04-01 11:02 - 000000000 ____D C:\Users\Admin\Desktop\Fotky vyvolání
2023-07-11 20:17 - 2021-11-27 19:55 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-11 20:11 - 2016-11-11 09:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-11 20:07 - 2016-11-11 09:29 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-05 16:41 - 2023-04-15 01:02 - 000943456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000704264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000556576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000319512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000297832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000272016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000237424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000105248 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000095960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000080416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000039600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-07-05 16:41 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-07-05 16:40 - 2023-04-15 01:02 - 000392832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2023-07-05 16:16 - 2021-11-27 19:54 - 000000000 ____D C:\Users\Admin
2023-07-04 21:12 - 2022-06-07 23:17 - 000000000 ____D C:\Users\Admin\Desktop\Kotlíky
2023-07-04 15:13 - 2022-02-19 13:24 - 000000256 _____ C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx
2023-06-30 07:57 - 2016-11-11 09:17 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories ========

2018-06-23 11:57 - 2018-06-23 11:58 - 000053102 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2018-06-24 01:04 - 2018-06-24 01:04 - 000022637 _____ () C:\Program Files (x86)\CMS Uninstall Log.txt
2019-01-26 12:46 - 2019-01-26 12:46 - 000000040 _____ () C:\Users\Admin\AppData\Roaming\cdr.ini
2021-01-18 17:17 - 2021-01-18 17:17 - 000000110 _____ () C:\Users\Admin\AppData\Roaming\debug.log
2022-11-13 21:20 - 2022-11-13 21:20 - 000000036 _____ () C:\Users\Admin\AppData\Local\.__explain_this_is_writeable_not_delete__
2022-11-09 22:44 - 2022-11-09 22:44 - 000004096 ____H () C:\Users\Admin\AppData\Local\keyfile3.drm
2020-01-30 16:34 - 2020-01-30 16:34 - 000001292 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119490
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu/opravu logu

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Koty30
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 24 črc 2023 18:57

Re: Prosím o kontrolu/opravu logu

#3 Příspěvek od Koty30 »

Dobrý večer, nevím přesně zda jsem udělal dobře, něco to vypsalo a namísto clean/repair mi napsalo "karanténa". Poté se vytvořil tento log ale bez restartu


# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-24-2023
# Duration: 00:00:02
# OS: Windows 10 (Build 19045.3208)
# Cleaned: 32
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\Tencent
Deleted C:\Program Files (x86)\DriverToolkit
Deleted C:\ProgramData\Tencent
Deleted C:\Users\Admin\AppData\Local\DriverToolkit
Deleted C:\Users\Admin\AppData\Local\slimware utilities inc
Deleted C:\Users\Admin\AppData\Roaming\Seznam.cz
Deleted C:\Users\Admin\AppData\Roaming\Tencent

***** [ Files ] *****

Deleted C:\Windows\SysWOW64\rlls.dll
Deleted C:\Windows\System32\rlls64.dll
Deleted C:\Windows\restoro.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\DriverToolkit
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\Video Player
Deleted HKCU\Software\csastats
Deleted HKCU\Software\distromatic
Deleted HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8AD369A7-23ED-4B89-A195-7F4CA48B4476}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F5B3ED8A-CF69-4093-B670-0DF967979284}
Deleted HKLM\Software\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted HKLM\Software\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted HKLM\Software\Classes\METNSD
Deleted HKLM\Software\ErrorFixKIT
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\DownloadProxy.EXE
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}

***** [ Chromium (and derivatives) ] *****

Deleted Seznam Doplněk – Esko - olfeabkoenfaoljndfecamgilllcpiak

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****



No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4278 octets] - [24/07/2023 21:16:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119490
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu/opravu logu

#4 Příspěvek od Rudy »

Poprosím o nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Koty30
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 24 črc 2023 18:57

Re: Prosím o kontrolu/opravu logu

#5 Příspěvek od Koty30 »

Jasně, zde :)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-07-2023
Ran by Admin (administrator) on ADMIN-PC (MSI MS-7996) (24-07-2023 22:03:55)
Running from G:\\FRST64.exe
Loaded Profiles: Admin
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3208 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe <2>
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3205_none_7e1f4da67c811930\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8842496 2016-06-24] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [366944 2022-12-08] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [220056 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [TuneupUI.exe] => C:\Program Files\Avast Software\Cleanup\TuneupUI.exe [4499864 2023-05-04] (Avast Software s.r.o. -> AVAST Software)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) [File not signed]
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [41572768 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\EPSON L130 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBN6E.DLL [180224 2014-03-04] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [956672 2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\Installer\chrmstp.exe [2023-06-30] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2023-05-06]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5205A186-E46C-4445-958B-2C1FC1F4C8D4} - \avast! Emergency Update -> No File <==== ATTENTION
Task: {BA9C2DF7-2FEA-4E12-A5D4-791D8737F5C9} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {E0CF2A7A-6278-4BB7-AD18-FAB753D1D782} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {A166A8EE-F6A2-4262-94AE-D09B680C0F0C} - System32\Tasks\{064F3927-41EC-413E-9662-AAE0D5D6982D} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\Nová složka (4)\templatepack902.exe" -d "C:\Users\Admin\Desktop\Nová složka (4)"
Task: {C2F3781B-F717-4357-B39F-27606F7FD88C} - System32\Tasks\{17395116-1368-4685-8EFD-7181E225B481} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Admin\Desktop\irfanview_plugins_441_setup.exe -d C:\Users\Admin\Desktop
Task: {E62AF31E-3B1C-48EC-A3F6-B70DD1AC3617} - System32\Tasks\{2EEE7A4C-B597-4D19-B078-A657A6102B58} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\Nová složka (2)\setup.exe" -d "C:\Users\Admin\Desktop\Nová složka (2)"
Task: {FAA94AB7-5E0F-463D-BED6-2DEFFA32A335} - System32\Tasks\{40E17AE3-7E9D-40C3-8217-BCB77BBBC30D} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\IrfanView + PlugIns 4.40\irfanview_lang_czech.exe" -d "C:\Users\Admin\Desktop\IrfanView + PlugIns 4.40"
Task: {FC9A9785-5033-4802-ACB1-3F2AE35B209E} - System32\Tasks\{69C176E0-CBB7-4266-AA3A-5A5376A978F2} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\TeamViewer_Setup full #64 & 32(86)(recommended).exe" -d C:\Users\Admin\Desktop
Task: {352CA94F-C71C-4078-A7C2-BFB1920A87BC} - System32\Tasks\{84B02D73-6DDD-4AD7-A99C-F120BCE71C06} => C:\Program Files\iTunes\iTunes.exe [39259488 2022-12-08] (Apple Inc. -> Apple Inc.)
Task: {378CEEF7-E235-4BCE-A702-042887A68A1C} - System32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC} => C:\Program Files (x86)\TeamViewer\TeamViewer.exe (No File)
Task: {779D5CD2-1A71-4CAE-8D67-49FEB67DD4A6} - System32\Tasks\{C687A8A6-D3EC-44A6-8941-21F0209954A4} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -c /M{79A933C8-E333-4D8D-9D5C-86945715E532}
Task: {B080CEE6-DD1E-47F2-AB2A-A338C1D3ED96} - System32\Tasks\{EA407D4A-B63E-4637-8D62-0E4B5B7C70FA} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe"
Task: {79F96CD4-7680-4673-A9DF-9F705C5F417B} - System32\Tasks\{FDDA92B0-4DC2-4EB8-87B5-D7DC7376718E} => C:\Windows\system32\pcalua.exe [53760 2023-06-14] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Users\Admin\Desktop\IrfanView + PlugIns 4.40\irfanview_plugins_440_setup.exe" -d "C:\Users\Admin\Desktop\IrfanView + PlugIns 4.40"
Task: {CA1CBA28-8923-41AB-A2A0-8AD142249111} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {AA22B15A-3B75-45AD-9535-5848A89A09DB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (No File)
Task: {5ACB06EC-0541-476F-A20C-E383C2C002F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {422F8D5A-9994-43A6-8AE4-22E770FF407F} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4940696 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
Task: {B87B8B11-5434-45E7-A2D2-6FE1F8FC1734} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1243544 2023-05-06] (Avast Software s.r.o. -> AVAST Software)
Task: {52A32223-2AC6-4C84-B568-24554EA3D201} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe [5029784 2023-05-04] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\A (the data entry has 70 more characters).
Task: {14A60EBD-D2FD-4D33-B9C4-600078E5693F} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe [7092120 2023-05-03] (Avast Software s.r.o. -> Avast Software)
Task: {9F4E010E-1A2C-4159-8D93-6C319AA8FA8D} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [5030808 2023-05-06] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramDat (the data entry has 80 more characters).
Task: {6A87D04E-49F9-4381-945A-099EE2109F76} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [7092120 2023-04-26] (Avast Software s.r.o. -> Avast Software)
Task: {ECFC4C4B-A935-4246-BDD4-E651506577B8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2135448 2023-04-15] (Avast Software s.r.o. -> Avast Software)
Task: {0A2C4856-E9C5-4E5C-AE77-72FB73033236} - System32\Tasks\CCleaner Update => C:\Program Files (x86)\CCleaner\CCUpdate.exe [714256 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {CA35D25D-288C-463E-8CC2-2DFF09CE3761} - System32\Tasks\CCleanerCrashReporting => C:\Program Files (x86)\CCleaner\CCleanerBugReport.exe [4703648 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files (x86)\CCleaner\LOG" --programpath "C:\Program Files (x86)\CCleaner" --configpath "C:\Program Files (x86)\CCleaner\Setup" --guid "03666bd6-6dd3-4bb0-8992-c84806ba71f6" --version "6.14.10584" --silent
Task: {335E135C-988F-4642-A1F9-99C4373603AC} - System32\Tasks\CCleanerSkipUAC - Admin => C:\Program Files (x86)\CCleaner\CCleaner.exe [34677664 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {359F1B33-C35A-467B-9A22-2EA626FF8E59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-11-11] (Google Inc -> Google Inc.)
Task: {08D8AA16-CF87-4A22-A388-F830788E92C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-11-11] (Google Inc -> Google Inc.)
Task: {2544E44D-5FBD-41DC-A92A-41FFB79BA6C0} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {45B2586D-BC42-4B81-9C22-536BBB29AAE2} - System32\Tasks\iToolsDaemon => C:\program files (x86)\thinksky\itools 3\iToolsDaemon.exe [494480 2016-09-19] (Shenzhen Thinksky Technology Co.,Ltd -> )
Task: {D8B51464-2C32-4F13-97F6-6759907C400E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-11] (Microsoft Corporation) [File not signed]
Task: {6B3467C7-A3E2-49FA-BDD5-D2708E1E9432} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-11] (Microsoft Corporation) [File not signed]
Task: {612A4AE3-9432-4BD9-8251-1CE3903146F6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6AC81BC1-158F-45BD-A385-8652FD6DBB85} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {097BE63B-972D-4E3E-99F9-CDC86DB2E53A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {24718C1E-1E04-463B-AACF-D4137A2E064E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {1EA28A51-E5CA-4449-93FD-DFF735481760} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {166078C5-21A8-4C65-A03F-596D0DC1430D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {4C41C56F-4FD4-421E-9A52-837498F9D126} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {485E3375-D6CC-43D3-A692-AA2040BBDD24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {33907ACB-82FC-4D09-8666-744AF0BE0B01} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {8883AB7C-DA5E-4D18-9401-085274A96C8A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {DF25D3CD-F491-4248-92AD-CCA3367FF705} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {6329346D-7223-4F41-880B-110F5BDD34B6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {05EF8171-0DE2-41B3-9C23-B8C5C35740DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {9874E1B1-F406-4680-8233-3CFBB9A626DB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {BAD6E523-296C-44BA-8F14-DD7888774D4E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {15CC9174-D3BB-487B-9066-02077BCA55FA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {54C15168-8B7F-4CC9-9606-27157AA5F353} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {F95D7ED4-3910-4F66-A9BC-E95994F04172} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {152AA076-E445-45ED-8EF6-F1DF4E070885} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {0948CC1E-2BA7-4F48-8617-12160BDA0B51} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {5ED85F4F-522E-459F-86D4-E191C04AF68F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {A08A1B20-5D75-4BE8-AADD-ECC89814C23A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {9A7266B3-7BF0-4508-A0F9-063D52C6C0E2} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4ED0B296-4EF4-48F4-A4AE-8307D6F4CDFB} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {96A19FE4-94A5-4C8E-B9FB-B0C401FFC56B} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {2A9E88F0-F337-4347-ADA4-9675FC128875} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {B9B65DF0-7C51-421B-BFE2-A97F8B92C1FD} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {04C4D42E-C8C9-47CB-A875-D782F79A1DCD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716704 2023-03-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {A2641A6B-9D1C-4901-9701-42A97AE2F351} - System32\Tasks\Opera scheduled assistant Autoupdate 1602699805 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {DDF6C831-44A6-47F9-A9B5-38D3E3713A1B} - System32\Tasks\Opera scheduled Autoupdate 1602699804 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files (x86)\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{14449170-290C-4C2F-B99D-F8798D7BE1FA}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1D192B6C-6F2F-4566-9425-FAE6132241C8}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{67F8B94B-8DE6-4E50-921D-23A78F2CE2EF}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{6B5188A0-0BF8-436B-A697-4A630D7FDD3A}: [DhcpNameServer] 172.20.10.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-01]
Edge DownloadDir: Default -> C:\Users\Admin\Desktop
Edge Extension: (Edge relevant text changes) - C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-27]

FireFox:
========
FF DefaultProfile: sp231fgl.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default [2023-07-24]
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\user.js [2018-06-28]
FF DownloadDir: C:\Users\Admin\Desktop
FF Homepage: Mozilla\Firefox\Profiles\sp231fgl.default -> hxxps://www.seznam.cz/
FF NetworkProxy: Mozilla\Firefox\Profiles\sp231fgl.default -> type", 4
FF Notifications: Mozilla\Firefox\Profiles\sp231fgl.default -> hxxps://www.carsontheweb.com; hxxps://www.letgo.cz; hxxps://fastshare.cz; hxxps://www.emimino.cz; hxxps://www.fischer.cz; hxxps://aukro.cz; hxxps://www.ceskyali.cz; hxxps://www.aliznacky.cz; hxxps://www.alibrands.tk; hxxps://www.urbanstore.cz; hxxps://www.cestujlevne.com; hxxps://www.ozp.cz; hxxps://jablickar.cz
FF Extension: (anonymoX) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\Extensions\client@anonymox.net.xpi [2020-09-24]
FF Extension: (Seznam doplněk - Esko) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\Extensions\sko-extension@firma.seznam.cz.xpi [2023-03-03]
FF Extension: (Seznam doplněk - Email) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2023-03-03]
FF Extension: (Aliexpress SuperStar česky, Historie cen a koruny) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sp231fgl.default\Extensions\{ea692a27-4873-406e-bbc6-010c2dd9e9b5}.xpi [2021-10-14]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn => not found
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-13] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-07-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-13] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-12-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-12-11] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-143178146-412184928-716911168-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-13] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-143178146-412184928-716911168-1000: ipcamera.com/IPCamPlug -> C:\Windows\npIPCamPlug.dll [2016-04-11] (Shenzhen Yishengneng Technology Co., Ltd -> IPCamera)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2023-07-24]
CHR DownloadDir: C:\Users\Admin\Desktop
CHR Notifications: Default -> hxxps://expocaptcha.top; hxxps://www.netflix.com; hxxps://www.ozp.cz
CHR Extension: (Easy Auto Refresh) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2022-10-04]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-21]
CHR Extension: (anonymoX) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpklikeghomkemdellmmkoifgfbakio [2020-09-17]
CHR Extension: (Kopírování a vkládání v Office Online) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2023-03-12]
CHR Extension: (FormApps Extension) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2022-10-11]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-01-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Page Monitor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogeebjpdeabhncjpfhgdibjajcajepgg [2021-07-30]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-29]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-15]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-15]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-09-25]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-25]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-15]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-15]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-15]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-09-25]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-25]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-09-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-25]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5 [2023-05-29]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2022-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-12]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2022-10-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-12]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKU\S-1-5-21-143178146-412184928-716911168-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

Opera:
=======
OPR Profile: C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable [2023-05-29]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=o ... utEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-14]
OPR Extension: (Safe Torrent Scanner) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\gpabaecgmgbeapjghcfhohnbljcocknl [2020-10-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103280 2022-09-01] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8892824 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [578968 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2091928 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [579992 2023-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2023-04-15] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8901968 2022-04-11] (BattlEye Innovations e.K. -> )
S3 CCleanerPerformanceOptimizerService; C:\Program Files (x86)\CCleaner\CCleanerPerformanceOptimizerService.exe [1074080 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe [74520 2023-06-26] (Google LLC -> Google LLC)
R2 CleanupPSvc; C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe [17477528 2023-05-04] (Avast Software s.r.o. -> AVAST Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2022-04-11] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2022-03-03] (Epic Games Inc. -> Epic Games, Inc.)
S2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126880 2012-09-27] (Hewlett-Packard Company -> HP)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [871752 2023-07-20] (McAfee, LLC -> McAfee, LLC)
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [163280 2015-05-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [10043288 2023-05-06] (Avast Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402216 2023-07-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14544680 2021-12-13] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [237424 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [392832 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2023-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39600 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [272016 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [556576 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80416 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [943456 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [704264 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [53904 2018-08-14] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [319512 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [76664 2023-05-06] (Avast Software s.r.o. -> Avast Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [42256 2019-11-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\DRIVERS\dtliteusbbus.sys [59360 2019-11-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-08-01] (Symantec Corporation -> Symantec Corporation)
R3 HidHide; C:\WINDOWS\System32\drivers\HidHide.sys [61408 2021-04-01] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2020-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160E020.00D\SYMEFASI64.SYS [1942096 2018-05-30] (Symantec Corporation -> Symantec Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VBoxNetAdp; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp6.sys [238352 2020-09-04] (Oracle Corporation -> Oracle Corporation)
U5 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174536 2020-09-04] (Oracle Corporation -> Oracle Corporation)
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49600 2023-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [497920 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-24 21:16 - 2023-07-24 21:17 - 000000000 ____D C:\AdwCleaner
2023-07-24 21:15 - 2023-07-24 21:15 - 008791352 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner.exe
2023-07-24 20:31 - 2023-07-24 20:28 - 000058772 _____ C:\Users\Admin\Desktop\FRST.txt
2023-07-24 20:31 - 2023-07-24 20:28 - 000051156 _____ C:\Users\Admin\Desktop\Addition.txt
2023-07-24 20:10 - 2023-07-24 22:04 - 000000000 ____D C:\FRST
2023-07-24 20:08 - 2023-07-24 20:08 - 002384384 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2023-07-13 13:45 - 2023-07-13 13:53 - 000000000 ____D C:\Users\Admin\Desktop\MV
2023-07-12 21:55 - 2023-07-24 19:24 - 000000000 ____D C:\Users\Admin\Desktop\Zbraslav
2023-07-11 20:11 - 2023-07-11 20:11 - 000000000 ___HD C:\$WinREAgent
2023-07-05 16:41 - 2023-07-05 16:41 - 000313240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-07-01 13:36 - 2023-07-01 13:36 - 002170168 _____ ( ) C:\Users\Admin\Desktop\screen-recorder (1).exe
2023-07-01 13:27 - 2023-07-01 13:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\AnyMP4 Studio
2023-07-01 13:26 - 2023-07-01 13:26 - 002170168 _____ ( ) C:\Users\Admin\Desktop\screen-recorder.exe
2023-07-01 13:26 - 2023-07-01 13:26 - 000002103 _____ C:\Users\Public\Desktop\AnyMP4 Screen Recorder.lnk
2023-07-01 13:26 - 2023-07-01 13:26 - 000000000 ____D C:\Users\Admin\AppData\Local\AnyMP4 Studio
2023-07-01 13:26 - 2023-07-01 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyMP4
2023-07-01 13:26 - 2023-07-01 13:26 - 000000000 ____D C:\ProgramData\AnyMP4 Studio
2023-07-01 13:26 - 2023-07-01 13:26 - 000000000 ____D C:\Program Files\AnyMP4 Studio
2023-06-26 00:45 - 2023-06-26 00:45 - 000255127 _____ C:\Users\Admin\Desktop\drazebni-vyhlaska.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-07-24 21:51 - 2021-11-27 19:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-24 21:38 - 2021-08-01 15:09 - 000000000 ____D C:\Program Files\TeamViewer
2023-07-24 21:35 - 2021-12-18 02:52 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-24 21:35 - 2016-11-11 09:16 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-24 21:23 - 2023-05-06 22:39 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2023-07-24 21:12 - 2016-11-16 16:30 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Word
2023-07-24 20:05 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-24 19:35 - 2018-08-14 14:21 - 000000000 ____D C:\Users\Admin\AppData\Local\AVAST Software
2023-07-24 18:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-24 18:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-24 17:44 - 2023-04-15 01:17 - 000000000 ____D C:\Program Files (x86)\CCleaner
2023-07-24 17:36 - 2023-04-19 18:51 - 000004192 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8C5DDCB1-8E41-4A00-9EDD-2CBAC83382E4}
2023-07-24 17:33 - 2023-04-15 01:18 - 000003948 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-07-24 17:33 - 2023-04-15 01:18 - 000003518 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-07-24 17:33 - 2023-04-15 01:18 - 000000808 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-07-24 17:33 - 2018-02-14 11:21 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2023-07-24 17:32 - 2021-11-27 19:56 - 000003420 _____ C:\WINDOWS\system32\Tasks\iToolsDaemon
2023-07-24 17:32 - 2016-11-11 09:10 - 000000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2023-07-24 00:36 - 2023-04-15 01:18 - 000002260 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Admin
2023-07-24 00:36 - 2023-04-15 01:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-07-24 00:36 - 2022-03-14 19:20 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-07-24 00:36 - 2021-12-12 00:09 - 000003054 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-143178146-412184928-716911168-1000
2023-07-24 00:36 - 2021-11-28 18:26 - 000003220 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2023-07-24 00:36 - 2021-11-27 20:03 - 000002850 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-143178146-412184928-716911168-1000
2023-07-24 00:36 - 2021-11-27 19:56 - 000003806 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1602699805
2023-07-24 00:36 - 2021-11-27 19:56 - 000003572 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1602699804
2023-07-24 00:36 - 2021-11-27 19:56 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-24 00:36 - 2021-11-27 19:56 - 000003410 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-07-24 00:36 - 2021-11-27 19:56 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-24 00:36 - 2021-11-27 19:56 - 000003186 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-24 00:36 - 2021-11-27 19:56 - 000002408 _____ C:\WINDOWS\system32\Tasks\{FDDA92B0-4DC2-4EB8-87B5-D7DC7376718E}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002394 _____ C:\WINDOWS\system32\Tasks\{40E17AE3-7E9D-40C3-8217-BCB77BBBC30D}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002352 _____ C:\WINDOWS\system32\Tasks\{69C176E0-CBB7-4266-AA3A-5A5376A978F2}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002348 _____ C:\WINDOWS\system32\Tasks\{C687A8A6-D3EC-44A6-8941-21F0209954A4}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002348 _____ C:\WINDOWS\system32\Tasks\{064F3927-41EC-413E-9662-AAE0D5D6982D}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002328 _____ C:\WINDOWS\system32\Tasks\{2EEE7A4C-B597-4D19-B078-A657A6102B58}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002300 _____ C:\WINDOWS\system32\Tasks\{17395116-1368-4685-8EFD-7181E225B481}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002296 _____ C:\WINDOWS\system32\Tasks\{EA407D4A-B63E-4637-8D62-0E4B5B7C70FA}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002108 _____ C:\WINDOWS\system32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC}
2023-07-24 00:36 - 2021-11-27 19:56 - 000002080 _____ C:\WINDOWS\system32\Tasks\{84B02D73-6DDD-4AD7-A99C-F120BCE71C06}
2023-07-24 00:06 - 2023-01-17 00:11 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-07-24 00:06 - 2021-01-10 15:18 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-22 09:02 - 2021-11-27 19:54 - 000002411 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-22 08:49 - 2022-08-31 19:15 - 000001278 _____ C:\Users\Admin\Desktop\Roblox Studio.lnk
2023-07-22 08:49 - 2022-02-19 13:24 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-07-18 22:10 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-17 00:18 - 2021-11-27 20:05 - 000000000 ____D C:\Users\Admin\AppData\Local\D3DSCache
2023-07-13 18:23 - 2021-11-27 19:54 - 001885540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-13 18:23 - 2019-12-07 16:43 - 000779882 _____ C:\WINDOWS\system32\perfh005.dat
2023-07-13 18:23 - 2019-12-07 16:43 - 000177868 _____ C:\WINDOWS\system32\perfc005.dat
2023-07-13 18:23 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-07-12 10:02 - 2023-02-28 11:30 - 000000000 ____D C:\Users\Admin\Desktop\Tesco
2023-07-11 23:42 - 2022-10-14 19:22 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-07-11 23:42 - 2022-10-14 19:22 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-07-11 23:29 - 2023-04-15 01:00 - 000000000 ____D C:\ProgramData\Avast Software
2023-07-11 23:28 - 2022-07-20 00:31 - 000008192 ___SH C:\DumpStack.log.tmp
2023-07-11 23:28 - 2021-11-27 19:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-11 23:28 - 2020-10-16 15:29 - 000000000 ____D C:\Intel
2023-07-11 22:24 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-07-11 22:23 - 2021-11-27 19:52 - 000541440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-11 22:17 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-11 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-11 20:25 - 2023-04-01 11:02 - 000000000 ____D C:\Users\Admin\Desktop\Fotky vyvolání
2023-07-11 20:17 - 2021-11-27 19:55 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-11 20:11 - 2016-11-11 09:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-11 20:07 - 2016-11-11 09:29 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-05 16:41 - 2023-04-15 01:02 - 000943456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000704264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000556576 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000319512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000297832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000272016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000237424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000105248 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000095960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000080416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000039600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2023-07-05 16:41 - 2023-04-15 01:02 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-07-05 16:41 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-07-05 16:40 - 2023-04-15 01:02 - 000392832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2023-07-05 16:16 - 2021-11-27 19:54 - 000000000 ____D C:\Users\Admin
2023-07-04 21:12 - 2022-06-07 23:17 - 000000000 ____D C:\Users\Admin\Desktop\Kotlíky
2023-07-04 15:13 - 2022-02-19 13:24 - 000000256 _____ C:\Users\Admin\AppData\LocalLow\rbxcsettings.rbx
2023-06-30 07:57 - 2016-11-11 09:17 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories ========

2018-06-23 11:57 - 2018-06-23 11:58 - 000053102 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2018-06-24 01:04 - 2018-06-24 01:04 - 000022637 _____ () C:\Program Files (x86)\CMS Uninstall Log.txt
2019-01-26 12:46 - 2019-01-26 12:46 - 000000040 _____ () C:\Users\Admin\AppData\Roaming\cdr.ini
2021-01-18 17:17 - 2021-01-18 17:17 - 000000110 _____ () C:\Users\Admin\AppData\Roaming\debug.log
2022-11-13 21:20 - 2022-11-13 21:20 - 000000036 _____ () C:\Users\Admin\AppData\Local\.__explain_this_is_writeable_not_delete__
2022-11-09 22:44 - 2022-11-09 22:44 - 000004096 ____H () C:\Users\Admin\AppData\Local\keyfile3.drm
2020-01-30 16:34 - 2020-01-30 16:34 - 000001292 _____ () C:\Users\Admin\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2023
Ran by Admin (24-07-2023 22:04:50)
Running from G:\
Microsoft Windows 10 Pro Version 22H2 19045.3208 (X64) (2021-11-27 17:57:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Admin (S-1-5-21-143178146-412184928-716911168-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-143178146-412184928-716911168-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-143178146-412184928-716911168-503 - Limited - Disabled)
Guest (S-1-5-21-143178146-412184928-716911168-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-143178146-412184928-716911168-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-143178146-412184928-716911168-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3uTools (HKLM-x32\...\3uTools) (Version: 2.39.032 - ShangHai ZhangZheng Network Technology Co., Ltd.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.003.20244 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AnyMP4 Screen Recorder 1.5.6 (HKLM-x32\...\{BDB6239B-2754-49bc-98A7-B9C28D4D74F1}_is1) (Version: 1.5.6 - AnyMP4 Studio)
Apple Mobile Device Support (HKLM\...\{065D0CC8-C382-48AF-8A88-0DD3366EB26C}) (Version: 16.0.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
ASUS MultiFrame (HKLM-x32\...\{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}) (Version: 1.1.1 - ASUS)
Avast Cleanup Premium (HKLM\...\Avast Cleanup) (Version: 23.1.13415.12138 - Avast Software)
Avast License by ZeNiX [2012-06-29] (HKLM-x32\...\Avast_2050_ZeNiX [2012-06-29]_is1) (Version: - )
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 23.6.6070 - Avast Software)
Avast SecureLine VPN (HKLM\...\Avast SecureLine) (Version: 5.25.7922.7760 - Avast Software)
balenaEtcher 1.13.1 (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.13.1 - Balena Inc.)
Balíček ovladače systému Windows - Microsoft PS Vita Type B (02/22/2013 6.1.7600.16385) (HKLM\...\A0EC80B5719D4DA4CF40C9219D7CB9CCAD6DBA40) (Version: 02/22/2013 6.1.7600.16385 - Microsoft)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
CMSClient 1.0.0.53 (HKLM-x32\...\CMSClient) (Version: 1.0.0.53 - )
Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007 (HKLM-x32\...\{90120000-00B2-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation)
Elcomsoft Phone Breaker (HKLM-x32\...\{D9762DC3-2E37-4F6D-B095-CFB8E7F9AA6C}) (Version: 6.45.18347.3529 - Elcomsoft Co. Ltd.)
eObčanka (HKLM\...\{45F6BE7F-4C79-4E99-A6C8-63919DFF6F87}) (Version: 3.1.1.19123 - MONET+, a.s. pro Ministerstvo vnitra České republiky)
Epic Games Launcher (HKLM-x32\...\{FAC47927-1A6A-4C6E-AD7D-E9756794A4BC}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
EPSON L130 Series Printer Uninstall (HKLM\...\EPSON L130 Series) (Version: - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.199 - Google LLC)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Chrome Remote Desktop Host (HKLM-x32\...\{C17C2857-FF33-4EA0-8220-14A17DF82668}) (Version: 116.0.5845.9 - Google LLC)
Intel(R) Chipset Device Software (HKLM\...\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}) (Version: 10.1.1.9 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{54EC951C-4197-4AA4-803B-101F127BBB38}) (Version: 11.0.6.1194 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{335F9123-9306-4DB0-AF07-9C636317EE9D}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
iRemove Tools (HKLM-x32\...\{182058BA-0FB5-4AF9-841E-7DE97464793A}) (Version: 6.2.6 - iRemoveTools)
IrfanView 4.56 (64-bit) (HKLM\...\IrfanView64) (Version: 4.56 - Irfan Skiljan)
iTools 3 version 3.3.7.7 (HKLM-x32\...\{9AD3B3CA-16DF-4113-9178-89263F2E3820}_is1) (Version: 3.3.7.7 - Thinksky, Inc.)
iTunes (HKLM\...\{7C560654-7A19-4ECD-A146-9DEC0360A245}) (Version: 12.12.7.1 - Apple Inc.)
Java 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
MERCUSYS MW300UM Driver (HKLM-x32\...\{64F44E9D-71CB-4EC0-BB4B-950A5E39449A}) (Version: 1.3.1 - MERCUSYS)
Microsoft .NET Framework 4.5 CHS Language Pack (HKLM\...\{9CA44204-CCC7-337A-B039-3ABF998AB8A9}) (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (CSY) (HKLM\...\{F4C44834-E4FA-3DA9-B999-A30EC54E95B0}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{09CCBE8E-B964-30EF-AE84-6537AB4197F9}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.16 (x64) (HKLM\...\{DAA471F4-54A9-4820-A1C5-266B5153C144}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.16 (x86) (HKLM-x32\...\{C9EC1A1F-33A6-4162-A4A6-99226A13F123}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.16 (x64) (HKLM\...\{29CBA832-8D09-42D0-82F4-3583EE247A5E}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.16 (x86) (HKLM-x32\...\{D2C9A93A-A18E-4C3B-ACED-F3C36071DA23}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.16 (x64) (HKLM\...\{16E242C4-24A9-4381-8023-0F246750CA47}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.16 (x64) (HKLM-x32\...\{68696b91-f423-4e8e-a58f-631366d0f77a}) (Version: 5.0.16.31117 - Microsoft Corporation)
Microsoft .NET Runtime - 5.0.16 (x86) (HKLM-x32\...\{3081CF2A-E29B-446C-83F5-EDEFE1AAD029}) (Version: 40.64.31117 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.16 (x86) (HKLM-x32\...\{50c7f716-ab0c-4ca0-9f30-568fa58db913}) (Version: 5.0.16.31117 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft Office Access MUI (Czech) 2007 (HKLM-x32\...\{90120000-0015-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Excel MUI (Czech) 2007 (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Czech) 2007 (HKLM-x32\...\{90120000-00BA-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Czech) 2007 (HKLM-x32\...\{90120000-0044-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Czech) 2007 (HKLM-x32\...\{90120000-00A1-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Czech) 2007 (HKLM-x32\...\{90120000-001A-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Czech) 2007 (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (Czech) 2007 (HKLM-x32\...\{90120000-001F-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Slovak) 2007 (HKLM-x32\...\{90120000-001F-041B-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Czech) 2007 (HKLM-x32\...\{90120000-002C-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Czech) 2007 (HKLM-x32\...\{90120000-0019-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Czech) 2007 (HKLM\...\{90120000-002A-0405-1000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Czech) 2007 (HKLM-x32\...\{90120000-006E-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Czech) 2007 (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}) (Version: 12.0.4518.1025 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\OneDriveSetup.exe) (Version: 23.137.0702.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127 (HKLM-x32\...\{EAC73207-74BD-4B13-AACF-8C0E751FA4E8}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127 (HKLM-x32\...\{2E72FA1F-BADB-4337-B8AE-F7C17EC57D1D}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM\...\{90B8150E-08C5-4225-9F94-9BBB39D82601}) (Version: 40.64.31121 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.16 (x64) (HKLM-x32\...\{c34fb08d-bd27-4d0b-a7bc-f7d5359f9518}) (Version: 5.0.16.31121 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.16 (x86) (HKLM-x32\...\{00bb4f4f-2d69-4ca8-bde7-4709f108a086}) (Version: 5.0.16.31121 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.16 (x86) (HKLM-x32\...\{BF7F9D94-26FE-4607-A304-E8EDEF9F6739}) (Version: 40.64.31121 - Microsoft Corporation) Hidden
Minecraft1.9 (HKLM-x32\...\Minecraft1.9) (Version: - )
MiniTool Partition Wizard Professional Edition 9.1 (HKLM\...\{69237D97-3063-450F-AE49-2357B191EA5D}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 110.0.1 (x64 cs)) (Version: 110.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 110.0.1.8458 - Mozilla)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.04 - MSI)
Nefarius Software Solutions e.U. HidHide (x64) (HKLM\...\{B62A2DE2-E6A8-438B-B05B-6E9287A0191D}) (Version: 1.0.30.0 - Nefarius Software Solutions e.U.)
Nefarius Virtual Gamepad Emulation Bus Driver (HKLM\...\{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
ocenaudio (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\ocenaudio) (Version: 3.9.5 - Ocenaudio Team)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.318.0 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM\...\{958196BD-BBC3-452F-B1FC-EAFDEDD7ACA3}) (Version: 9.4.364.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{a3ff1f80-04b5-4da5-974c-150731035393}) (Version: 9.4.364.0 - Tracker Software Products (Canada) Ltd.)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Podpora pro iPod (HKLM\...\{17D009B8-95CC-47A3-93A8-46ABE4CEFC4A}) (Version: 12.11.3.7 - Apple Inc.)
QLRepairHelper (HKLM-x32\...\{12F2E764-2F05-4EDB-BAAB-6FA9505C3084}) (Version: 3.1.3 - QianLi)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.100.422.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7855 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.12.0 - Renesas Electronics Corporation)
Roblox Player for Admin (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Admin (HKU\S-1-5-21-143178146-412184928-716911168-1000\...\roblox-studio) (Version: - Roblox Corporation)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.31.0 - Samsung Electronics Co., Ltd.)
SnapDownloader 1.13.1 (HKLM\...\1fa2710c-1b1c-5510-a180-c518e4ae80f3) (Version: 1.13.1 - SnapDownloader)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.25.5 - TeamViewer)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22 - Ghisler Software GmbH)
TransMac version 12.9 (HKLM-x32\...\TransMac_is1) (Version: 12.9 - Acute Systems)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WebAdvisor od společnosti McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.825 - McAfee, LLC)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-08-07] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-08-07] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-04-24] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-143178146-412184928-716911168-1000\...\ChromeHTML: -> <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-143178146-412184928-716911168-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23061.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-143178146-412184928-716911168-1000_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2022-09-27] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6797382daf01d86\igfxDTCM.dll [2022-07-29] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-07-05] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\SysWOW64\pdvcodec.dll [265797 2010-03-12] (Matsushita Electric Industrial Co., Ltd.) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Admin\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e645e09b181530a\Zpětná vazba.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5CD31017 [155]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7182]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {18F2CE8E-8A77-4E45-8222-FB5C29F61732} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {31EFD4F2-3CE9-4EF6-B3D0-6718E9A34C0D} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {516DCEEA-8D16-475A-A205-5E356A4E869C} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {A6E55C08-C088-4F52-944F-2BB357D212D3} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {BAD7F22C-A9CB-4C99-8368-D180789DEFA5} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {D57C9148-0497-43F4-90DD-4A6C3EC92746} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {D6681A67-A32C-4C81-ACDB-FD52CB87380E} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {D8004F79-83EC-4724-A450-E3F8E9896D65} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> {D99AA801-64FB-48FB-882A-45C8BA18A283} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-21] (McAfee, LLC -> McAfee, LLC)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll [2021-12-11] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-21] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-12-11] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2021-05-13 23:43 - 000001227 _____ C:\WINDOWS\system32\drivers\etc\hosts
111.118.212.124 pagead2.googlesyndication.com
111.118.212.124 tpc.googlesyndication.com
111.118.212.124 s7.addthis.com
111.118.212.124 contextual.media.net
111.118.212.124 connect.facebook.net
111.118.212.124 s3.buysellads.com
111.118.212.124 resources.infolinks.com
111.118.212.124 stats.g.doubleclick.net
111.118.212.124 www.googletagmanager.com
111.118.212.124 google-analytics.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files\dotnet\
HKU\S-1-5-21-143178146-412184928-716911168-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\Desktop\Hurník fotky\DSC01432_plne rozliseni.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: com.squirrel.Teams.Teams => C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TuneupUI.exe => "C:\Program Files\Avast Software\Cleanup\TuneupUI.exe" /nogui
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{03EB2CD8-8415-4FDA-B417-C506015C53FD}C:\program files (x86)\cmsclient\cmsclient.exe] => (Allow) C:\program files (x86)\cmsclient\cmsclient.exe () [File not signed]
FirewallRules: [TCP Query User{798BAD37-4748-42A4-B326-80758DF4181C}C:\program files (x86)\cmsclient\cmsclient.exe] => (Allow) C:\program files (x86)\cmsclient\cmsclient.exe () [File not signed]
FirewallRules: [UDP Query User{1E45C4E6-F19B-4386-A653-4EF53A5055B8}D:\bin\miniweb.exe] => (Allow) D:\bin\miniweb.exe => No File
FirewallRules: [TCP Query User{745526C4-501C-46B6-80AB-C3396AC51E23}D:\bin\miniweb.exe] => (Allow) D:\bin\miniweb.exe => No File
FirewallRules: [{DBF71708-C641-42B2-84A9-3BC0B15BCF44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46D95F4E-A4B2-4AF7-8544-94D02899D3A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{324CBD78-F45D-474D-8760-07F7CAD2EE66}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5E794800-E2BA-4329-B504-BC1594381E0D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7607F484-7BBF-428B-B32F-37AD7D837F8A}] => (Allow) LPort=27015
FirewallRules: [{F625C878-F42E-4130-826D-7E9B0C14C688}] => (Allow) LPort=80
FirewallRules: [{C2688DC7-ECC3-434B-ADD5-E63090514DC9}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{BFBF2657-1E52-489E-8EE5-1D7F6FFA4F42}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{C6CE3EA4-1791-45CD-AF03-7E2462058CBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{929E080B-C4FF-4B86-B127-15D4455D1E33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F3D8D843-D8D2-4905-BDD1-39129EA36C06}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F91E12AF-BEE6-4754-858D-86F5A740BD46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2BF2EC68-2E5C-4E36-97B0-E6309318FC9D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C2C056D7-C684-4EB6-8454-9FADB98B21D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FD0D1261-9645-4429-BF9F-E4F48A6BFD6A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{53FEED01-7CC7-4D75-A1B0-180E431B2E37}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6ED7C212-D263-4B2C-9B20-78B87AD02CD1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AAF6B69F-96B5-4B65-AC86-047E84AD1657}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0B8177C7-EE5F-432D-B20A-F52795DCD23E}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2B18119A-B1B8-4971-B242-B3F0197C81F3}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E23E1AA1-906B-4787-AF5F-B6B814E471A0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AC411FC5-D417-40C0-BF43-104FCD25F2BC}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{5C16F801-B928-4B0A-9DBA-99D85EF8C317}C:\users\admin\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\admin\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{4FA3156D-E441-4917-89DB-A3FBADA50056}C:\users\admin\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\admin\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E57A9D33-DB74-4FFC-8D58-A47C6CCEE9A4}C:\program files (x86)\common files\oracle\java\javapath_target_356021703\javaw.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_356021703\javaw.exe
FirewallRules: [UDP Query User{C9B8D6E0-4DA0-42C4-9691-769FA9ABD841}C:\program files (x86)\common files\oracle\java\javapath_target_356021703\javaw.exe] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_356021703\javaw.exe
FirewallRules: [{54CDF195-F0E3-4742-ADCD-E7FAA8EB50D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37FDAD1C-0798-4833-A40B-0DBC83BDD751}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe => No File
FirewallRules: [{8E34A96E-0400-4E3E-B5F3-4E707874873E}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe => No File
FirewallRules: [{8B0EEC35-6D37-4F78-BD16-8D8BD33A3C8F}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{D0CBAE3A-1872-491D-9D83-B6416C99D853}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{742DA7E2-FE1F-4656-81C6-02405699EFB0}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{0DC4798A-F78F-4F04-955F-FA5192F755AF}] => (Allow) C:\Program Files\Avast Software\Cleanup\TuneupUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{50403F7E-61A6-4DB0-90C8-FCFFB0D0B423}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C3426367-BBCA-48B0-B4A0-66D5724EAF6A}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{4C4FFD12-05C4-4B1E-812D-26D4E02F65E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{71D2606F-29AF-4855-A4F3-75A4C72D668B}] => (Allow) C:\Program Files\AnyMP4 Studio\AnyMP4 Screen Recorder\MirrorRender.exe (OKWare Co., Ltd -> )
FirewallRules: [{63614AAB-12EA-42BE-A74A-69F8A4372040}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DB5E85B3-B0FD-4556-AAA3-30B83DC16512}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1BF84BD6-BF0C-4B94-8BB4-24220898D3F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{715A24E7-6BD2-4B29-89A9-58A320F7FEB3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.99.3403.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{303486AF-F733-4FC6-B2B6-72E669D3B08C}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\116.0.5845.9\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{63F038B4-7360-4939-AC02-460E546CC3BC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:111.17 GB) (Free:19.1 GB) (17%)

==================== Faulty Device Manager Devices ============

Name: Řadič PCI pro získávání dat a zpracování signálu
Description: Řadič PCI pro získávání dat a zpracování signálu
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/24/2023 06:32:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/24/2023 05:33:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: explorer.exe, verze: 10.0.19041.3155, časové razítko: 0xfc2dd1ae
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x731e81f0
ID chybujícího procesu: 0x1498
Čas spuštění chybující aplikace: 0x01d9be442a19e9bd
Cesta k chybující aplikaci: C:\WINDOWS\SysWOW64\explorer.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: fa73af11-5eb0-4fca-a90f-aa76ba4615c7
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/24/2023 12:10:18 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Zálohování nebylo úspěšné. Chyba: Na této jednotce není dost místa pro uložení zálohy. Uvolněte místo odstraněním starších záloh a nepotřebných dat nebo změňte nastavení zálohování. (0x81000005).

Error: (07/17/2023 12:18:02 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/17/2023 12:12:16 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Zálohování nebylo úspěšné. Chyba: Na této jednotce není dost místa pro uložení zálohy. Uvolněte místo odstraněním starších záloh a nepotřebných dat nebo změňte nastavení zálohování. (0x81000005).

Error: (07/10/2023 09:00:02 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Nový svazek (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/10/2023 12:20:08 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Zálohování nebylo úspěšné. Chyba: Na této jednotce není dost místa pro uložení zálohy. Uvolněte místo odstraněním starších záloh a nepotřebných dat nebo změňte nastavení zálohování. (0x81000005).

Error: (07/05/2023 04:16:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ServiceHost.exe, verze: 4.1.1.820, časové razítko: 0x6499aae8
Název chybujícího modulu: TaskManager.dll, verze: 4.1.1.820, časové razítko: 0x6499a9f0
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000025a5e0
ID chybujícího procesu: 0x127c
Čas spuštění chybující aplikace: 0x01d9af4b432e8c1a
Cesta k chybující aplikaci: C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
Cesta k chybujícímu modulu: C:\Program Files\McAfee\WebAdvisor\TaskManager.dll
ID zprávy: 8b62fe7f-241a-45a6-84ac-74e9c55c8d70
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (07/24/2023 09:23:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (07/24/2023 09:23:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba HP SI Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (07/24/2023 09:23:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Vzdálené plochy Chrome byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (07/24/2023 09:23:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Apple Mobile Device Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (07/24/2023 09:23:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avast SecureLine VPN byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (07/24/2023 09:23:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba SAMSUNG Mobile Connectivity Service V2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 100 milisekund: Restartovat službu.

Error: (07/24/2023 09:17:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1 milisekund: Restartovat službu.

Error: (07/24/2023 09:17:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avast SecureLine VPN byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2023-04-15 00:47:20
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Program:AndroidOS/Multiverze
Závažnost: Vysoké
Kategorie: Program měnící nastavení
Cesta: file:_C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: Admin-PC\Admin
Název procesu: C:\Users\Admin\Desktop\krnl_beta.exe
Verze bezpečnostních informací: AV: 1.387.968.0, AS: 1.387.968.0, NIS: 1.387.968.0
Verze modulu: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-15 00:47:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Trickbot!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Admin\AppData\Roaming\Krnl\krnl.dll
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: Admin-PC\Admin
Název procesu: C:\Users\Admin\Desktop\krnl_beta.exe
Verze bezpečnostních informací: AV: 1.387.968.0, AS: 1.387.968.0, NIS: 1.387.968.0
Verze modulu: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-14 19:42:47
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3AD79133-7C88-466B-92E0-C2DECFA9255E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2023-04-13 19:46:04
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/SmokeLoader.C!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Admin\Desktop\Pet Simulator X Menu\Pet Simulator X Menu.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: Admin-PC\Admin
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.387.913.0, AS: 1.387.913.0, NIS: 1.387.913.0
Verze modulu: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-13 19:46:00
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/SmokeLoader.C!MTB
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Admin\Desktop\Pet Simulator X Menu\Pet Simulator X Menu.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: Admin-PC\Admin
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.387.913.0, AS: 1.387.913.0, NIS: 1.387.913.0
Verze modulu: AM: 1.1.20200.4, NIS: 1.1.20200.4

CodeIntegrity:
===============
Date: 2023-07-24 19:50:39
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2023-07-24 19:38:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.80 07/27/2016
Motherboard: MSI B150M PRO-VH (MS-7996)
Processor: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 31%
Total physical RAM: 16275.03 MB
Available physical RAM: 11157.87 MB
Total Virtual: 32659.03 MB
Available Virtual: 26850.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.17 GB) (Free:19.1 GB) (Model: KINGSTON SV300S37A120G) NTFS
Drive f: (Nový svazek) (Fixed) (Total:931.51 GB) (Free:0.01 GB) (Model: WDC WD10EZEX-21WN4A0) NTFS
Drive g: (Karolína) (Fixed) (Total:1863.01 GB) (Free:1531.42 GB) (Model: Seagate Expansion SCSI Disk Device) NTFS

\\?\Volume{b56ee943-a7db-11e6-80a9-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{0c0c4f55-0000-0000-0000-10d11b000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 0C0C4F55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=534 MB) - (Type=27)

==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 5FF97E03)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119490
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu/opravu logu

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {5205A186-E46C-4445-958B-2C1FC1F4C8D4} - \avast! Emergency Update -> No File <==== ATTENTION
Task: {BA9C2DF7-2FEA-4E12-A5D4-791D8737F5C9} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {E0CF2A7A-6278-4BB7-AD18-FAB753D1D782} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {378CEEF7-E235-4BCE-A702-042887A68A1C} - System32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC} => C:\Program Files (x86)\TeamViewer\TeamViewer.exe (No File)
Task: {AA22B15A-3B75-45AD-9535-5848A89A09DB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (No File)
Task: {359F1B33-C35A-467B-9A22-2EA626FF8E59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-11-11] (Google Inc -> Google Inc.)
Task: {08D8AA16-CF87-4A22-A388-F830788E92C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-11-11] (Google Inc -> Google Inc.)
Task: {612A4AE3-9432-4BD9-8251-1CE3903146F6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6AC81BC1-158F-45BD-A385-8652FD6DBB85} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {097BE63B-972D-4E3E-99F9-CDC86DB2E53A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {24718C1E-1E04-463B-AACF-D4137A2E064E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {1EA28A51-E5CA-4449-93FD-DFF735481760} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {166078C5-21A8-4C65-A03F-596D0DC1430D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {4C41C56F-4FD4-421E-9A52-837498F9D126} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {485E3375-D6CC-43D3-A692-AA2040BBDD24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {33907ACB-82FC-4D09-8666-744AF0BE0B01} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {8883AB7C-DA5E-4D18-9401-085274A96C8A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {DF25D3CD-F491-4248-92AD-CCA3367FF705} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {6329346D-7223-4F41-880B-110F5BDD34B6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {05EF8171-0DE2-41B3-9C23-B8C5C35740DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {9874E1B1-F406-4680-8233-3CFBB9A626DB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {BAD6E523-296C-44BA-8F14-DD7888774D4E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {15CC9174-D3BB-487B-9066-02077BCA55FA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {54C15168-8B7F-4CC9-9606-27157AA5F353} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {F95D7ED4-3910-4F66-A9BC-E95994F04172} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {152AA076-E445-45ED-8EF6-F1DF4E070885} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {0948CC1E-2BA7-4F48-8617-12160BDA0B51} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {5ED85F4F-522E-459F-86D4-E191C04AF68F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {A08A1B20-5D75-4BE8-AADD-ECC89814C23A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {DDF6C831-44A6-47F9-A9B5-38D3E3713A1B} - System32\Tasks\Opera scheduled Autoupdate 1602699804 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn => not found
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\{FDDA92B0-4DC2-4EB8-87B5-D7DC7376718E}
C:\WINDOWS\system32\Tasks\{40E17AE3-7E9D-40C3-8217-BCB77BBBC30D}
C:\WINDOWS\system32\Tasks\{69C176E0-CBB7-4266-AA3A-5A5376A978F2}
C:\WINDOWS\system32\Tasks\{C687A8A6-D3EC-44A6-8941-21F0209954A4}
C:\WINDOWS\system32\Tasks\{064F3927-41EC-413E-9662-AAE0D5D6982D}
C:\WINDOWS\system32\Tasks\{2EEE7A4C-B597-4D19-B078-A657A6102B58}
C:\WINDOWS\system32\Tasks\{17395116-1368-4685-8EFD-7181E225B481}
C:\WINDOWS\system32\Tasks\{EA407D4A-B63E-4637-8D62-0E4B5B7C70FA}
C:\WINDOWS\system32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC}
C:\WINDOWS\system32\Tasks\{84B02D73-6DDD-4AD7-A99C-F120BCE71C06}
C:\DumpStack.log.tmp
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\ChromeHTML: -> <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5CD31017 [155]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7182]
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{1E45C4E6-F19B-4386-A653-4EF53A5055B8}D:\bin\miniweb.exe] => (Allow) D:\bin\miniweb.exe => No File
FirewallRules: [TCP Query User{745526C4-501C-46B6-80AB-C3396AC51E23}D:\bin\miniweb.exe] => (Allow) D:\bin\miniweb.exe => No File
FirewallRules: [{37FDAD1C-0798-4833-A40B-0DBC83BDD751}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe => No File
FirewallRules: [{8E34A96E-0400-4E3E-B5F3-4E707874873E}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe => No File
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
C:\Users\Admin\AppData\Roaming\Krnl\krnl.dll
C:\Users\Admin\Desktop\Pet Simulator X Menu\Pet Simulator X Menu.exe

Hosts:
EmptyTemp:
End
Uložte do G:\ jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Koty30
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 24 črc 2023 18:57

Re: Prosím o kontrolu/opravu logu

#7 Příspěvek od Koty30 »

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-07-2023
Ran by Admin (25-07-2023 10:36:36) Run:1
Running from G:\
Loaded Profiles: Admin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {5205A186-E46C-4445-958B-2C1FC1F4C8D4} - \avast! Emergency Update -> No File <==== ATTENTION
Task: {BA9C2DF7-2FEA-4E12-A5D4-791D8737F5C9} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {E0CF2A7A-6278-4BB7-AD18-FAB753D1D782} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {378CEEF7-E235-4BCE-A702-042887A68A1C} - System32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC} => C:\Program Files (x86)\TeamViewer\TeamViewer.exe (No File)
Task: {AA22B15A-3B75-45AD-9535-5848A89A09DB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (No File)
Task: {359F1B33-C35A-467B-9A22-2EA626FF8E59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-11-11] (Google Inc -> Google Inc.)
Task: {08D8AA16-CF87-4A22-A388-F830788E92C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2016-11-11] (Google Inc -> Google Inc.)
Task: {612A4AE3-9432-4BD9-8251-1CE3903146F6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {6AC81BC1-158F-45BD-A385-8652FD6DBB85} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {097BE63B-972D-4E3E-99F9-CDC86DB2E53A} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {24718C1E-1E04-463B-AACF-D4137A2E064E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {1EA28A51-E5CA-4449-93FD-DFF735481760} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {166078C5-21A8-4C65-A03F-596D0DC1430D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate $(Arg0) (No File)
Task: {4C41C56F-4FD4-421E-9A52-837498F9D126} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {485E3375-D6CC-43D3-A692-AA2040BBDD24} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {33907ACB-82FC-4D09-8666-744AF0BE0B01} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {8883AB7C-DA5E-4D18-9401-085274A96C8A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {DF25D3CD-F491-4248-92AD-CCA3367FF705} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {6329346D-7223-4F41-880B-110F5BDD34B6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {05EF8171-0DE2-41B3-9C23-B8C5C35740DB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {9874E1B1-F406-4680-8233-3CFBB9A626DB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {BAD6E523-296C-44BA-8F14-DD7888774D4E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {15CC9174-D3BB-487B-9066-02077BCA55FA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {54C15168-8B7F-4CC9-9606-27157AA5F353} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec /RestartRecording (No File)
Task: {F95D7ED4-3910-4F66-A9BC-E95994F04172} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {152AA076-E445-45ED-8EF6-F1DF4E070885} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {0948CC1E-2BA7-4F48-8617-12160BDA0B51} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {5ED85F4F-522E-459F-86D4-E191C04AF68F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec /StartRecording (No File)
Task: {A08A1B20-5D75-4BE8-AADD-ECC89814C23A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {DDF6C831-44A6-47F9-A9B5-38D3E3713A1B} - System32\Tasks\Opera scheduled Autoupdate 1602699804 => C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{4963C948-9C4E-40B8-9291-CE0234B47210}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn => not found
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\{FDDA92B0-4DC2-4EB8-87B5-D7DC7376718E}
C:\WINDOWS\system32\Tasks\{40E17AE3-7E9D-40C3-8217-BCB77BBBC30D}
C:\WINDOWS\system32\Tasks\{69C176E0-CBB7-4266-AA3A-5A5376A978F2}
C:\WINDOWS\system32\Tasks\{C687A8A6-D3EC-44A6-8941-21F0209954A4}
C:\WINDOWS\system32\Tasks\{064F3927-41EC-413E-9662-AAE0D5D6982D}
C:\WINDOWS\system32\Tasks\{2EEE7A4C-B597-4D19-B078-A657A6102B58}
C:\WINDOWS\system32\Tasks\{17395116-1368-4685-8EFD-7181E225B481}
C:\WINDOWS\system32\Tasks\{EA407D4A-B63E-4637-8D62-0E4B5B7C70FA}
C:\WINDOWS\system32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC}
C:\WINDOWS\system32\Tasks\{84B02D73-6DDD-4AD7-A99C-F120BCE71C06}
C:\DumpStack.log.tmp
HKU\S-1-5-21-143178146-412184928-716911168-1000\...\ChromeHTML: -> <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5CD31017 [155]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7182]
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKU\S-1-5-21-143178146-412184928-716911168-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [UDP Query User{1E45C4E6-F19B-4386-A653-4EF53A5055B8}D:\bin\miniweb.exe] => (Allow) D:\bin\miniweb.exe => No File
FirewallRules: [TCP Query User{745526C4-501C-46B6-80AB-C3396AC51E23}D:\bin\miniweb.exe] => (Allow) D:\bin\miniweb.exe => No File
FirewallRules: [{37FDAD1C-0798-4833-A40B-0DBC83BDD751}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe => No File
FirewallRules: [{8E34A96E-0400-4E3E-B5F3-4E707874873E}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare iCareFone\iCareFone.exe => No File
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
C:\Users\Admin\AppData\Roaming\Krnl\krnl.dll
C:\Users\Admin\Desktop\Pet Simulator X Menu\Pet Simulator X Menu.exe

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\System\CurrentControlSet\Control\Print\Monitors\HP1100LM => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
Could not move "C:\WINDOWS\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
Could not move "C:\ProgramData\NTUSER.pol" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5205A186-E46C-4445-958B-2C1FC1F4C8D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5205A186-E46C-4445-958B-2C1FC1F4C8D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA9C2DF7-2FEA-4E12-A5D4-791D8737F5C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA9C2DF7-2FEA-4E12-A5D4-791D8737F5C9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0CF2A7A-6278-4BB7-AD18-FAB753D1D782}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0CF2A7A-6278-4BB7-AD18-FAB753D1D782}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{378CEEF7-E235-4BCE-A702-042887A68A1C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{378CEEF7-E235-4BCE-A702-042887A68A1C}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC}" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA22B15A-3B75-45AD-9535-5848A89A09DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA22B15A-3B75-45AD-9535-5848A89A09DB}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Apple Diagnostics" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple Diagnostics" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{359F1B33-C35A-467B-9A22-2EA626FF8E59}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{359F1B33-C35A-467B-9A22-2EA626FF8E59}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D8AA16-CF87-4A22-A388-F830788E92C4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D8AA16-CF87-4A22-A388-F830788E92C4}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{612A4AE3-9432-4BD9-8251-1CE3903146F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{612A4AE3-9432-4BD9-8251-1CE3903146F6}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AC81BC1-158F-45BD-A385-8652FD6DBB85}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AC81BC1-158F-45BD-A385-8652FD6DBB85}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{097BE63B-972D-4E3E-99F9-CDC86DB2E53A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{097BE63B-972D-4E3E-99F9-CDC86DB2E53A}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24718C1E-1E04-463B-AACF-D4137A2E064E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24718C1E-1E04-463B-AACF-D4137A2E064E}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EA28A51-E5CA-4449-93FD-DFF735481760}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EA28A51-E5CA-4449-93FD-DFF735481760}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{166078C5-21A8-4C65-A03F-596D0DC1430D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{166078C5-21A8-4C65-A03F-596D0DC1430D}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C41C56F-4FD4-421E-9A52-837498F9D126}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C41C56F-4FD4-421E-9A52-837498F9D126}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{485E3375-D6CC-43D3-A692-AA2040BBDD24}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{485E3375-D6CC-43D3-A692-AA2040BBDD24}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33907ACB-82FC-4D09-8666-744AF0BE0B01}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33907ACB-82FC-4D09-8666-744AF0BE0B01}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8883AB7C-DA5E-4D18-9401-085274A96C8A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8883AB7C-DA5E-4D18-9401-085274A96C8A}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF25D3CD-F491-4248-92AD-CCA3367FF705}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF25D3CD-F491-4248-92AD-CCA3367FF705}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6329346D-7223-4F41-880B-110F5BDD34B6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6329346D-7223-4F41-880B-110F5BDD34B6}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05EF8171-0DE2-41B3-9C23-B8C5C35740DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05EF8171-0DE2-41B3-9C23-B8C5C35740DB}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9874E1B1-F406-4680-8233-3CFBB9A626DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9874E1B1-F406-4680-8233-3CFBB9A626DB}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BAD6E523-296C-44BA-8F14-DD7888774D4E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAD6E523-296C-44BA-8F14-DD7888774D4E}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15CC9174-D3BB-487B-9066-02077BCA55FA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15CC9174-D3BB-487B-9066-02077BCA55FA}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{54C15168-8B7F-4CC9-9606-27157AA5F353}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54C15168-8B7F-4CC9-9606-27157AA5F353}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F95D7ED4-3910-4F66-A9BC-E95994F04172}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F95D7ED4-3910-4F66-A9BC-E95994F04172}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{152AA076-E445-45ED-8EF6-F1DF4E070885}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{152AA076-E445-45ED-8EF6-F1DF4E070885}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0948CC1E-2BA7-4F48-8617-12160BDA0B51}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0948CC1E-2BA7-4F48-8617-12160BDA0B51}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5ED85F4F-522E-459F-86D4-E191C04AF68F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5ED85F4F-522E-459F-86D4-E191C04AF68F}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A08A1B20-5D75-4BE8-AADD-ECC89814C23A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A08A1B20-5D75-4BE8-AADD-ECC89814C23A}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDF6C831-44A6-47F9-A9B5-38D3E3713A1B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDF6C831-44A6-47F9-A9B5-38D3E3713A1B}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1602699804" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1602699804" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{40211632-250D-4B8C-B04E-DA45BAE6DF8C}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4963C948-9C4E-40B8-9291-CE0234B47210}" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda => removed successfully
Could not move "C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{FDDA92B0-4DC2-4EB8-87B5-D7DC7376718E}" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{40E17AE3-7E9D-40C3-8217-BCB77BBBC30D}" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{69C176E0-CBB7-4266-AA3A-5A5376A978F2}" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{C687A8A6-D3EC-44A6-8941-21F0209954A4}" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{064F3927-41EC-413E-9662-AAE0D5D6982D}" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{2EEE7A4C-B597-4D19-B078-A657A6102B58}" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{17395116-1368-4685-8EFD-7181E225B481}" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{EA407D4A-B63E-4637-8D62-0E4B5B7C70FA}" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC}" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Tasks\{84B02D73-6DDD-4AD7-A99C-F120BCE71C06}" => Scheduled to move on reboot.
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKU\S-1-5-21-143178146-412184928-716911168-1000_Classes\ChromeHTML => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
C:\ProgramData\TEMP => ":5CD31017" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => removed successfully
HKLM\Software\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => removed successfully
"HKU\S-1-5-21-143178146-412184928-716911168-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1E45C4E6-F19B-4386-A653-4EF53A5055B8}D:\bin\miniweb.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{745526C4-501C-46B6-80AB-C3396AC51E23}D:\bin\miniweb.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37FDAD1C-0798-4833-A40B-0DBC83BDD751}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E34A96E-0400-4E3E-B5F3-4E707874873E}" => removed successfully
"C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" => not found
"C:\Users\Admin\AppData\Roaming\Krnl\krnl.dll" => not found
"C:\Users\Admin\Desktop\Pet Simulator X Menu\Pet Simulator X Menu.exe" => not found
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54183905 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 5774966 B
Edge => 0 B
Chrome => 1788702811 B
Firefox => 27884620 B
Opera => 142869 B

Temp, IE cache, history, cookies, recent:
Default => 98789 B
ProgramData => 98789 B
Public => 98789 B
systemprofile => 98789 B
systemprofile32 => 98789 B
LocalService => 117623 B
NetworkService => 117623 B
Admin => 1023525773 B

RecycleBin => 0 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-07-2023 10:38:47)

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
C:\WINDOWS\System32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC} => moved successfully
C:\WINDOWS\System32\Tasks\Apple Diagnostics => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1602699804 => moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA => Is moved successfully
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore => Is moved successfully
C:\WINDOWS\system32\Tasks\{FDDA92B0-4DC2-4EB8-87B5-D7DC7376718E} => moved successfully
C:\WINDOWS\system32\Tasks\{40E17AE3-7E9D-40C3-8217-BCB77BBBC30D} => moved successfully
C:\WINDOWS\system32\Tasks\{69C176E0-CBB7-4266-AA3A-5A5376A978F2} => moved successfully
C:\WINDOWS\system32\Tasks\{C687A8A6-D3EC-44A6-8941-21F0209954A4} => moved successfully
C:\WINDOWS\system32\Tasks\{064F3927-41EC-413E-9662-AAE0D5D6982D} => moved successfully
C:\WINDOWS\system32\Tasks\{2EEE7A4C-B597-4D19-B078-A657A6102B58} => moved successfully
C:\WINDOWS\system32\Tasks\{17395116-1368-4685-8EFD-7181E225B481} => moved successfully
C:\WINDOWS\system32\Tasks\{EA407D4A-B63E-4637-8D62-0E4B5B7C70FA} => moved successfully
C:\WINDOWS\system32\Tasks\{A3E92F99-1300-4836-9AA8-CA6D9EADDCDC} => Is moved successfully
C:\WINDOWS\system32\Tasks\{84B02D73-6DDD-4AD7-A99C-F120BCE71C06} => moved successfully
C:\DumpStack.log.tmp => Could not move
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 10:38:48 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119490
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu/opravu logu

#8 Příspěvek od Rudy »

Vše smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Koty30
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 24 črc 2023 18:57

Re: Prosím o kontrolu/opravu logu

#9 Příspěvek od Koty30 »

Vážně děkuji moc :thumbsup:
Rád podpořím
Chtěl bych se zeptat kde byl problém, resp. jak se podařilo někomu vyhledat ty maily s hesly a se screenem obrazovky mi je poslat na dané e-maily na seznamu? Předpokládám že bránit se teď dá tak, hlavně neklikat na nesmysle :)
Ještě jednou moc děkuji
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119490
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Prosím o kontrolu/opravu logu

#10 Příspěvek od Rudy »

Několik šmejdů nám odstranil ADW (převážně AdWary). Pozustatky po nich jsme pak dočistili ručně FRST. V neposlední řadě tam byly zbytky po úmyslně stažených šmejdech (cracky) k nějakým hrám. Tyto šmejdy někdy umožňují to, co poisujete. Obrana proti tomu je dostatečně silné heslo, na něž si změníte heslu u post boxu. Heslo by mělo obsahovat malá a velká písmena, diakritiku a číslice. Mělo by být nejméně 8 místné. Nemáte zač! :-)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“