Zdravím, poprosil bych o kontrolu poté, co Zabezpečení Windows zachytilo do karantény nějakého trojana. Díky moc!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2023
Ran by val (administrator) on LAPTOP-SRKCKE8G (LENOVO 80UV) (05-12-2023 19:52:24)
Running from C:\Users\val\Desktop\FRST64.exe
Loaded Profiles: val
Platform: Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(SmartDisplayAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP3LAK.EXE
(explorer.exe ->) (IDRIX SARL -> IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(explorer.exe ->) (LENOVO -> ) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxEM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
(services.exe ->) (IDRIX SARL -> IDRIX) C:\Windows\System32\VeraCrypt.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\IntelCpHeciSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(spool\drivers\x64\3\CNAP3LAK.EXE ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABISWD.EXE
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\val\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-02-10] (LENOVO -> )
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui (No File)
HKLM\...\Run: [CNAP3 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2012-06-14] (CANON INC. -> CANON INC.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8025992 2016-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776704 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5912648 2020-07-09] (IDRIX SARL -> IDRIX)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2646120 2023-11-29] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [MicrosoftEdgeAutoLaunch_2BD138944824F9E39F1A8E4F21D1EDA9] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {05b41f0d-260b-11ec-844d-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {751fc877-1547-11eb-8431-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {e3f70fd1-8f47-11eb-843f-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKLM\...\Windows x64\Print Processors\hpcpp101: C:\Windows\System32\spool\prtprocs\x64\hpcpp101.dll [323584 2010-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\WINDOWS\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\WINDOWS\system32\CNAP3SMD.DLL [1470464 2014-11-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {F62DB79B-E160-41C8-AFF9-A21A4A797619} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {FABF0EDE-A50D-49CE-9891-57362E18639A} - System32\Tasks\App Explorer => C:\Users\val\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7578648 2023-04-22] (SweetLabs Inc -> SweetLabs, Inc) <==== ATTENTION
Task: {FD464E08-36C5-46C9-92EE-95CA3B600A95} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4682976 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
Task: {BF9FA7E3-7209-4498-8AAA-D11557A4E8B4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {FD373BC9-1948-4C44-8021-A1B86FECAD6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {E36B6601-3A48-4CDE-88E2-09CBD31270AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {A38F279F-5E11-4979-B9DE-90B49481C922} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {DFBB9B2C-B04B-4510-BB3E-E793E36608B5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {1868D39B-23F0-42D7-A853-915C93065543} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {FF6E1E8B-0B32-4A7B-973E-6303C0624ACE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\46d39c04-a4e7-43ac-8cb8-bd4ef4cdcc7a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {EEFD57E5-4636-4B2B-871F-8608A1146375} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5143f1c8-9526-44e3-89c1-0ea472f92bab => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {909ABC9E-3249-41D7-8112-C466DC3E0D79} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9581e803-a0db-4af0-bfb4-67c9cdaf9651 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {BF8CD1CF-A538-4FAF-8DE2-F14246909354} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d17f0512-a0ff-4398-8ba8-69167ae3c545 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {31574C5D-4EED-4545-813B-56454723AF2A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-842312810-1200612737-2880215622-1001 => C:\Users\val\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {0EA1570E-7415-4F0A-9D9A-3FD04136BF8F} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {FB54174E-52DE-4A4A-A067-BBE880FF6082} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EC4C5F13-FE5A-4CC5-AC6F-85A9EBFF5981} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {18FB0890-748F-40A8-AE73-CC65B273D4FC} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {617F8B9F-49E5-445B-982D-BA497577A4FA} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {A03056FF-E94D-43A6-B971-BAED50C83E44} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {A39F71D6-1C6E-41F0-B94C-84C99245198F} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0633D6DF-52A8-4285-8FC8-CC05DE0639FF} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EC81D7A5-3615-421A-A3FC-D650042266ED} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EDECA634-60BC-4E35-A8D4-3E9D6668F88A} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {4AE13385-7B28-455D-800E-E519058FE307} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {77E86A90-A63C-4939-A3DF-A9342C4CC039} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {2DFCC7E5-AE22-4CE8-B5F5-200962DC089A} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {38FF280E-5BF2-435C-B779-F1A05DD5DE43} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {57F72434-E8AB-477A-BC6A-25B08EB24B84} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {9A3807DD-E560-4BE5-B98D-7352793330FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {5968872B-07C6-4A63-92AE-587F747353BF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27033280 2023-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {08F95A8B-94F1-465F-BF99-2D0C1480CA24} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218160 2023-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1E03156-78C6-41BD-A2B0-C952F83FADD0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218160 2023-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A04C62C3-06C8-4773-8C53-23A7B09A6734} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4431688 2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {DDC2B38E-0631-42D4-9DB8-1A5051D381D5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [364128 2023-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {D2190ACE-967B-4584-868C-8632D698F45D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => StartupCheck.vbs (No File)
Task: {FEAC8FB3-48A3-4F20-8937-55612EB9E747} - System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => Maintenance.vbs (No File)
Task: {6B4D982C-9034-4A2C-AF05-527C65CC121F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {49B0B8FE-61A6-4AAA-9268-4B78AE419F9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {85FEA8E7-C4F6-45CB-9B0B-0BF63BB83092} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A61706DA-2CB3-444E-8563-3E122E67EB47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {489F28D4-3C08-4A3F-8CDA-F58A51AB31BD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-16] (Microsoft Windows -> Microsoft Corporation)
Task: {2E0AA02A-77FF-482F-A856-6C8B703716FC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-12-02] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F7EB6D79-E798-45D2-B393-04F139A56925} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-12-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {257EDE34-083D-4035-BB99-535A0350CDCC} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904552 2023-08-15] (Lenovo -> )
Task: {0BA24393-52AE-415A-8BCB-AD080E0BF37F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904552 2023-08-15] (Lenovo -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8e82220c-7010-41c6-b735-bc0abacdd88b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fb4c2ac2-7a28-46db-b80e-ffd4a387f79f}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\val\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-05]
Edge Extension: (Dokumenty Google offline) - C:\Users\val\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-01]
Edge Extension: (Edge relevant text changes) - C:\Users\val\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-01]
FireFox:
========
FF DefaultProfile: o8uuke26.default
FF ProfilePath: C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\o8uuke26.default [2020-08-22]
FF ProfilePath: C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\9fttahvs.default-release [2023-12-05]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\9fttahvs.default-release\Extensions\firefox@ghostery.com.xpi [2023-08-03]
FF Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\9fttahvs.default-release\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2023-11-09]
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-03] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\val\AppData\Local\Google\Chrome\User Data\Default [2022-04-07]
CHR Notifications: Default -> hxxps://web.telegram.org
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR Extension: (Prezentace) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-25]
CHR Extension: (Dokumenty) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-25]
CHR Extension: (Disk Google) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-25]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-04-07]
CHR Extension: (Tabulky) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-07]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-04-07]
CHR Extension: (Adaware Secure) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2019-07-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2022-04-07]
CHR Extension: (Gmail) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-09-28]
CHR Notifications: Profile 1 -> hxxps://app.zoom.us; hxxps://meet.google.com
CHR Extension: (Torrent Scanner) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-04-06]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-08-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-25]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-09-03] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12882616 2023-11-17] (Microsoft Corporation -> Microsoft Corporation)
R3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11187816 2023-11-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 VeraCryptSystemFavorites; C:\WINDOWS\system32\VeraCrypt.exe [5912648 2020-07-09] (IDRIX SARL -> IDRIX)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\aswidsagent.exe" [X]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc [X]
S2 avast! Tools; "C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe" /runassvc [X]
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35648 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208024 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [357320 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [249304 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [98760 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-01-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41272 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175248 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521336 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107784 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83360 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850112 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465160 2021-03-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 MpKsl37f11a7d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D995289-1F14-492E-979C-797B3A37DEFF}\MpKslDrv.sys [263560 2023-12-05] (Microsoft Windows -> Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [1057864 2016-10-03] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831664 2020-07-09] (IDRIX SARL -> IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-08] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
S2 aswStm; system32\drivers\aswStm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-05 19:52 - 2023-12-05 19:53 - 000034916 _____ C:\Users\val\Desktop\FRST.txt
2023-12-05 19:52 - 2023-12-05 19:52 - 000000000 ____D C:\FRST
2023-12-05 19:50 - 2023-12-05 19:51 - 000000000 ____D C:\Users\val\AppData\Local\Temp\mozilla-temp-files
2023-12-05 19:50 - 2023-12-05 19:50 - 002384384 _____ (Farbar) C:\Users\val\Desktop\FRST64.exe
2023-12-05 19:18 - 2023-12-05 19:19 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_2836_1855475199
2023-12-05 18:19 - 2023-12-05 18:19 - 000000000 ____D C:\Users\val\AppData\Local\Temp\{FC1B77D1-38AE-44C4-98A5-E94C35AD4F97}
2023-12-05 18:18 - 2023-12-05 18:18 - 000144168 _____ C:\Users\val\AppData\Local\Temp\dat9A0F.tmp
2023-12-05 18:18 - 2023-12-05 18:18 - 000143804 _____ C:\Users\val\AppData\Local\Temp\dat99C0.tmp
2023-12-05 18:18 - 2023-12-05 18:18 - 000143016 _____ C:\Users\val\AppData\Local\Temp\dat9A2F.tmp
2023-12-05 18:18 - 2023-12-05 18:18 - 000106380 _____ C:\Users\val\AppData\Local\Temp\dat9A4F.tmp
2023-12-05 18:18 - 2023-12-05 18:18 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_10108_605968102
2023-12-05 18:18 - 2023-12-05 18:18 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_10108_1979070854
2023-12-05 18:18 - 2023-12-05 18:18 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_10108_1027966185
2023-12-04 20:54 - 2023-12-04 20:54 - 000239891 _____ C:\Users\val\AppData\Local\Temp\prep_ui_win32_bundle_V8_perf.cache
2023-12-04 20:54 - 2023-12-04 20:54 - 000024327 _____ C:\Users\val\AppData\Local\Temp\prep_96b416466a7587ae7f08860fbc72_PackageResources_index_win32_bundle_V8_perf.cache
2023-12-04 20:53 - 2023-12-04 20:53 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_8076_95896803
2023-12-04 20:52 - 2023-12-04 20:52 - 000661699 _____ C:\Users\val\AppData\Local\Temp\prep_foundation_win32_bundle_V8_perf.cache
2023-12-04 20:52 - 2023-12-04 20:52 - 000547427 _____ C:\Users\val\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache
2023-12-04 20:39 - 2023-12-04 20:39 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp
2023-12-04 20:34 - 2023-12-04 20:34 - 000000000 ____D C:\Users\val\AppData\Local\Temp\lilo.12124
2023-12-04 20:33 - 2023-12-04 20:33 - 000000170 _____ C:\Users\val\AppData\Local\Temp\NGLClient_Photoshop1.ngllogcontrolconfig
2023-12-04 12:37 - 2023-12-04 12:37 - 000311736 _____ C:\Users\val\Downloads\pexels-photo-639110.jpeg
2023-12-04 12:34 - 2023-12-04 12:35 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_6112_1290225544
2023-12-04 12:34 - 2023-12-04 12:34 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_6112_1377135811
2023-12-04 07:34 - 2023-12-04 07:34 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_6112_726893049
2023-12-04 06:34 - 2023-12-04 06:34 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_10200_1232774321
2023-12-03 12:04 - 2023-12-03 12:05 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_5596_1908818778
2023-12-02 22:47 - 2023-12-02 22:48 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_10160_915951136
2023-12-02 22:35 - 2023-12-02 22:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-12-02 20:21 - 2023-12-02 20:25 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_5488_813680935
2023-12-02 20:20 - 2023-12-02 20:21 - 000000000 ____D C:\Users\val\AppData\Local\Temp\edge_BITS_5488_1227820838
2023-12-01 20:37 - 2023-12-05 18:22 - 000006830 _____ C:\Users\val\AppData\Local\Temp\au-descriptor-1.8.0_391-b13.xml
2023-11-25 19:18 - 2023-11-25 19:18 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD35CB.tmp
2023-11-25 19:17 - 2023-11-25 19:17 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD2A40.tmp
2023-11-25 19:17 - 2023-11-25 19:17 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD27AD.tmp
2023-11-25 19:17 - 2023-11-25 19:17 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD273E.tmp
2023-11-25 19:17 - 2023-11-25 19:17 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD2325.tmp
2023-11-25 19:17 - 2023-11-25 19:17 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD212F.tmp
2023-11-25 19:17 - 2023-11-25 19:17 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1B61.tmp
2023-11-25 19:17 - 2023-11-25 19:17 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1A26.tmp
2023-11-25 19:17 - 2023-11-25 19:17 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD19A7.tmp
2023-11-23 07:02 - 2023-11-23 07:02 - 007578945 _____ C:\Users\val\Downloads\Priloha_k_Metodickemu_pokynu_AS_c_4-2022_Zakladni_pravidla_pro_zpracovani_archivalii_v3-1_-_20221006-2.pdf
2023-11-23 07:01 - 2023-11-23 07:01 - 000226824 _____ C:\Users\val\Downloads\Metodicky_pokyn_AS_c_4-2022_Zakladni_pravidla_pro_zpracovani_archivalii_v3-1_-_20221006-1.pdf
2023-11-23 07:01 - 2023-11-23 07:01 - 000226824 _____ C:\Users\val\Downloads\Metodicky_pokyn_AS_c_4-2022_Zakladni_pravidla_pro_zpracovani_archivalii_v3-1_-_20221006.pdf
2023-11-17 18:19 - 2023-11-27 20:10 - 000000000 ____D C:\Users\val\AppData\Local\Temp\EDE0C62E-057B-477B-B643-5744DA4109BE
2023-11-16 09:15 - 2023-11-16 09:15 - 000000000 ___HD C:\$WinREAgent
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF290.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF270.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF26F.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF25E.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF24E.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF1FD.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF1BA.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF19A.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF199.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF198.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF187.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDF186.tmp
2023-11-16 08:20 - 2023-11-24 17:50 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD704.tmp
2023-11-14 19:00 - 2023-11-14 19:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\msohtmlclip1
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD5794.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD5745.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD56E6.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD56B6.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD5398.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD52CB.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD528A.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD523A.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD515E.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD514D.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD514C.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD514B.tmp
2023-11-14 18:05 - 2023-11-22 20:11 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD513A.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD42B2.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD4272.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD4213.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD41D2.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD4163.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD4162.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD4161.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD4160.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD415F.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD415E.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD414D.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD414C.tmp
2023-11-12 09:44 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD414B.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE279.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE249.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE248.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE16D.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE14C.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE13C.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE13B.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE13A.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE127.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE126.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE125.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE115.tmp
2023-11-11 14:36 - 2023-11-19 17:00 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCDE114.tmp
2023-11-08 10:50 - 2023-11-08 10:50 - 000018294 _____ C:\Users\val\Downloads\Ikarie_XB_1_seznam-nalezu.xlsx
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD14C2.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1473.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1432.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1422.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1411.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1410.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD140F.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD140E.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD13FD.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD13FC.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD13FB.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD13FA.tmp
2023-11-08 08:06 - 2023-11-16 08:37 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD13F9.tmp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-05 19:49 - 2020-03-04 12:27 - 000000000 ____D C:\Users\val\AppData\Roaming\Signal
2023-12-05 19:42 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-05 19:35 - 2021-12-18 18:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-05 19:35 - 2017-12-25 09:57 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-05 19:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-05 19:18 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-05 19:06 - 2022-02-10 19:28 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-12-05 18:22 - 2023-07-02 10:10 - 000000000 ____D C:\Users\val\AppData\Local\Temp\hsperfdata_val
2023-12-05 18:22 - 2023-07-01 15:56 - 000000000 ____D C:\Users\val\AppData\Local\Temp\MessagingAddin
2023-12-05 18:22 - 2020-09-27 15:00 - 001079389 _____ C:\Users\val\AppData\Local\Temp\driver.xml
2023-12-05 18:19 - 2023-07-02 10:08 - 000000000 ____D C:\Users\val\AppData\Local\Temp\MessagingPlugin
2023-12-05 18:19 - 2022-04-12 13:56 - 000000000 ____D C:\Program Files\Adobe
2023-12-05 18:19 - 2022-04-12 13:54 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-12-05 18:19 - 2017-12-25 10:20 - 000000000 ____D C:\ProgramData\Adobe
2023-12-05 18:19 - 2017-12-24 23:14 - 000000000 ____D C:\Users\val\AppData\Roaming\Adobe
2023-12-05 18:17 - 2023-01-18 16:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-12-05 18:17 - 2020-08-06 13:56 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-05 18:16 - 2017-12-24 23:14 - 000000000 __SHD C:\Users\val\IntelGraphicsProfiles
2023-12-04 21:45 - 2018-03-24 14:14 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\PowerPoint
2023-12-04 21:45 - 2017-12-25 10:31 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\Office
2023-12-04 20:53 - 2023-07-02 11:48 - 000000000 ____D C:\Users\val\AppData\Local\Temp\Outlook Logging
2023-12-04 20:36 - 2023-07-19 13:40 - 000000000 ____D C:\Users\val\AppData\Local\Temp\PhotoshopCrashes
2023-12-04 20:33 - 2017-12-27 15:02 - 000000000 ____D C:\Users\val\Documents\Fotky
2023-12-04 20:25 - 2023-08-05 11:14 - 000000000 ____D C:\Users\val\AppData\Local\Temp\notificationimages
2023-12-04 11:48 - 2017-12-27 15:27 - 000000000 ____D C:\Users\val\Documents\NFA
2023-12-04 08:42 - 2020-09-26 19:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-02 22:46 - 2020-08-22 15:07 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-12-02 22:44 - 2017-12-25 11:11 - 000000000 ____D C:\Users\val\AppData\Roaming\vlc
2023-12-02 20:20 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-01 20:39 - 2020-09-26 20:07 - 000003768 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-12-01 20:39 - 2020-09-26 20:07 - 000003644 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-12-01 20:37 - 2023-07-27 14:30 - 000000000 ____D C:\Users\val\AppData\Local\Temp\acrocef_low
2023-12-01 20:21 - 2020-09-26 20:07 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-12-01 12:53 - 2023-07-01 13:19 - 000000000 ____D C:\Users\val\AppData\Local\Temp\acrobat_sbx
2023-12-01 10:08 - 2017-12-25 10:37 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\Excel
2023-12-01 07:50 - 2017-12-25 09:57 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-24 18:30 - 2020-09-26 20:09 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-24 18:30 - 2019-12-07 15:41 - 000718024 _____ C:\WINDOWS\system32\perfh005.dat
2023-11-24 18:30 - 2019-12-07 15:41 - 000145166 _____ C:\WINDOWS\system32\perfc005.dat
2023-11-23 12:37 - 2017-12-25 10:31 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\Word
2023-11-22 17:01 - 2020-08-22 15:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-11-17 16:09 - 2017-02-10 12:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-11-17 15:26 - 2020-09-26 20:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-11-17 15:26 - 2020-09-20 08:52 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-17 15:26 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-11-17 15:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-11-17 15:25 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-11-17 15:21 - 2020-09-26 19:50 - 000437848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-11-17 15:21 - 2020-03-26 21:41 - 000000000 ____D C:\WINDOWS\TempInst
2023-11-16 18:37 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2023-11-16 18:37 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\cs
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-11-16 18:36 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-16 18:36 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-16 18:36 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2023-11-16 09:35 - 2019-12-07 15:44 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-11-16 09:35 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-11-16 09:35 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-11-16 09:35 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-11-16 09:27 - 2020-09-26 19:50 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-11-16 08:41 - 2017-12-26 21:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-16 08:36 - 2017-12-26 21:37 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 18:18 - 2022-10-12 14:16 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-11-14 18:18 - 2022-10-12 14:16 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-11-14 18:18 - 2020-09-26 20:07 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-11-14 18:10 - 2017-02-10 12:37 - 000000000 ____D C:\ProgramData\Lenovo
2023-11-13 18:46 - 2020-09-26 20:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2023-11-13 18:46 - 2019-01-29 20:39 - 000005757 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2023-11-13 18:46 - 2017-02-10 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2023-11-13 18:46 - 2017-02-10 12:45 - 000000000 ____D C:\Program Files (x86)\Lenovo
2023-11-12 09:55 - 2023-10-15 11:46 - 000000000 ____D C:\Users\val\Documents\nová práce
2023-11-11 19:18 - 2020-08-24 13:12 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1EE9.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1E3B.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1DFA.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1DAA.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1D7A.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1D79.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1D78.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1D77.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1D76.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1D56.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1D55.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1D50.tmp
2023-11-11 14:54 - 2023-11-04 08:41 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD1D4F.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8CDE.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B56.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B46.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B45.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B34.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B23.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B22.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B21.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B20.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B1F.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B0F.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8B0E.tmp
2023-11-08 13:01 - 2023-11-01 09:42 - 000000000 ____D C:\Users\val\AppData\Local\Temp\TCD8AEE.tmp
2023-11-08 06:41 - 2018-05-15 07:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2023
Ran by val (05-12-2023 19:55:21)
Running from C:\Users\val\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2020-09-26 19:07:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-842312810-1200612737-2880215622-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-842312810-1200612737-2880215622-503 - Limited - Disabled)
Guest (S-1-5-21-842312810-1200612737-2880215622-501 - Limited - Disabled)
val (S-1-5-21-842312810-1200612737-2880215622-1001 - Administrator - Enabled) => C:\Users\val
WDAGUtilityAccount (S-1-5-21-842312810-1200612737-2880215622-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\uTorrent) (Version: 3.5.5.46348 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.006.20380 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{CB17F29D-81FB-9BE1-F87A-682396B74EAB}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.)
Audio By Harman (HKLM\...\{F2DA805F-3FBD-4A4E-970F-5EE7027107EB}) (Version: 1.4.0.0 - Harman, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.1.2449 - Avast Software)
Canon LBP6230 6240 Uninstaller (HKLM\...\Canon LBP6230 6240) (Version: 6, 3, 1, 0 - Canon Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.74.0.5587 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{3a884fa0-0591-4b54-9aa2-442b4172ec32}) (Version: 13.74.0.5587 - Electronic Arts)
Google Chrome (HKLM\...\{B98EEA88-7820-3A65-A3AF-99A11D1A9D49}) (Version: 119.0.6045.200 - Google, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{3AAD3A73-0D6A-4EFE-93FC-7719DC6C89E4}) (Version: 10.1.1.37 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{C72F5F83-E423-4634-A41F-1E509F2DFAF0}) (Version: 11.6.0.1025 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Lenovo App Explorer (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Host App Service) (Version: 0.273.4.694 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.08.02.25 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.16924.20150 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Teams) (Version: 1.5.00.2164 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 120.0.1 (x64 cs)) (Version: 120.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16924.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Signal 1.31.0 (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\{7d96caee-06e6-597c-9f2f-c7bb2e0948b4}) (Version: 1.31.0 - Open Whisper Systems)
Signal 6.39.1 (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.39.1 - Signal Messenger, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.3961 - Microsoft Corporation)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.102.190.1030 - Electronic Arts Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update6 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-14] ()
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-08] (Autodesk Inc.)
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2023-10-03] (Canon Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-13] (HP Inc.)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2310.18.0_x64__k1h2ywk1493x8 [2023-11-09] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-09-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Polarr Pro Photo Editor -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.11.5.0_x64__jb41c8remg0x2 [2023-06-26] (Polarr)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0 [2023-11-24] (Spotify AB) [Startup Task]
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-12-24] (LENOVO INCORPORATED.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21348.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\val\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxDTCM.dll [2016-12-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\val\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\nfa.cz - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2015-06-25 15:53 - 2015-06-25 15:53 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-03-23 15:40 - 2013-01-31 18:21 - 000152064 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCENPM6.dll
2018-01-28 20:00 - 2018-01-28 20:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2023-11-29 18:43 - 2023-11-29 18:43 - 002849280 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libcrypto-1_1-x64.dll
2023-11-29 18:43 - 2023-11-29 18:43 - 000685056 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\libssl-1_1-x64.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2015-06-25 16:15 - 2015-06-25 16:15 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2015-06-25 16:15 - 2015-06-25 16:15 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2015-06-25 16:15 - 2015-06-25 16:15 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2015-06-25 16:17 - 2015-06-25 16:17 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2015-06-25 16:20 - 2015-06-25 16:20 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2015-06-25 16:21 - 2015-06-25 16:21 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2015-06-25 16:14 - 2015-06-25 16:14 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2015-07-02 11:58 - 2015-07-02 11:58 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2015-06-25 16:03 - 2015-06-25 16:03 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2015-06-25 04:13 - 2015-06-25 04:13 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2015-06-25 16:00 - 2015-06-25 16:00 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2015-06-25 16:23 - 2015-06-25 16:23 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2015-06-25 16:28 - 2015-06-25 16:28 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2015-06-25 16:16 - 2015-06-25 16:16 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2015-06-25 16:08 - 2015-06-25 16:08 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2015-06-25 16:58 - 2015-06-25 16:58 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2015-06-25 15:59 - 2015-06-25 15:59 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2023-11-29 18:43 - 2023-11-29 18:43 - 000046592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\bearer\qgenericbearer.dll
2023-11-29 18:43 - 2023-11-29 18:43 - 006270976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Core.dll
2023-11-29 18:43 - 2023-11-29 18:43 - 001389568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5Network.dll
2023-11-29 18:43 - 2023-11-29 18:43 - 000157184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\Qt5WebSockets.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10454__180825
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> DefaultScope {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10454__180825&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-10-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-31] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\sharepoint.com -> hxxps://ffuk-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2019-01-11 18:29 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
2019-02-26 12:35 - 2019-02-26 14:33 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\val\Documents\cats.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{53DF42F1-7561-43C9-A2A5-111BC6F77278}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A48785E6-B1BB-4A2C-81A5-648D87238E8E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF8B2468-B47B-48B8-8D56-557AE368D952}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{752A8094-6B82-48EA-AA81-73AE0270DF53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{C46D789A-9EED-4B8D-9827-BF6F768B6A6D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{657C836C-3C7A-4B98-B061-7614D1F8997E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{FB8FFB3A-2D27-40A0-AC51-BE1616AEA0C2}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [TCP Query User{7B5E70FE-8D1B-4379-9A10-D4B6F72774F7}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [{29EF7F6D-2E43-4708-870F-8730C45877FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{B3A9DC44-5009-45D9-9BD4-4801DDBC38E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{04FF5544-5655-4A00-810E-B5F7EDECCFCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{4CC2DEC2-E897-434B-BD28-C510E0B03B19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{D9B5A20B-9552-4EE7-BF60-2EE583EAD73A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{168EB396-4590-4FA1-8567-304B97DC186A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{14118108-3FBA-4B04-9D53-5A725AEC0964}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3F5C655A-9E35-48F7-8002-A70C845674F8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D6E560A5-308F-47AB-9414-4BF197B13977}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FAFC57BD-CA6C-4D53-9EEC-6E31B8F2B56F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12ABF23A-93B9-49E2-856E-8C3D66A08A3C}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C5492852-B4B6-4FCE-84B7-5E4070DD5ED6}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{E873DBE2-EC41-4E6D-BC36-F465A46083C6}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{86553A20-A17A-4951-8809-F257222AC8C7}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [TCP Query User{B45D1FC0-316F-4E0C-818D-8F7D707AC211}C:\users\val\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\val\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{D9349506-7338-4F03-B9B2-8143C4C7B6C2}C:\users\val\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\val\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{21446445-A19F-40DF-A39A-09A702AAA122}C:\users\val\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\val\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0209C036-5747-4181-8E11-687342457D9D}C:\users\val\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\val\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9E7208B0-A883-4B8B-BF44-37AC0E35ABDB}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{BB1CAF69-D086-4F3C-9D21-236732DBD3D4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AD973968-9A3B-4164-999A-DCEF5A392054}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{D74321A8-E482-473A-B43D-37DDB05EDC25}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{A7C5DD3E-1932-481B-927A-49103E5F1C4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6B2ED506-A55B-4C7F-A524-5311C4AEE812}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0784A71A-059C-4C48-A825-969E9167380A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BE35DCF-154E-4B25-9DF6-15CDC3B8004E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{DD570DE4-230A-4F07-BEBD-22177573F358}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{95F4FE4B-DA8C-4140-B823-143225E7DC60}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A8567441-0E2E-4B3B-A51F-A720993B4159}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8220787E-8AC7-4FD4-98F6-4A6AE1F5417D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{67F1957F-002E-4BB2-93A4-F526CCDCC576}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{42B3FEC4-C9C2-4B1D-B8BC-D66BAF771B59}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{03145C7E-0F85-474D-8EA0-E5A1C221B4B0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{54637E42-58BD-41C9-B413-C842F48FA693}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C66A9FAE-3627-4BF0-BF8A-1C9A170E4316}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6F906116-9B26-4DAA-9C07-EE13FC097797}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{098853C6-91A2-447A-B1AA-A4A13C2635B8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo)
FirewallRules: [{5D4C382F-4067-40E1-8281-210FC89D88E8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo)
FirewallRules: [{746F4570-051E-473A-8D11-A3475CCBBBCA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F4DC37BF-5716-4106-B445-D355008C45A2}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{3D90B81F-5F95-40A8-ACEF-62E186E04C99}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0B21C83D-0417-48F1-85A8-CC647699A948}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4EE392F9-2662-417B-BBBF-14E098722CD2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B1278983-1B81-47BD-B423-D06B4763F3F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9A931F76-13AC-41A4-8F58-686608E023A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8A7BDDB7-6ED2-4058-8D3B-2B45EFDF285E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{738FF13D-E7C4-4830-B8E8-57AF903E81D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E2B1A7FF-9C65-4CB4-A26A-49F5F74658A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D104DB60-538E-4077-B8CC-F9961A08268F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3B0972D0-961C-4DB4-B02A-2E80A1EE62FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E72FD571-BACA-492C-BBC6-550C0BA84340}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E779D73F-911F-4263-AAC7-2189EA8DD442}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CD0E9406-8493-4970-BB81-54223A6D7503}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{53954438-B09E-4F3B-9B48-EE186F87BC97}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E7D423F-8333-4CDD-8248-B2BE886FAD8D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.109.3209.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3D440EBC-0F24-4431-BC83-E4EB61B38C13}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
03-12-2023 15:33:14 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/05/2023 07:44:45 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/04/2023 07:44:45 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/04/2023 06:35:22 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/03/2023 01:01:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1648, časové razítko: 0x57cac657
Název chybujícího modulu: Qt5Core.dll, verze: 5.5.0.0, časové razítko: 0x558c6b3a
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000001ca39e
ID chybujícího procesu: 0x19c4
Čas spuštění chybující aplikace: 0x01da25690b1edcda
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
ID zprávy: 9ccc2f73-12d4-4297-b5fd-f632b1623525
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/02/2023 08:21:35 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/01/2023 08:23:37 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/01/2023 12:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1648, časové razítko: 0x57cac657
Název chybujícího modulu: Qt5Core.dll, verze: 5.5.0.0, časové razítko: 0x558c6b3a
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000001ca39e
ID chybujícího procesu: 0xebc
Čas spuštění chybující aplikace: 0x01da242245a07105
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
ID zprávy: ca5d64a2-a0a0-4c7d-8bb1-0646fd08c432
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/01/2023 07:50:15 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
System errors:
=============
Error: (12/05/2023 06:57:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby AdaptiveSleepService bylo dosaženo časového limitu (30000 ms).
Error: (11/22/2023 09:23:38 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-SRKCKE8G)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/19/2023 09:37:32 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-SRKCKE8G)
Description: Server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/18/2023 07:53:36 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-SRKCKE8G)
Description: Server Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/17/2023 03:26:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba avast! Tools závisí na službě avast! Antivirus, která neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (11/17/2023 03:26:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba avast! Antivirus neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (11/17/2023 03:26:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba aswStm neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (11/17/2023 03:26:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AvastWscReporter neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Windows Defender:
================
Date: 2023-12-04 20:39:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win64/CryptInject
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\ServiceInstaller.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-04 20:39:07
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/AgentTesla!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\ServiceInstaller.msi
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-04 20:39:06
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casdet!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\StartupCheck.vbs
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-04 20:39:05
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/CoinMiner!MSR
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-04 20:39:03
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:VBS/Tnega!MSR
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\Maintenance.vbs
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Event[0]:
Date: 2023-08-30 06:16:34
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.1577.0;1.395.1577.0
Verze modulu: 1.1.23070.1005
Date: 2023-08-29 19:11:38
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.1499.0;1.395.1499.0
Verze modulu: 1.1.23070.1005
Date: 2023-08-10 20:16:41
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.68.0;1.395.68.0
Verze modulu: 1.1.23070.1005
CodeIntegrity:
===============
Date: 2023-12-05 18:20:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 2SCN28WW(V2.08) 08/14/2018
Motherboard: LENOVO Lenovo ideapad 510S-14IKB
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 8035.01 MB
Available physical RAM: 3999.03 MB
Total Virtual: 11828.48 MB
Available Virtual: 6750.23 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:198.95 GB) (Free:33.23 GB) (Model: SAMSUNG MZ7LN256HMJP-000L2) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.25 GB) (Model: SAMSUNG MZ7LN256HMJP-000L2) NTFS
\\?\Volume{2fcaa96b-d383-4b6d-b146-2268c1533b18}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.37 GB) NTFS
\\?\Volume{87a78d60-e853-41dc-82fd-e82f23dfe57a}\ (LENOVO_PART) (Fixed) (Total:12.3 GB) (Free:1.55 GB) NTFS
\\?\Volume{ed3555ae-147d-4b93-825c-e4a824f1251c}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BEA91B5B)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola po zachycení hrozeb
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola po zachycení hrozeb
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola po zachycení hrozeb
Díky, AdwCleaner vypadá trochu jinak než dřív, ale snad jsem provedl ekvivalentní kroky.
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-07-2023
# Duration: 00:00:05
# OS: Windows 10 (Build 19045.3693)
# Cleaned: 21
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Host App Service
Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\val\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
***** [ Files ] *****
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\APP EXPLORER
***** [ Registry ] *****
Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FABF0EDE-A50D-49CE-9891-57362E18639A}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
Deleted Adaware Secure Search - nladljmabboanhihfkjacnnkgjhnokhj
Deleted nladljmabboanhihfkjacnnkgjhnokhj
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5368 octets] - [07/12/2023 13:48:41]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-07-2023
# Duration: 00:00:05
# OS: Windows 10 (Build 19045.3693)
# Cleaned: 21
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Host App Service
Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\val\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
***** [ Files ] *****
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\APP EXPLORER
***** [ Registry ] *****
Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FABF0EDE-A50D-49CE-9891-57362E18639A}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
Deleted Adaware Secure Search - nladljmabboanhihfkjacnnkgjhnokhj
Deleted nladljmabboanhihfkjacnnkgjhnokhj
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5368 octets] - [07/12/2023 13:48:41]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola po zachycení hrozeb
Dejte nové logy FRST+Addition k dočištění.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola po zachycení hrozeb
Tady jsou:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2023
Ran by val (administrator) on LAPTOP-SRKCKE8G (LENOVO 80UV) (07-12-2023 19:15:37)
Running from C:\Users\val\Desktop\FRST64.exe
Loaded Profiles: val
Platform: Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-02-10] (LENOVO -> )
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui (No File)
HKLM\...\Run: [CNAP3 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2012-06-14] (CANON INC. -> CANON INC.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8025992 2016-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776704 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5912648 2020-07-09] (IDRIX SARL -> IDRIX)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2652776 2023-12-07] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [MicrosoftEdgeAutoLaunch_2BD138944824F9E39F1A8E4F21D1EDA9] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {05b41f0d-260b-11ec-844d-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {751fc877-1547-11eb-8431-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {e3f70fd1-8f47-11eb-843f-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKLM\...\Windows x64\Print Processors\hpcpp101: C:\Windows\System32\spool\prtprocs\x64\hpcpp101.dll [323584 2010-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\WINDOWS\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\WINDOWS\system32\CNAP3SMD.DLL [1470464 2014-11-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {40F12D0C-3A03-4608-B5AA-906696DB8D45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {FD464E08-36C5-46C9-92EE-95CA3B600A95} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4682976 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
Task: {BF9FA7E3-7209-4498-8AAA-D11557A4E8B4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {FD373BC9-1948-4C44-8021-A1B86FECAD6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {E36B6601-3A48-4CDE-88E2-09CBD31270AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {A38F279F-5E11-4979-B9DE-90B49481C922} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {DFBB9B2C-B04B-4510-BB3E-E793E36608B5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {1868D39B-23F0-42D7-A853-915C93065543} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {FF6E1E8B-0B32-4A7B-973E-6303C0624ACE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\46d39c04-a4e7-43ac-8cb8-bd4ef4cdcc7a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {EEFD57E5-4636-4B2B-871F-8608A1146375} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5143f1c8-9526-44e3-89c1-0ea472f92bab => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {909ABC9E-3249-41D7-8112-C466DC3E0D79} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9581e803-a0db-4af0-bfb4-67c9cdaf9651 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {BF8CD1CF-A538-4FAF-8DE2-F14246909354} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d17f0512-a0ff-4398-8ba8-69167ae3c545 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {31574C5D-4EED-4545-813B-56454723AF2A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-842312810-1200612737-2880215622-1001 => C:\Users\val\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing)
ed -> Lenovo Group Limited)
Task: {0EA1570E-7415-4F0A-9D9A-3FD04136BF8F} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {FB54174E-52DE-4A4A-A067-BBE880FF6082} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EC4C5F13-FE5A-4CC5-AC6F-85A9EBFF5981} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {18FB0890-748F-40A8-AE73-CC65B273D4FC} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {617F8B9F-49E5-445B-982D-BA497577A4FA} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {A03056FF-E94D-43A6-B971-BAED50C83E44} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {A39F71D6-1C6E-41F0-B94C-84C99245198F} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0633D6DF-52A8-4285-8FC8-CC05DE0639FF} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EC81D7A5-3615-421A-A3FC-D650042266ED} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EDECA634-60BC-4E35-A8D4-3E9D6668F88A} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {4AE13385-7B28-455D-800E-E519058FE307} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {77E86A90-A63C-4939-A3DF-A9342C4CC039} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {2DFCC7E5-AE22-4CE8-B5F5-200962DC089A} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {38FF280E-5BF2-435C-B779-F1A05DD5DE43} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {57F72434-E8AB-477A-BC6A-25B08EB24B84} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {315A35A9-1454-4D9B-9EDD-3FBA1761C1B9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28175336 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {543FA452-E5D4-4899-A01E-7A3253979456} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28175336 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C2CD016-381E-42E9-94A0-8E0BE0EAECA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218264 2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {B7B25913-DB07-445D-A21C-562DBAF6B55C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218264 2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF312299-D6F1-4DFF-8575-F71AE4F6B49F} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4413336 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {DDC2B38E-0631-42D4-9DB8-1A5051D381D5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [360144 2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D2190ACE-967B-4584-868C-8632D698F45D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => StartupCheck.vbs (No File)
Task: {FEAC8FB3-48A3-4F20-8937-55612EB9E747} - System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => Maintenance.vbs (No File)
Task: {6B4D982C-9034-4A2C-AF05-527C65CC121F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {49B0B8FE-61A6-4AAA-9268-4B78AE419F9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {85FEA8E7-C4F6-45CB-9B0B-0BF63BB83092} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A61706DA-2CB3-444E-8563-3E122E67EB47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {489F28D4-3C08-4A3F-8CDA-F58A51AB31BD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-16] (Microsoft Windows -> Microsoft Corporation)
Task: {2E0AA02A-77FF-482F-A856-6C8B703716FC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-12-02] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F7EB6D79-E798-45D2-B393-04F139A56925} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-12-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {257EDE34-083D-4035-BB99-535A0350CDCC} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904552 2023-08-15] (Lenovo -> )
Task: {0BA24393-52AE-415A-8BCB-AD080E0BF37F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904552 2023-08-15] (Lenovo -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8e82220c-7010-41c6-b735-bc0abacdd88b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fb4c2ac2-7a28-46db-b80e-ffd4a387f79f}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\val\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-07]
Edge Extension: (Dokumenty Google offline) - C:\Users\val\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-01]
Edge Extension: (Edge relevant text changes) - C:\Users\val\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-01]
FireFox:
========
FF DefaultProfile: o8uuke26.default
FF ProfilePath: C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\o8uuke26.default [2020-08-22]
FF ProfilePath: C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\9fttahvs.default-release [2023-12-07]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\9fttahvs.default-release\Extensions\firefox@ghostery.com.xpi [2023-08-03]
FF Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\9fttahvs.default-release\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2023-11-09]
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\val\AppData\Local\Google\Chrome\User Data\Default [2022-04-07]
CHR Notifications: Default -> hxxps://web.telegram.org
CHR Extension: (Prezentace) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-25]
CHR Extension: (Dokumenty) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-25]
CHR Extension: (Disk Google) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-25]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-04-07]
CHR Extension: (Tabulky) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-07]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-04-07]
CHR Extension: (Adaware Secure Search) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2019-07-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2022-04-07]
CHR Extension: (Gmail) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-09-28]
CHR Notifications: Profile 1 -> hxxps://app.zoom.us; hxxps://meet.google.com
CHR Extension: (Torrent Scanner) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-04-06]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-08-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-25]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-09-03] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13233744 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11243624 2023-12-07] (Electronic Arts, Inc. -> Electronic Arts)
S2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 VeraCryptSystemFavorites; C:\WINDOWS\system32\VeraCrypt.exe [5912648 2020-07-09] (IDRIX SARL -> IDRIX)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\aswidsagent.exe" [X]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc [X]
S2 avast! Tools; "C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe" /runassvc [X]
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35648 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208024 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [357320 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [249304 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [98760 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-01-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41272 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175248 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521336 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107784 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83360 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850112 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465160 2021-03-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 MpKslfd339c32; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2E176D1-0007-4069-B416-55EFB4A339A7}\MpKslDrv.sys [263560 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [1057864 2016-10-03] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831664 2020-07-09] (IDRIX SARL -> IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-08] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
S2 aswStm; system32\drivers\aswStm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-07 19:15 - 2023-12-07 19:16 - 000029602 _____ C:\Users\val\Desktop\FRST.txt
2023-12-07 19:15 - 2023-12-07 19:15 - 000000000 ____D C:\Users\val\Desktop\FRST-OlderVersion
2023-12-07 13:48 - 2023-12-07 13:49 - 000000000 ____D C:\AdwCleaner
2023-12-07 13:46 - 2023-12-07 13:46 - 008791352 _____ (Malwarebytes) C:\Users\val\Desktop\adwcleaner.exe
2023-12-05 19:52 - 2023-12-07 19:16 - 000000000 ____D C:\FRST
2023-12-05 19:50 - 2023-12-07 19:15 - 002384896 _____ (Farbar) C:\Users\val\Desktop\FRST64.exe
2023-12-04 20:39 - 2023-12-04 20:39 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp
2023-12-04 12:37 - 2023-12-04 12:37 - 000311736 _____ C:\Users\val\Downloads\pexels-photo-639110.jpeg
2023-12-02 22:35 - 2023-12-02 22:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-11-23 07:02 - 2023-11-23 07:02 - 007578945 _____ C:\Users\val\Downloads\Priloha_k_Metodickemu_pokynu_AS_c_4-2022_Zakladni_pravidla_pro_zpracovani_archivalii_v3-1_-_20221006-2.pdf
2023-11-23 07:01 - 2023-11-23 07:01 - 000226824 _____ C:\Users\val\Downloads\Metodicky_pokyn_AS_c_4-2022_Zakladni_pravidla_pro_zpracovani_archivalii_v3-1_-_20221006-1.pdf
2023-11-23 07:01 - 2023-11-23 07:01 - 000226824 _____ C:\Users\val\Downloads\Metodicky_pokyn_AS_c_4-2022_Zakladni_pravidla_pro_zpracovani_archivalii_v3-1_-_20221006.pdf
2023-11-16 09:15 - 2023-11-16 09:15 - 000000000 ___HD C:\$WinREAgent
2023-11-08 10:50 - 2023-11-08 10:50 - 000018294 _____ C:\Users\val\Downloads\Ikarie_XB_1_seznam-nalezu.xlsx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-07 19:12 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-07 19:03 - 2020-09-26 19:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-07 18:24 - 2021-12-18 18:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-07 18:24 - 2017-12-25 09:57 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-07 18:19 - 2020-09-26 20:07 - 000003768 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-12-07 18:19 - 2020-09-26 20:07 - 000003644 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-12-07 14:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-07 14:50 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-07 14:50 - 2018-06-22 08:31 - 000000000 ____D C:\ProgramData\Packages
2023-12-07 14:50 - 2017-12-25 01:43 - 000000000 ____D C:\Users\val\AppData\Local\Packages
2023-12-07 14:02 - 2022-02-10 19:28 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-12-07 13:54 - 2020-09-26 20:07 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-12-07 13:49 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-12-07 13:28 - 2017-02-10 12:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-12-07 13:10 - 2017-12-24 23:14 - 000000000 __SHD C:\Users\val\IntelGraphicsProfiles
2023-12-05 19:56 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-05 19:49 - 2020-03-04 12:27 - 000000000 ____D C:\Users\val\AppData\Roaming\Signal
2023-12-05 18:51 - 2018-10-25 10:51 - 000000000 ____D C:\Users\val\AppData\Local\D3DSCache
2023-12-05 18:19 - 2022-04-12 13:56 - 000000000 ____D C:\Program Files\Adobe
2023-12-05 18:19 - 2022-04-12 13:54 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-12-05 18:19 - 2017-12-25 10:20 - 000000000 ____D C:\ProgramData\Adobe
2023-12-05 18:19 - 2017-12-24 23:14 - 000000000 ____D C:\Users\val\AppData\Roaming\Adobe
2023-12-05 18:17 - 2023-01-18 16:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-12-05 18:17 - 2020-08-06 13:56 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-04 21:45 - 2018-03-24 14:14 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\PowerPoint
2023-12-04 21:45 - 2017-12-25 10:31 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\Office
2023-12-04 20:33 - 2017-12-27 15:02 - 000000000 ____D C:\Users\val\Documents\Fotky
2023-12-04 11:48 - 2017-12-27 15:27 - 000000000 ____D C:\Users\val\Documents\NFA
2023-12-03 01:01 - 2018-06-26 18:00 - 000000000 ____D C:\Users\val\AppData\Local\CrashDumps
2023-12-02 22:46 - 2020-08-22 15:07 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-12-02 22:44 - 2017-12-25 11:11 - 000000000 ____D C:\Users\val\AppData\Roaming\vlc
2023-12-01 20:21 - 2020-09-26 20:07 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-12-01 10:08 - 2017-12-25 10:37 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\Excel
2023-12-01 07:50 - 2017-12-25 09:57 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-24 18:30 - 2020-09-26 20:09 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-24 18:30 - 2019-12-07 15:41 - 000718024 _____ C:\WINDOWS\system32\perfh005.dat
2023-11-24 18:30 - 2019-12-07 15:41 - 000145166 _____ C:\WINDOWS\system32\perfc005.dat
2023-11-23 12:37 - 2017-12-25 10:31 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\Word
2023-11-22 17:01 - 2020-08-22 15:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-11-17 15:26 - 2020-09-26 20:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-11-17 15:26 - 2020-09-20 08:52 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-17 15:26 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-11-17 15:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-11-17 15:25 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-11-17 15:21 - 2020-09-26 19:50 - 000437848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-11-17 15:21 - 2020-03-26 21:41 - 000000000 ____D C:\WINDOWS\TempInst
2023-11-16 18:37 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2023-11-16 18:37 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\cs
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-11-16 18:36 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-16 18:36 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-16 18:36 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2023-11-16 09:35 - 2019-12-07 15:44 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-11-16 09:35 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-11-16 09:35 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-11-16 09:35 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-11-16 09:27 - 2020-09-26 19:50 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-11-16 08:41 - 2017-12-26 21:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-16 08:36 - 2017-12-26 21:37 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 18:18 - 2022-10-12 14:16 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-11-14 18:18 - 2022-10-12 14:16 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-11-14 18:10 - 2017-02-10 12:37 - 000000000 ____D C:\ProgramData\Lenovo
2023-11-13 19:24 - 2017-12-24 23:14 - 000000000 ____D C:\Users\val\AppData\Local\Publishers
2023-11-13 18:46 - 2020-09-26 20:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2023-11-13 18:46 - 2019-01-29 20:39 - 000005757 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2023-11-13 18:46 - 2017-02-10 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2023-11-13 18:46 - 2017-02-10 12:45 - 000000000 ____D C:\Program Files (x86)\Lenovo
2023-11-12 09:55 - 2023-10-15 11:46 - 000000000 ____D C:\Users\val\Documents\nová práce
2023-11-11 19:18 - 2020-08-24 13:12 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-11-08 06:41 - 2018-05-15 07:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2023
Ran by val (07-12-2023 19:18:39)
Running from C:\Users\val\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2020-09-26 19:07:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-842312810-1200612737-2880215622-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-842312810-1200612737-2880215622-503 - Limited - Disabled)
Guest (S-1-5-21-842312810-1200612737-2880215622-501 - Limited - Disabled)
val (S-1-5-21-842312810-1200612737-2880215622-1001 - Administrator - Enabled) => C:\Users\val
WDAGUtilityAccount (S-1-5-21-842312810-1200612737-2880215622-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\uTorrent) (Version: 3.5.5.46348 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.006.20380 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{CB17F29D-81FB-9BE1-F87A-682396B74EAB}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.)
Audio By Harman (HKLM\...\{F2DA805F-3FBD-4A4E-970F-5EE7027107EB}) (Version: 1.4.0.0 - Harman, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.1.2449 - Avast Software)
Canon LBP6230 6240 Uninstaller (HKLM\...\Canon LBP6230 6240) (Version: 6, 3, 1, 0 - Canon Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.79.0.5592 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{3a884fa0-0591-4b54-9aa2-442b4172ec32}) (Version: 13.79.0.5592 - Electronic Arts)
Google Chrome (HKLM\...\{B98EEA88-7820-3A65-A3AF-99A11D1A9D49}) (Version: 119.0.6045.200 - Google, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{3AAD3A73-0D6A-4EFE-93FC-7719DC6C89E4}) (Version: 10.1.1.37 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{C72F5F83-E423-4634-A41F-1E509F2DFAF0}) (Version: 11.6.0.1025 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.08.02.25 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.17029.20068 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.17029.20068 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Teams) (Version: 1.5.00.2164 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 120.0.1 (x64 cs)) (Version: 120.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17029.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17029.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17029.20068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Signal 1.31.0 (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\{7d96caee-06e6-597c-9f2f-c7bb2e0948b4}) (Version: 1.31.0 - Open Whisper Systems)
Signal 6.39.1 (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.39.1 - Signal Messenger, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.3961 - Microsoft Corporation)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.102.190.1030 - Electronic Arts Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update6 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-14] ()
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-08] (Autodesk Inc.)
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2023-10-03] (Canon Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-13] (HP Inc.)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2310.18.0_x64__k1h2ywk1493x8 [2023-11-09] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-09-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe [2023-12-07] (Microsoft) [Startup Task]
Polarr Pro Photo Editor -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.11.5.0_x64__jb41c8remg0x2 [2023-06-26] (Polarr)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0 [2023-11-24] (Spotify AB) [Startup Task]
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-12-24] (LENOVO INCORPORATED.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21348.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\val\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxDTCM.dll [2016-12-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\val\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\nfa.cz - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2018-03-23 15:40 - 2013-01-31 18:21 - 000152064 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCENPM6.dll
2018-01-28 20:00 - 2018-01-28 20:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> DefaultScope {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\sharepoint.com -> hxxps://ffuk-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2019-01-11 18:29 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
2019-02-26 12:35 - 2019-02-26 14:33 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\val\Documents\cats.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{53DF42F1-7561-43C9-A2A5-111BC6F77278}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A48785E6-B1BB-4A2C-81A5-648D87238E8E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF8B2468-B47B-48B8-8D56-557AE368D952}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{752A8094-6B82-48EA-AA81-73AE0270DF53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{C46D789A-9EED-4B8D-9827-BF6F768B6A6D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{657C836C-3C7A-4B98-B061-7614D1F8997E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{FB8FFB3A-2D27-40A0-AC51-BE1616AEA0C2}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [TCP Query User{7B5E70FE-8D1B-4379-9A10-D4B6F72774F7}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [{29EF7F6D-2E43-4708-870F-8730C45877FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{B3A9DC44-5009-45D9-9BD4-4801DDBC38E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{04FF5544-5655-4A00-810E-B5F7EDECCFCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{4CC2DEC2-E897-434B-BD28-C510E0B03B19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{D9B5A20B-9552-4EE7-BF60-2EE583EAD73A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{168EB396-4590-4FA1-8567-304B97DC186A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{14118108-3FBA-4B04-9D53-5A725AEC0964}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3F5C655A-9E35-48F7-8002-A70C845674F8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D6E560A5-308F-47AB-9414-4BF197B13977}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FAFC57BD-CA6C-4D53-9EEC-6E31B8F2B56F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12ABF23A-93B9-49E2-856E-8C3D66A08A3C}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C5492852-B4B6-4FCE-84B7-5E4070DD5ED6}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{E873DBE2-EC41-4E6D-BC36-F465A46083C6}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{86553A20-A17A-4951-8809-F257222AC8C7}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [TCP Query User{B45D1FC0-316F-4E0C-818D-8F7D707AC211}C:\users\val\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\val\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{D9349506-7338-4F03-B9B2-8143C4C7B6C2}C:\users\val\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\val\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{21446445-A19F-40DF-A39A-09A702AAA122}C:\users\val\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\val\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0209C036-5747-4181-8E11-687342457D9D}C:\users\val\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\val\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9E7208B0-A883-4B8B-BF44-37AC0E35ABDB}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{BB1CAF69-D086-4F3C-9D21-236732DBD3D4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AD973968-9A3B-4164-999A-DCEF5A392054}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{D74321A8-E482-473A-B43D-37DDB05EDC25}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{A7C5DD3E-1932-481B-927A-49103E5F1C4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6B2ED506-A55B-4C7F-A524-5311C4AEE812}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0784A71A-059C-4C48-A825-969E9167380A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BE35DCF-154E-4B25-9DF6-15CDC3B8004E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{DD570DE4-230A-4F07-BEBD-22177573F358}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{95F4FE4B-DA8C-4140-B823-143225E7DC60}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A8567441-0E2E-4B3B-A51F-A720993B4159}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8220787E-8AC7-4FD4-98F6-4A6AE1F5417D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{67F1957F-002E-4BB2-93A4-F526CCDCC576}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{42B3FEC4-C9C2-4B1D-B8BC-D66BAF771B59}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{03145C7E-0F85-474D-8EA0-E5A1C221B4B0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{54637E42-58BD-41C9-B413-C842F48FA693}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C66A9FAE-3627-4BF0-BF8A-1C9A170E4316}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6F906116-9B26-4DAA-9C07-EE13FC097797}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{098853C6-91A2-447A-B1AA-A4A13C2635B8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo)
FirewallRules: [{5D4C382F-4067-40E1-8281-210FC89D88E8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo)
FirewallRules: [{746F4570-051E-473A-8D11-A3475CCBBBCA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F4DC37BF-5716-4106-B445-D355008C45A2}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{3D90B81F-5F95-40A8-ACEF-62E186E04C99}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0B21C83D-0417-48F1-85A8-CC647699A948}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4EE392F9-2662-417B-BBBF-14E098722CD2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B1278983-1B81-47BD-B423-D06B4763F3F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9A931F76-13AC-41A4-8F58-686608E023A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8A7BDDB7-6ED2-4058-8D3B-2B45EFDF285E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{738FF13D-E7C4-4830-B8E8-57AF903E81D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E2B1A7FF-9C65-4CB4-A26A-49F5F74658A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D104DB60-538E-4077-B8CC-F9961A08268F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3B0972D0-961C-4DB4-B02A-2E80A1EE62FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E72FD571-BACA-492C-BBC6-550C0BA84340}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3D440EBC-0F24-4431-BC83-E4EB61B38C13}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3E842F7-ACF2-48D2-9525-FB219AE13931}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DB4F67A1-DB2A-4F13-9909-DBEDE164D625}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{597F5489-67C6-4361-B61D-082A40DF5D68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE332158-B868-48A0-8C10-3663233377A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{51D2A0D6-F406-46F9-919D-16A9A812F129}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0293A25D-D4D8-4902-B76C-33C077C6EC3E}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
03-12-2023 15:33:14 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/07/2023 01:13:43 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/05/2023 07:44:45 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/04/2023 07:44:45 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/04/2023 06:35:22 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/03/2023 01:01:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1648, časové razítko: 0x57cac657
Název chybujícího modulu: Qt5Core.dll, verze: 5.5.0.0, časové razítko: 0x558c6b3a
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000001ca39e
ID chybujícího procesu: 0x19c4
Čas spuštění chybující aplikace: 0x01da25690b1edcda
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
ID zprávy: 9ccc2f73-12d4-4297-b5fd-f632b1623525
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/02/2023 08:21:35 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/01/2023 08:23:37 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/01/2023 12:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1648, časové razítko: 0x57cac657
Název chybujícího modulu: Qt5Core.dll, verze: 5.5.0.0, časové razítko: 0x558c6b3a
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000001ca39e
ID chybujícího procesu: 0xebc
Čas spuštění chybující aplikace: 0x01da242245a07105
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
ID zprávy: ca5d64a2-a0a0-4c7d-8bb1-0646fd08c432
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (12/07/2023 01:49:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba System Interface Foundation Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LenovoVantageService byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba EABackgroundService byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Content Protection HECI Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AdaptiveSleepService byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
================
Date: 2023-12-07 13:59:52
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A584C1D5-D6F3-4988-BCED-4B29A7AA172B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2023-12-05 20:38:22
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CF4351C4-E965-4B72-BCCA-4EF70FA197DE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2023-12-04 20:39:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win64/CryptInject
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\ServiceInstaller.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-04 20:39:07
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/AgentTesla!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\ServiceInstaller.msi
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-04 20:39:06
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casdet!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\StartupCheck.vbs
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Event[0]:
Date: 2023-08-30 06:16:34
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.1577.0;1.395.1577.0
Verze modulu: 1.1.23070.1005
Date: 2023-08-29 19:11:38
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.1499.0;1.395.1499.0
Verze modulu: 1.1.23070.1005
Date: 2023-08-10 20:16:41
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.68.0;1.395.68.0
Verze modulu: 1.1.23070.1005
CodeIntegrity:
===============
Date: 2023-12-07 13:15:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 2SCN28WW(V2.08) 08/14/2018
Motherboard: LENOVO Lenovo ideapad 510S-14IKB
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 8035.01 MB
Available physical RAM: 4281.6 MB
Total Virtual: 11579.29 MB
Available Virtual: 7259.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:198.95 GB) (Free:30.83 GB) (Model: SAMSUNG MZ7LN256HMJP-000L2) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.25 GB) (Model: SAMSUNG MZ7LN256HMJP-000L2) NTFS
\\?\Volume{2fcaa96b-d383-4b6d-b146-2268c1533b18}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.37 GB) NTFS
\\?\Volume{87a78d60-e853-41dc-82fd-e82f23dfe57a}\ (LENOVO_PART) (Fixed) (Total:12.3 GB) (Free:1.55 GB) NTFS
\\?\Volume{ed3555ae-147d-4b93-825c-e4a824f1251c}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BEA91B5B)
Partition: GPT.
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2023
Ran by val (administrator) on LAPTOP-SRKCKE8G (LENOVO 80UV) (07-12-2023 19:15:37)
Running from C:\Users\val\Desktop\FRST64.exe
Loaded Profiles: val
Platform: Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-02-10] (LENOVO -> )
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui (No File)
HKLM\...\Run: [CNAP3 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2012-06-14] (CANON INC. -> CANON INC.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8025992 2016-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16776704 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2016-12-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5912648 2020-07-09] (IDRIX SARL -> IDRIX)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2652776 2023-12-07] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Run: [MicrosoftEdgeAutoLaunch_2BD138944824F9E39F1A8E4F21D1EDA9] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3896768 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {05b41f0d-260b-11ec-844d-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {751fc877-1547-11eb-8431-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {e3f70fd1-8f47-11eb-843f-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKLM\...\Windows x64\Print Processors\hpcpp101: C:\Windows\System32\spool\prtprocs\x64\hpcpp101.dll [323584 2010-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\WINDOWS\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\WINDOWS\system32\CNAP3SMD.DLL [1470464 2014-11-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe [2023-12-01] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {40F12D0C-3A03-4608-B5AA-906696DB8D45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {FD464E08-36C5-46C9-92EE-95CA3B600A95} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4682976 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
Task: {BF9FA7E3-7209-4498-8AAA-D11557A4E8B4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {FD373BC9-1948-4C44-8021-A1B86FECAD6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {E36B6601-3A48-4CDE-88E2-09CBD31270AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {A38F279F-5E11-4979-B9DE-90B49481C922} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {DFBB9B2C-B04B-4510-BB3E-E793E36608B5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {1868D39B-23F0-42D7-A853-915C93065543} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {FF6E1E8B-0B32-4A7B-973E-6303C0624ACE} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\46d39c04-a4e7-43ac-8cb8-bd4ef4cdcc7a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {EEFD57E5-4636-4B2B-871F-8608A1146375} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5143f1c8-9526-44e3-89c1-0ea472f92bab => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {909ABC9E-3249-41D7-8112-C466DC3E0D79} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9581e803-a0db-4af0-bfb4-67c9cdaf9651 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {BF8CD1CF-A538-4FAF-8DE2-F14246909354} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d17f0512-a0ff-4398-8ba8-69167ae3c545 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {31574C5D-4EED-4545-813B-56454723AF2A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-842312810-1200612737-2880215622-1001 => C:\Users\val\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [122344 2019-04-04] (Lenovo (Beijing)
ed -> Lenovo Group Limited)
Task: {0EA1570E-7415-4F0A-9D9A-3FD04136BF8F} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {FB54174E-52DE-4A4A-A067-BBE880FF6082} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EC4C5F13-FE5A-4CC5-AC6F-85A9EBFF5981} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {18FB0890-748F-40A8-AE73-CC65B273D4FC} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {617F8B9F-49E5-445B-982D-BA497577A4FA} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {A03056FF-E94D-43A6-B971-BAED50C83E44} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {A39F71D6-1C6E-41F0-B94C-84C99245198F} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {0633D6DF-52A8-4285-8FC8-CC05DE0639FF} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EC81D7A5-3615-421A-A3FC-D650042266ED} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {EDECA634-60BC-4E35-A8D4-3E9D6668F88A} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {4AE13385-7B28-455D-800E-E519058FE307} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {77E86A90-A63C-4939-A3DF-A9342C4CC039} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {2DFCC7E5-AE22-4CE8-B5F5-200962DC089A} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {38FF280E-5BF2-435C-B779-F1A05DD5DE43} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo)
Task: {57F72434-E8AB-477A-BC6A-25B08EB24B84} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {315A35A9-1454-4D9B-9EDD-3FBA1761C1B9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28175336 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {543FA452-E5D4-4899-A01E-7A3253979456} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28175336 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C2CD016-381E-42E9-94A0-8E0BE0EAECA4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218264 2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {B7B25913-DB07-445D-A21C-562DBAF6B55C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218264 2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF312299-D6F1-4DFF-8575-F71AE4F6B49F} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4413336 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {DDC2B38E-0631-42D4-9DB8-1A5051D381D5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [360144 2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {D2190ACE-967B-4584-868C-8632D698F45D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => StartupCheck.vbs (No File)
Task: {FEAC8FB3-48A3-4F20-8937-55612EB9E747} - System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => Maintenance.vbs (No File)
Task: {6B4D982C-9034-4A2C-AF05-527C65CC121F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {49B0B8FE-61A6-4AAA-9268-4B78AE419F9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {85FEA8E7-C4F6-45CB-9B0B-0BF63BB83092} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A61706DA-2CB3-444E-8563-3E122E67EB47} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MpCmdRun.exe [1604680 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {489F28D4-3C08-4A3F-8CDA-F58A51AB31BD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache => {07369A67-07A6-4608-ABEA-379491CB7C46} C:\Windows\System32\UpdatePolicy.dll [251904 2023-11-16] (Microsoft Windows -> Microsoft Corporation)
Task: {2E0AA02A-77FF-482F-A856-6C8B703716FC} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-12-02] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F7EB6D79-E798-45D2-B393-04F139A56925} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-12-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {257EDE34-083D-4035-BB99-535A0350CDCC} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904552 2023-08-15] (Lenovo -> )
Task: {0BA24393-52AE-415A-8BCB-AD080E0BF37F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1904552 2023-08-15] (Lenovo -> )
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8e82220c-7010-41c6-b735-bc0abacdd88b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fb4c2ac2-7a28-46db-b80e-ffd4a387f79f}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\val\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-07]
Edge Extension: (Dokumenty Google offline) - C:\Users\val\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-01]
Edge Extension: (Edge relevant text changes) - C:\Users\val\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-01]
FireFox:
========
FF DefaultProfile: o8uuke26.default
FF ProfilePath: C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\o8uuke26.default [2020-08-22]
FF ProfilePath: C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\9fttahvs.default-release [2023-12-07]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\9fttahvs.default-release\Extensions\firefox@ghostery.com.xpi [2023-08-03]
FF Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\val\AppData\Roaming\Mozilla\Firefox\Profiles\9fttahvs.default-release\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2023-11-09]
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\val\AppData\Local\Google\Chrome\User Data\Default [2022-04-07]
CHR Notifications: Default -> hxxps://web.telegram.org
CHR Extension: (Prezentace) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-25]
CHR Extension: (Dokumenty) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-25]
CHR Extension: (Disk Google) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-25]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-04-07]
CHR Extension: (Tabulky) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-07]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-04-07]
CHR Extension: (Adaware Secure Search) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2019-07-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Bitwarden – Bezplatný správce hesel) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2022-04-07]
CHR Extension: (Gmail) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-09-28]
CHR Notifications: Profile 1 -> hxxps://app.zoom.us; hxxps://meet.google.com
CHR Extension: (Torrent Scanner) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-04-06]
CHR Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2023-08-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\val\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-25]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-09-03] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13233744 2023-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11243624 2023-12-07] (Electronic Arts, Inc. -> Electronic Arts)
S2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 VeraCryptSystemFavorites; C:\WINDOWS\system32\VeraCrypt.exe [5912648 2020-07-09] (IDRIX SARL -> IDRIX)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe [3121120 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe [133704 2023-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 aswbIDSAgent; "C:\Program Files\AVAST Software\Avast\aswidsagent.exe" [X]
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc [X]
S2 avast! Tools; "C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe" /runassvc [X]
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35648 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208024 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [357320 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [249304 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [98760 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-01-04] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41272 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175248 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521336 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107784 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83360 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850112 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465160 2021-03-18] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-02-27] (Avast Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 MpKslfd339c32; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2E176D1-0007-4069-B416-55EFB4A339A7}\MpKslDrv.sys [263560 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [1057864 2016-10-03] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831664 2020-07-09] (IDRIX SARL -> IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55744 2023-11-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [578856 2023-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105768 2023-11-08] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
S2 aswStm; system32\drivers\aswStm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-07 19:15 - 2023-12-07 19:16 - 000029602 _____ C:\Users\val\Desktop\FRST.txt
2023-12-07 19:15 - 2023-12-07 19:15 - 000000000 ____D C:\Users\val\Desktop\FRST-OlderVersion
2023-12-07 13:48 - 2023-12-07 13:49 - 000000000 ____D C:\AdwCleaner
2023-12-07 13:46 - 2023-12-07 13:46 - 008791352 _____ (Malwarebytes) C:\Users\val\Desktop\adwcleaner.exe
2023-12-05 19:52 - 2023-12-07 19:16 - 000000000 ____D C:\FRST
2023-12-05 19:50 - 2023-12-07 19:15 - 002384896 _____ (Farbar) C:\Users\val\Desktop\FRST64.exe
2023-12-04 20:39 - 2023-12-04 20:39 - 000000000 _____ C:\WINDOWS\system32\setup4.2.6.tmp
2023-12-04 12:37 - 2023-12-04 12:37 - 000311736 _____ C:\Users\val\Downloads\pexels-photo-639110.jpeg
2023-12-02 22:35 - 2023-12-02 22:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-11-23 07:02 - 2023-11-23 07:02 - 007578945 _____ C:\Users\val\Downloads\Priloha_k_Metodickemu_pokynu_AS_c_4-2022_Zakladni_pravidla_pro_zpracovani_archivalii_v3-1_-_20221006-2.pdf
2023-11-23 07:01 - 2023-11-23 07:01 - 000226824 _____ C:\Users\val\Downloads\Metodicky_pokyn_AS_c_4-2022_Zakladni_pravidla_pro_zpracovani_archivalii_v3-1_-_20221006-1.pdf
2023-11-23 07:01 - 2023-11-23 07:01 - 000226824 _____ C:\Users\val\Downloads\Metodicky_pokyn_AS_c_4-2022_Zakladni_pravidla_pro_zpracovani_archivalii_v3-1_-_20221006.pdf
2023-11-16 09:15 - 2023-11-16 09:15 - 000000000 ___HD C:\$WinREAgent
2023-11-08 10:50 - 2023-11-08 10:50 - 000018294 _____ C:\Users\val\Downloads\Ikarie_XB_1_seznam-nalezu.xlsx
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-12-07 19:12 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-07 19:03 - 2020-09-26 19:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-07 18:24 - 2021-12-18 18:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-07 18:24 - 2017-12-25 09:57 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-07 18:19 - 2020-09-26 20:07 - 000003768 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-12-07 18:19 - 2020-09-26 20:07 - 000003644 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-12-07 14:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-07 14:50 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-07 14:50 - 2018-06-22 08:31 - 000000000 ____D C:\ProgramData\Packages
2023-12-07 14:50 - 2017-12-25 01:43 - 000000000 ____D C:\Users\val\AppData\Local\Packages
2023-12-07 14:02 - 2022-02-10 19:28 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-12-07 13:54 - 2020-09-26 20:07 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-12-07 13:49 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-12-07 13:28 - 2017-02-10 12:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-12-07 13:10 - 2017-12-24 23:14 - 000000000 __SHD C:\Users\val\IntelGraphicsProfiles
2023-12-05 19:56 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-12-05 19:49 - 2020-03-04 12:27 - 000000000 ____D C:\Users\val\AppData\Roaming\Signal
2023-12-05 18:51 - 2018-10-25 10:51 - 000000000 ____D C:\Users\val\AppData\Local\D3DSCache
2023-12-05 18:19 - 2022-04-12 13:56 - 000000000 ____D C:\Program Files\Adobe
2023-12-05 18:19 - 2022-04-12 13:54 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-12-05 18:19 - 2017-12-25 10:20 - 000000000 ____D C:\ProgramData\Adobe
2023-12-05 18:19 - 2017-12-24 23:14 - 000000000 ____D C:\Users\val\AppData\Roaming\Adobe
2023-12-05 18:17 - 2023-01-18 16:14 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-12-05 18:17 - 2020-08-06 13:56 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-04 21:45 - 2018-03-24 14:14 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\PowerPoint
2023-12-04 21:45 - 2017-12-25 10:31 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\Office
2023-12-04 20:33 - 2017-12-27 15:02 - 000000000 ____D C:\Users\val\Documents\Fotky
2023-12-04 11:48 - 2017-12-27 15:27 - 000000000 ____D C:\Users\val\Documents\NFA
2023-12-03 01:01 - 2018-06-26 18:00 - 000000000 ____D C:\Users\val\AppData\Local\CrashDumps
2023-12-02 22:46 - 2020-08-22 15:07 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-12-02 22:44 - 2017-12-25 11:11 - 000000000 ____D C:\Users\val\AppData\Roaming\vlc
2023-12-01 20:21 - 2020-09-26 20:07 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-12-01 10:08 - 2017-12-25 10:37 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\Excel
2023-12-01 07:50 - 2017-12-25 09:57 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-11-24 18:30 - 2020-09-26 20:09 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-24 18:30 - 2019-12-07 15:41 - 000718024 _____ C:\WINDOWS\system32\perfh005.dat
2023-11-24 18:30 - 2019-12-07 15:41 - 000145166 _____ C:\WINDOWS\system32\perfc005.dat
2023-11-23 12:37 - 2017-12-25 10:31 - 000000000 ____D C:\Users\val\AppData\Roaming\Microsoft\Word
2023-11-22 17:01 - 2020-08-22 15:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-11-17 15:26 - 2020-09-26 20:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-11-17 15:26 - 2020-09-20 08:52 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-17 15:26 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-11-17 15:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-11-17 15:25 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-11-17 15:21 - 2020-09-26 19:50 - 000437848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-11-17 15:21 - 2020-03-26 21:41 - 000000000 ____D C:\WINDOWS\TempInst
2023-11-16 18:37 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cs
2023-11-16 18:37 - 2019-12-07 15:41 - 000000000 ____D C:\WINDOWS\system32\cs
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-11-16 18:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-11-16 18:36 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-11-16 18:36 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-11-16 18:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-11-16 18:36 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2023-11-16 09:35 - 2019-12-07 15:44 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-11-16 09:35 - 2019-12-07 10:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-11-16 09:35 - 2019-12-07 10:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-11-16 09:35 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-11-16 09:27 - 2020-09-26 19:50 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-11-16 08:41 - 2017-12-26 21:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-11-16 08:36 - 2017-12-26 21:37 - 182871392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-11-14 18:18 - 2022-10-12 14:16 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-11-14 18:18 - 2022-10-12 14:16 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-11-14 18:10 - 2017-02-10 12:37 - 000000000 ____D C:\ProgramData\Lenovo
2023-11-13 19:24 - 2017-12-24 23:14 - 000000000 ____D C:\Users\val\AppData\Local\Publishers
2023-11-13 18:46 - 2020-09-26 20:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2023-11-13 18:46 - 2019-01-29 20:39 - 000005757 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2023-11-13 18:46 - 2017-02-10 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2023-11-13 18:46 - 2017-02-10 12:45 - 000000000 ____D C:\Program Files (x86)\Lenovo
2023-11-12 09:55 - 2023-10-15 11:46 - 000000000 ____D C:\Users\val\Documents\nová práce
2023-11-11 19:18 - 2020-08-24 13:12 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-11-08 06:41 - 2018-05-15 07:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2023
Ran by val (07-12-2023 19:18:39)
Running from C:\Users\val\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3693 (X64) (2020-09-26 19:07:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-842312810-1200612737-2880215622-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-842312810-1200612737-2880215622-503 - Limited - Disabled)
Guest (S-1-5-21-842312810-1200612737-2880215622-501 - Limited - Disabled)
val (S-1-5-21-842312810-1200612737-2880215622-1001 - Administrator - Enabled) => C:\Users\val
WDAGUtilityAccount (S-1-5-21-842312810-1200612737-2880215622-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\uTorrent) (Version: 3.5.5.46348 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 18.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01.00.0 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 23.006.20380 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{CB17F29D-81FB-9BE1-F87A-682396B74EAB}) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0903.849.14039 - Advanced Micro Devices, Inc.)
Audio By Harman (HKLM\...\{F2DA805F-3FBD-4A4E-970F-5EE7027107EB}) (Version: 1.4.0.0 - Harman, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.1.2449 - Avast Software)
Canon LBP6230 6240 Uninstaller (HKLM\...\Canon LBP6230 6240) (Version: 6, 3, 1, 0 - Canon Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.79.0.5592 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{3a884fa0-0591-4b54-9aa2-442b4172ec32}) (Version: 13.79.0.5592 - Electronic Arts)
Google Chrome (HKLM\...\{B98EEA88-7820-3A65-A3AF-99A11D1A9D49}) (Version: 119.0.6045.200 - Google, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{3AAD3A73-0D6A-4EFE-93FC-7719DC6C89E4}) (Version: 10.1.1.37 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{C72F5F83-E423-4634-A41F-1E509F2DFAF0}) (Version: 11.6.0.1025 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation) Hidden
Java 8 Update 251 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.5708 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.6.7 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.08.02.25 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.72.0 - Lenovo Group Ltd.)
LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo) Hidden
LenovoUtility (HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Version: 3.0.0.4 - Lenovo)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.17029.20068 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.97 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.17029.20068 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\Teams) (Version: 1.5.00.2164 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 120.0.1 (x64 cs)) (Version: 120.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17029.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17029.20000 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17029.20068 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Signal 1.31.0 (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\{7d96caee-06e6-597c-9f2f-c7bb2e0948b4}) (Version: 1.31.0 - Open Whisper Systems)
Signal 6.39.1 (HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.39.1 - Signal Messenger, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.3961 - Microsoft Corporation)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.102.190.1030 - Electronic Arts Inc.)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.24-Update6 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-14] ()
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-08] (Autodesk Inc.)
Canon Office Printer Utility -> C:\Program Files\WindowsApps\34791E63.CanonOfficePrinterUtility_12.7.0.0_x64__6e5tt8cgb93ep [2023-10-03] (Canon Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-13] (HP Inc.)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2310.18.0_x64__k1h2ywk1493x8 [2023-11-09] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-09-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe [2023-12-07] (Microsoft) [Startup Task]
Polarr Pro Photo Editor -> C:\Program Files\WindowsApps\613EBCEA.PolarrPhotoEditorAcademicEdition_5.11.5.0_x64__jb41c8remg0x2 [2023-06-26] (Polarr)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0 [2023-11-24] (Spotify AB) [Startup Task]
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-12-24] (LENOVO INCORPORATED.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21348.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\val\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igfxDTCM.dll [2016-12-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\val\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\nfa.cz - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) =============
2018-03-23 15:40 - 2013-01-31 18:21 - 000152064 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCENPM6.dll
2018-01-28 20:00 - 2018-01-28 20:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> DefaultScope {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\ssv.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-04-27] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-12-07] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\sharepoint.com -> hxxps://ffuk-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2019-01-11 18:29 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
2019-02-26 12:35 - 2019-02-26 14:33 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\val\Documents\cats.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{53DF42F1-7561-43C9-A2A5-111BC6F77278}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A48785E6-B1BB-4A2C-81A5-648D87238E8E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF8B2468-B47B-48B8-8D56-557AE368D952}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{752A8094-6B82-48EA-AA81-73AE0270DF53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{C46D789A-9EED-4B8D-9827-BF6F768B6A6D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{657C836C-3C7A-4B98-B061-7614D1F8997E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{FB8FFB3A-2D27-40A0-AC51-BE1616AEA0C2}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [TCP Query User{7B5E70FE-8D1B-4379-9A10-D4B6F72774F7}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [{29EF7F6D-2E43-4708-870F-8730C45877FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{B3A9DC44-5009-45D9-9BD4-4801DDBC38E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{04FF5544-5655-4A00-810E-B5F7EDECCFCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{4CC2DEC2-E897-434B-BD28-C510E0B03B19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{D9B5A20B-9552-4EE7-BF60-2EE583EAD73A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{168EB396-4590-4FA1-8567-304B97DC186A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{14118108-3FBA-4B04-9D53-5A725AEC0964}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3F5C655A-9E35-48F7-8002-A70C845674F8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D6E560A5-308F-47AB-9414-4BF197B13977}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FAFC57BD-CA6C-4D53-9EEC-6E31B8F2B56F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12ABF23A-93B9-49E2-856E-8C3D66A08A3C}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{C5492852-B4B6-4FCE-84B7-5E4070DD5ED6}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{E873DBE2-EC41-4E6D-BC36-F465A46083C6}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{86553A20-A17A-4951-8809-F257222AC8C7}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [TCP Query User{B45D1FC0-316F-4E0C-818D-8F7D707AC211}C:\users\val\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\val\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{D9349506-7338-4F03-B9B2-8143C4C7B6C2}C:\users\val\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\val\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{21446445-A19F-40DF-A39A-09A702AAA122}C:\users\val\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\val\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0209C036-5747-4181-8E11-687342457D9D}C:\users\val\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\val\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9E7208B0-A883-4B8B-BF44-37AC0E35ABDB}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{BB1CAF69-D086-4F3C-9D21-236732DBD3D4}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AD973968-9A3B-4164-999A-DCEF5A392054}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{D74321A8-E482-473A-B43D-37DDB05EDC25}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{A7C5DD3E-1932-481B-927A-49103E5F1C4D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6B2ED506-A55B-4C7F-A524-5311C4AEE812}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0784A71A-059C-4C48-A825-969E9167380A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BE35DCF-154E-4B25-9DF6-15CDC3B8004E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{DD570DE4-230A-4F07-BEBD-22177573F358}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{95F4FE4B-DA8C-4140-B823-143225E7DC60}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A8567441-0E2E-4B3B-A51F-A720993B4159}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{8220787E-8AC7-4FD4-98F6-4A6AE1F5417D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{67F1957F-002E-4BB2-93A4-F526CCDCC576}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{42B3FEC4-C9C2-4B1D-B8BC-D66BAF771B59}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{03145C7E-0F85-474D-8EA0-E5A1C221B4B0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{54637E42-58BD-41C9-B413-C842F48FA693}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C66A9FAE-3627-4BF0-BF8A-1C9A170E4316}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6F906116-9B26-4DAA-9C07-EE13FC097797}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{098853C6-91A2-447A-B1AA-A4A13C2635B8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo)
FirewallRules: [{5D4C382F-4067-40E1-8281-210FC89D88E8}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> Lenovo)
FirewallRules: [{746F4570-051E-473A-8D11-A3475CCBBBCA}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{F4DC37BF-5716-4106-B445-D355008C45A2}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{3D90B81F-5F95-40A8-ACEF-62E186E04C99}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0B21C83D-0417-48F1-85A8-CC647699A948}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4EE392F9-2662-417B-BBBF-14E098722CD2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B1278983-1B81-47BD-B423-D06B4763F3F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9A931F76-13AC-41A4-8F58-686608E023A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8A7BDDB7-6ED2-4058-8D3B-2B45EFDF285E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{738FF13D-E7C4-4830-B8E8-57AF903E81D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E2B1A7FF-9C65-4CB4-A26A-49F5F74658A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D104DB60-538E-4077-B8CC-F9961A08268F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3B0972D0-961C-4DB4-B02A-2E80A1EE62FE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.225.1011.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E72FD571-BACA-492C-BBC6-550C0BA84340}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3D440EBC-0F24-4431-BC83-E4EB61B38C13}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3E842F7-ACF2-48D2-9525-FB219AE13931}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DB4F67A1-DB2A-4F13-9909-DBEDE164D625}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{597F5489-67C6-4361-B61D-082A40DF5D68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE332158-B868-48A0-8C10-3663233377A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{51D2A0D6-F406-46F9-919D-16A9A812F129}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0293A25D-D4D8-4902-B76C-33C077C6EC3E}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
03-12-2023 15:33:14 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/07/2023 01:13:43 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/05/2023 07:44:45 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/04/2023 07:44:45 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/04/2023 06:35:22 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/03/2023 01:01:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1648, časové razítko: 0x57cac657
Název chybujícího modulu: Qt5Core.dll, verze: 5.5.0.0, časové razítko: 0x558c6b3a
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000001ca39e
ID chybujícího procesu: 0x19c4
Čas spuštění chybující aplikace: 0x01da25690b1edcda
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
ID zprávy: 9ccc2f73-12d4-4297-b5fd-f632b1623525
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (12/02/2023 08:21:35 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/01/2023 08:23:37 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/01/2023 12:27:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: RadeonSettings.exe, verze: 10.1.1.1648, časové razítko: 0x57cac657
Název chybujícího modulu: Qt5Core.dll, verze: 5.5.0.0, časové razítko: 0x558c6b3a
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000001ca39e
ID chybujícího procesu: 0xebc
Čas spuštění chybující aplikace: 0x01da242245a07105
Cesta k chybující aplikaci: C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
Cesta k chybujícímu modulu: C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
ID zprávy: ca5d64a2-a0a0-4c7d-8bb1-0646fd08c432
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
System errors:
=============
Error: (12/07/2023 01:49:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba System Interface Foundation Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba LenovoVantageService byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba EABackgroundService byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Content Protection HECI Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AdaptiveSleepService byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error: (12/07/2023 01:49:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.
Windows Defender:
================
Date: 2023-12-07 13:59:52
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A584C1D5-D6F3-4988-BCED-4B29A7AA172B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2023-12-05 20:38:22
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CF4351C4-E965-4B72-BCCA-4EF70FA197DE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2023-12-04 20:39:11
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win64/CryptInject
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\ServiceInstaller.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-04 20:39:07
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/AgentTesla!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\ServiceInstaller.msi
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Date: 2023-12-04 20:39:06
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Casdet!rfn
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Windows\System32\StartupCheck.vbs
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-SRKCKE8G\val
Název procesu: C:\Program Files\Adobe\Adobe Photoshop 2020\photoshop.exe
Verze bezpečnostních informací: AV: 1.401.1643.0, AS: 1.401.1643.0, NIS: 1.401.1643.0
Verze modulu: AM: 1.1.23100.2009, NIS: 1.1.23100.2009
Event[0]:
Date: 2023-08-30 06:16:34
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.1577.0;1.395.1577.0
Verze modulu: 1.1.23070.1005
Date: 2023-08-29 19:11:38
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.1499.0;1.395.1499.0
Verze modulu: 1.1.23070.1005
Date: 2023-08-10 20:16:41
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Aktuální
Kód chyby: 0x80501102
Popis chyby: Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.
Verze bezpečnostních informací: 1.395.68.0;1.395.68.0
Verze modulu: 1.1.23070.1005
CodeIntegrity:
===============
Date: 2023-12-07 13:15:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2848511bc3f67d29\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 2SCN28WW(V2.08) 08/14/2018
Motherboard: LENOVO Lenovo ideapad 510S-14IKB
Processor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 8035.01 MB
Available physical RAM: 4281.6 MB
Total Virtual: 11579.29 MB
Available Virtual: 7259.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:198.95 GB) (Free:30.83 GB) (Model: SAMSUNG MZ7LN256HMJP-000L2) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.25 GB) (Model: SAMSUNG MZ7LN256HMJP-000L2) NTFS
\\?\Volume{2fcaa96b-d383-4b6d-b146-2268c1533b18}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.37 GB) NTFS
\\?\Volume{87a78d60-e853-41dc-82fd-e82f23dfe57a}\ (LENOVO_PART) (Fixed) (Total:12.3 GB) (Free:1.55 GB) NTFS
\\?\Volume{ed3555ae-147d-4b93-825c-e4a824f1251c}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: BEA91B5B)
Partition: GPT.
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola po zachycení hrozeb
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Start
CloseProcesses:
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {05b41f0d-260b-11ec-844d-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {751fc877-1547-11eb-8431-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {e3f70fd1-8f47-11eb-843f-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {FD373BC9-1948-4C44-8021-A1B86FECAD6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {E36B6601-3A48-4CDE-88E2-09CBD31270AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {BF9FA7E3-7209-4498-8AAA-D11557A4E8B4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {D2190ACE-967B-4584-868C-8632D698F45D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => StartupCheck.vbs (No File)
Task: {FEAC8FB3-48A3-4F20-8937-55612EB9E747} - System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => Maintenance.vbs (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\DumpStack.log.tmp
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ontextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> DefaultScope {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
FirewallRules: [{D9B5A20B-9552-4EE7-BF60-2EE583EAD73A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{168EB396-4590-4FA1-8567-304B97DC186A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
irewallRules: [TCP Query User{E873DBE2-EC41-4E6D-BC36-F465A46083C6}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{86553A20-A17A-4951-8809-F257222AC8C7}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
C:\Windows\System32\ServiceInstaller.exe
C:\Windows\System32\ServiceInstaller.msi
C:\Windows\System32\StartupCheck.vbs
EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola po zachycení hrozeb
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2023
Ran by val (08-12-2023 10:47:33) Run:1
Running from C:\Users\val\Desktop
Loaded Profiles: val
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {05b41f0d-260b-11ec-844d-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {751fc877-1547-11eb-8431-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {e3f70fd1-8f47-11eb-843f-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {FD373BC9-1948-4C44-8021-A1B86FECAD6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {E36B6601-3A48-4CDE-88E2-09CBD31270AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {BF9FA7E3-7209-4498-8AAA-D11557A4E8B4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {D2190ACE-967B-4584-868C-8632D698F45D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => StartupCheck.vbs (No File)
Task: {FEAC8FB3-48A3-4F20-8937-55612EB9E747} - System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => Maintenance.vbs (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\DumpStack.log.tmp
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ontextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> DefaultScope {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
FirewallRules: [{D9B5A20B-9552-4EE7-BF60-2EE583EAD73A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{168EB396-4590-4FA1-8567-304B97DC186A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
irewallRules: [TCP Query User{E873DBE2-EC41-4E6D-BC36-F465A46083C6}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{86553A20-A17A-4951-8809-F257222AC8C7}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
C:\Windows\System32\ServiceInstaller.exe
C:\Windows\System32\ServiceInstaller.msi
C:\Windows\System32\StartupCheck.vbs
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => Error = 5
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05b41f0d-260b-11ec-844d-98541bf1d6a9} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{751fc877-1547-11eb-8431-98541bf1d6a9} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3f70fd1-8f47-11eb-843f-98541bf1d6a9} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD373BC9-1948-4C44-8021-A1B86FECAD6B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD373BC9-1948-4C44-8021-A1B86FECAD6B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E36B6601-3A48-4CDE-88E2-09CBD31270AA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E36B6601-3A48-4CDE-88E2-09CBD31270AA}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BF9FA7E3-7209-4498-8AAA-D11557A4E8B4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF9FA7E3-7209-4498-8AAA-D11557A4E8B4}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2190ACE-967B-4584-868C-8632D698F45D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2190ACE-967B-4584-868C-8632D698F45D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEAC8FB3-48A3-4F20-8937-55612EB9E747}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEAC8FB3-48A3-4F20-8937-55612EB9E747}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\InstallWinSAT" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => removed successfully
ontextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
"HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9B5A20B-9552-4EE7-BF60-2EE583EAD73A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{168EB396-4590-4FA1-8567-304B97DC186A}" => removed successfully
irewallRules: [TCP Query User{E873DBE2-EC41-4E6D-BC36-F465A46083C6}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{86553A20-A17A-4951-8809-F257222AC8C7}C:\users\val\appdata\roaming\utorrent web\utweb.exe" => removed successfully
"C:\Windows\System32\ServiceInstaller.exe" => not found
"C:\Windows\System32\ServiceInstaller.msi" => not found
"C:\Windows\System32\StartupCheck.vbs" => not found
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 275245975 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 238792700 B
Windows/system/drivers => 31721030 B
Edge => 2693193 B
Chrome => 609921265 B
Firefox => 1209870407 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 50060 B
NetworkService => 1280194 B
val => 142799286 B
RecycleBin => 11300934579 B
EmptyTemp: => 12.9 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-12-2023 10:54:50)
C:\DumpStack.log.tmp => Could not move
Result of scheduled keys to remove after reboot:
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
==== End of Fixlog 10:54:50 ====
Ran by val (08-12-2023 10:47:33) Run:1
Running from C:\Users\val\Desktop
Loaded Profiles: val
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {05b41f0d-260b-11ec-844d-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {751fc877-1547-11eb-8431-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\...\MountPoints2: {e3f70fd1-8f47-11eb-843f-98541bf1d6a9} - "E:\Lenovo_Suite.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {FD373BC9-1948-4C44-8021-A1B86FECAD6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {E36B6601-3A48-4CDE-88E2-09CBD31270AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-12-25] (Google Inc -> Google Inc.)
Task: {BF9FA7E3-7209-4498-8AAA-D11557A4E8B4} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (No File)
Task: {D2190ACE-967B-4584-868C-8632D698F45D} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => StartupCheck.vbs (No File)
Task: {FEAC8FB3-48A3-4F20-8937-55612EB9E747} - System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => Maintenance.vbs (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\DumpStack.log.tmp
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\val\AppData\Local\Microsoft\OneDrive\19.232.1124.0005\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\val\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ontextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> DefaultScope {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
SearchScopes: HKU\S-1-5-21-842312810-1200612737-2880215622-1001 -> {BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} URL =
FirewallRules: [{D9B5A20B-9552-4EE7-BF60-2EE583EAD73A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{168EB396-4590-4FA1-8567-304B97DC186A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
irewallRules: [TCP Query User{E873DBE2-EC41-4E6D-BC36-F465A46083C6}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
FirewallRules: [UDP Query User{86553A20-A17A-4951-8809-F257222AC8C7}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File
C:\Windows\System32\ServiceInstaller.exe
C:\Windows\System32\ServiceInstaller.msi
C:\Windows\System32\StartupCheck.vbs
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => Error = 5
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05b41f0d-260b-11ec-844d-98541bf1d6a9} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{751fc877-1547-11eb-8431-98541bf1d6a9} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3f70fd1-8f47-11eb-843f-98541bf1d6a9} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD373BC9-1948-4C44-8021-A1B86FECAD6B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD373BC9-1948-4C44-8021-A1B86FECAD6B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E36B6601-3A48-4CDE-88E2-09CBD31270AA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E36B6601-3A48-4CDE-88E2-09CBD31270AA}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BF9FA7E3-7209-4498-8AAA-D11557A4E8B4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF9FA7E3-7209-4498-8AAA-D11557A4E8B4}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2190ACE-967B-4584-868C-8632D698F45D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2190ACE-967B-4584-868C-8632D698F45D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEAC8FB3-48A3-4F20-8937-55612EB9E747}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEAC8FB3-48A3-4F20-8937-55612EB9E747}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\InstallWinSAT" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2} => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => removed successfully
ontextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll -> No File => Error: No automatic fix found for this entry.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
"HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-842312810-1200612737-2880215622-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BAA2ABC8-5D68-4F5C-8B3D-CC5ED7EBEF29} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9B5A20B-9552-4EE7-BF60-2EE583EAD73A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{168EB396-4590-4FA1-8567-304B97DC186A}" => removed successfully
irewallRules: [TCP Query User{E873DBE2-EC41-4E6D-BC36-F465A46083C6}C:\users\val\appdata\roaming\utorrent web\utweb.exe] => (Block) C:\users\val\appdata\roaming\utorrent web\utweb.exe => No File => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{86553A20-A17A-4951-8809-F257222AC8C7}C:\users\val\appdata\roaming\utorrent web\utweb.exe" => removed successfully
"C:\Windows\System32\ServiceInstaller.exe" => not found
"C:\Windows\System32\ServiceInstaller.msi" => not found
"C:\Windows\System32\StartupCheck.vbs" => not found
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 275245975 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 238792700 B
Windows/system/drivers => 31721030 B
Edge => 2693193 B
Chrome => 609921265 B
Firefox => 1209870407 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 50060 B
NetworkService => 1280194 B
val => 142799286 B
RecycleBin => 11300934579 B
EmptyTemp: => 12.9 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-12-2023 10:54:50)
C:\DumpStack.log.tmp => Could not move
Result of scheduled keys to remove after reboot:
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
==== End of Fixlog 10:54:50 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola po zachycení hrozeb
Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola po zachycení hrozeb
Moc děkuju!
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola po zachycení hrozeb
Rádo se stalo a hezké svátky! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?