VIRY.CZ

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-09-2024
Ran by pc (administrator) on DESKTOP-BUIQGPN (13-09-2024 18:18:03)
Running from C:\Users\pc\Desktop\FRST64.exe
Loaded Profiles: pc
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4894 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avira Operations GmbH & Co. KG -> Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe <2>
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.22051.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.22051.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\96.0.0.0\GoogleDriveFS.exe [61313128 2024-08-29] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\96.0.0.0\GoogleDriveFS.exe [61313128 2024-08-29] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [269cb9d1f0c741c63247e1d77e6f3f30] => C:\WINDOWS\system32\.. [0 ] () <==== ATTENTION [zero byte? (Error=123)]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\96.0.0.0\GoogleDriveFS.exe [61313128 2024-08-29] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [] => [X]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [Mozilla-Firefox-308046B0AF4A39CB] => "C:\Program Files\Mozilla Firefox\firefox.exe" -os-autostart [672328 2024-09-13] (Mozilla Corporation -> Mozilla Corporation)
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\96.0.0.0\GoogleDriveFS.exe [61313128 2024-08-29] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpfpp70v: C:\Windows\System32\spool\prtprocs\x64\hpfpp70v.dll [248320 2009-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\hpf3l70v.dll: C:\WINDOWS\system32\hpf3l70v.dll [136704 2009-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\128.0.6613.138\Installer\chrmstp.exe [2024-09-13] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2020-05-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
GroupPolicy-Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {D1535C3B-0F85-4DB1-9BAD-82CC90B87592} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1563080 2024-07-31] (Adobe Inc. -> Adobe Inc.)
Task: {46F0A6F5-59A4-4FA8-B6DA-702004DCD84F} - System32\Tasks\Avira_FallbackUpdater => C:\Windows\System32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start AviraFallbackUpdater Delayed=false
Task: {A89168E7-F8FB-4107-8BC8-04029A3C61F7} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {A89168E7-F8FB-4107-8BC8-04029A3C61F7} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {A89168E7-F8FB-4107-8BC8-04029A3C61F7} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {892409B0-8DAE-4061-AC5F-D7617A7958DD} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [259944 2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {70246CBD-83CE-4B5E-A8D1-F4BC28BE7D01} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1775464 2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {8D68F718-A2F0-4B69-8CCF-DA61A8732A0A} - System32\Tasks\Avira_Security_Update => C:\Windows\System32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {B68BFE6E-BA36-446F-939A-73003595D7E4} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [36795696 2024-07-30] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {FA0CC396-A006-4FC9-95FB-8ED11AA61CC9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2023-01-11] (Piriform Software Ltd -> Piriform)
Task: {15C2B97F-0565-4AE4-98A7-79868B43EC8E} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4713808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "78a0de2e-f955-42b2-8d6d-3afa08300105" --version "6.08.10255" --silent
Task: {4AFD4361-3790-4372-99CC-C9C0AC89FD8B} - System32\Tasks\CCleanerSkipUAC - pc => C:\Program Files\CCleaner\CCleaner.exe [32617808 2023-01-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {020B8D4F-ED6C-48BF-A706-92C3EDA12CEA} - System32\Tasks\ebtools => C:\Program Files (x86)\EUROBYTE TOOLS\vp4.exe [302976 2021-03-01] (EUROBYTE SOFTWARE s.r.o. -> OEM) [File not signed]
Task: {CCEB053C-47CC-4EC1-91FC-9526F5AB8AE8} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem130.0.6679.0{18539067-907A-4B93-9164-1B983557AEBD} => C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe [4884584 2024-08-26] (Google LLC -> Google LLC)
Task: {E82577BD-23B3-4A41-9F27-CE6FC843C9EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F914EE8F-E56F-4F97-A9E9-718ED5B87C2B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E8A242F5-72F1-4D68-8B23-CC3C3D78A15B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MpCmdRun.exe [545704 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {988810E1-AD54-474C-8417-5A390FF734E6} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672328 2024-09-13] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {7001C3B8-9213-48AE-9B14-6014F1DC1DCF} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-591005949-3795881383-2982760695-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672328 2024-09-13] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {B6E1FF0D-1C00-47ED-B170-9272CD34ECC1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-13] (Mozilla Corporation -> Mozilla Foundation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{149cf3b3-c02f-49aa-b596-50caa31125bf}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{149cf3b3-c02f-49aa-b596-50caa31125bf}: [DhcpDomain] home

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\pc\AppData\Local\Microsoft\Edge\User Data\Default [2024-08-23]
Edge HomePage: Default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
Edge StartupUrls: Default -> "hxxps://poshukach.com?fr=ps&gp=496723&altserp=1"
Edge DefaultSearchURL: Default -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496723&altserp=1
Edge DefaultSearchKeyword: Default -> poshukach engin search
Edge DefaultSuggestURL: Default -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
Edge Extension: (Dokumenty Google offline) - C:\Users\pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\pc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]

FireFox:
========
FF DefaultProfile: dc063tec.default
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\dc063tec.default [2022-03-13]
FF Homepage: Mozilla\Firefox\Profiles\dc063tec.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF NewTab: Mozilla\Firefox\Profiles\dc063tec.default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF Extension: (Avira Password Manager) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\dc063tec.default\Extensions\passwordmanager@avira.com [2020-05-08]
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315 [2024-09-13]
FF Homepage: Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315 -> google.com
FF NewTab: Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315 -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
FF Notifications: Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315 -> hxxps://www.fastshare.cz; hxxps://www.mydates.com; hxxps://www.elitedate.cz; hxxps://www.chatzone.com
FF Extension: (Blokátor reklam AdGuard) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\Extensions\adguardadblocker@adguard.com.xpi [2024-09-04]
FF Extension: (To Google Translate) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2021-06-22]
FF Extension: (Linkificator) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\Extensions\linkificator@markapola.xpi [2021-03-22]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\searchplugins\Poshukach Engin Search.xml [2022-03-13]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-08-23] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2024-07-03]
CHR HomePage: Default -> hxxps://poshukach.com?fr=ps&gp=496723&altserp=1
CHR StartupUrls: Default -> "hxxps://poshukach.com?fr=ps&gp=496723&altserp=1"
CHR DefaultSearchURL: Default -> hxxps://poshukach.com/search?q={searchTerms}&fr=ps&gp=496723&altserp=1
CHR DefaultSearchKeyword: Default -> poshukach engin search
CHR DefaultSuggestURL: Default -> hxxps://suggest.finditnowonline.com/suggestionfeed/suggestion?format=json&gd=496721&q={searchTerms}
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-10-27]
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-10-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-25]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\pc\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera:
=======
OPR Profile: C:\Users\pc\AppData\Roaming\Opera Software\Opera Stable [2024-07-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-07-31] (Adobe Inc. -> Adobe Inc.)
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6738360 2024-04-26] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3004688 2022-07-22] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [398816 2024-04-23] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [265936 2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [296656 2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH)
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11799776 2024-09-06] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11799776 2024-09-06] (Avira Operations GmbH -> Avira Operations GmbH)
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [25720 2020-08-18] (Avira Operations GmbH & Co. KG -> Olof Lagerkvist)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [530488 2024-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2022-03-03] (Bitdefender SRL -> Bitdefender)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [176712 2024-03-14] (Microsoft Windows Hardware Compatibility Publisher -> Avira Operations GmbH)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [233560 2023-06-23] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R2 googledrivefs31626; C:\Program Files\Google\Drive File Stream\Drivers\31626\googledrivefs31626.sys [384096 2024-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [95376 2020-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Olof Lagerkvist)
R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [100128 2022-06-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 rtp1; C:\WINDOWS\System32\DRIVERS\rtp1.sys [430280 2024-08-20] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp2; C:\WINDOWS\System32\DRIVERS\rtp2.sys [430280 2024-08-20] (Avira Operations GmbH -> Avira Operations GmbH)
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28768 2024-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [49664 2022-07-14] (Microsoft Corporation) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-01-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-01-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-16] (Microsoft Windows -> Microsoft Corporation)
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-09-13 17:44 - 2024-09-13 17:50 - 3847912433 _____ C:\Users\pc\Downloads\To.sa.mi.snáď.len.zdá.WEB-DL.CZ.EN.2023.1080p.mkv
2024-09-13 06:39 - 2024-09-13 06:39 - 000000000 ___HD C:\$WinREAgent
2024-09-12 19:57 - 2024-09-12 19:58 - 000000000 ____D C:\Users\pc\Downloads\Černá voda S01.CZ.WebRip.1080p.HEVC.C4U
2024-09-12 19:57 - 2024-09-12 19:57 - 000016049 _____ C:\Users\pc\Downloads\[SkT]Cerna_voda___Händelser_vid_vatten___Blackwater_S01_(CZ)[WebRip][1080p][HEVC]_=_CSFD_68_.torrent
2024-09-12 16:02 - 2024-09-12 16:02 - 000000000 ____D C:\Users\pc\Downloads\Ostrov miliardářů_S01
2024-09-02 18:34 - 2024-09-02 18:34 - 000000000 ____D C:\Users\pc\AppData\LocalLow\Perun Creative
2024-08-27 15:27 - 2024-08-27 15:27 - 000269793 _____ C:\Users\pc\Downloads\priloha_1404100947_0_attachment.pdf
2024-08-20 17:04 - 2024-08-20 17:04 - 000000000 ____D C:\f62165b0b552a7dc94115c0d557bc6
2024-08-18 08:55 - 2024-08-18 08:55 - 000000549 _____ C:\Users\Public\Desktop\Sex Chess.lnk
2024-08-16 18:17 - 2024-08-16 18:17 - 000003888 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Maintenance
2024-08-16 18:17 - 2024-08-16 18:17 - 000003428 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2024-08-16 18:17 - 2024-08-16 18:17 - 000002818 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Systray
2024-08-14 18:58 - 2024-08-14 19:06 - 3644015387 _____ C:\Users\pc\Downloads\Bál.šílených.žen.HDTV.CZ.2021.1080p.mkv
2024-08-14 18:58 - 2024-08-14 19:05 - 000000000 ____D C:\Users\pc\Downloads\Better off Ted - Ted a spol - S02

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-09-13 18:20 - 2024-02-17 15:48 - 000022304 _____ C:\Users\pc\Desktop\FRST.txt
2024-09-13 18:19 - 2021-05-28 16:45 - 000000000 ____D C:\FRST
2024-09-13 18:17 - 2021-05-28 16:45 - 002397696 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2024-09-13 18:16 - 2021-01-16 15:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-09-13 17:49 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-13 17:35 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-13 17:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-09-13 17:31 - 2020-06-06 17:49 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-13 17:31 - 2020-06-06 17:49 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-09-13 17:28 - 2020-05-08 03:15 - 000000000 ____D C:\Program Files\CCleaner
2024-09-13 17:22 - 2024-08-13 15:39 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-09-13 17:22 - 2021-10-13 23:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-09-13 17:22 - 2020-05-07 18:07 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-09-13 17:22 - 2020-05-07 18:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-13 17:18 - 2021-01-16 15:33 - 000000000 ____D C:\Users\pc
2024-09-13 17:17 - 2021-01-16 15:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-09-13 17:17 - 2021-01-16 15:25 - 000008192 ___SH C:\DumpStack.log.tmp
2024-09-13 17:17 - 2020-05-07 17:27 - 000000000 ____D C:\ProgramData\NVIDIA
2024-09-13 17:15 - 2022-03-14 18:25 - 000000000 ____D C:\Users\pc\AppData\Roaming\qBittorrent
2024-09-13 06:40 - 2020-05-08 03:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-09-13 06:39 - 2021-12-18 16:13 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-09-12 14:28 - 2021-01-16 15:43 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-09-12 14:28 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2024-09-12 14:28 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2024-09-12 14:28 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2024-09-12 14:17 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-09-12 14:15 - 2021-01-16 15:26 - 000268176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-09-12 14:05 - 2023-02-15 19:30 - 003028816 _____ C:\WINDOWS\system32\rtp.db
2024-09-12 14:01 - 2019-12-07 16:47 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-09-12 14:01 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-09-12 14:01 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-09-12 10:11 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-09-12 09:57 - 2021-01-16 15:31 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-09-12 08:50 - 2020-05-07 21:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-09-12 08:45 - 2020-05-07 21:09 - 199688632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-09-10 16:35 - 2021-01-16 10:49 - 000000000 ____D C:\Users\pc\AppData\Local\D3DSCache
2024-09-08 15:16 - 2021-01-16 15:51 - 000003640 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-08 15:16 - 2021-01-16 15:51 - 000003516 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-05 08:31 - 2024-02-16 15:51 - 000284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_4.dll
2024-09-05 08:31 - 2022-11-06 18:16 - 000124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-09-05 08:31 - 2022-11-06 18:16 - 000075192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-09-05 08:31 - 2021-11-19 07:46 - 000210360 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-09-05 08:31 - 2021-05-29 20:15 - 002799144 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-09-05 08:31 - 2021-05-29 20:15 - 000783912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-09-05 08:31 - 2021-05-29 20:15 - 000243240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-09-05 08:31 - 2021-05-29 20:15 - 000149032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-09-04 17:24 - 2023-02-09 21:20 - 000002892 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - pc
2024-09-02 18:34 - 2018-07-30 05:20 - 000000000 ____D C:\Users\Public\Documents\Steam
2024-08-29 17:13 - 2021-10-01 17:25 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-08-29 17:13 - 2021-10-01 17:25 - 000002008 _____ C:\Users\Default\Desktop\Google Slides.lnk
2024-08-29 17:13 - 2021-10-01 17:25 - 000002008 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2024-08-29 17:13 - 2021-10-01 17:25 - 000001996 _____ C:\Users\Default\Desktop\Google Docs.lnk
2024-08-28 11:16 - 2021-01-16 15:51 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-08-28 11:15 - 2023-06-29 14:37 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-08-28 11:15 - 2023-06-29 14:37 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-08-20 17:18 - 2024-03-14 17:28 - 000430280 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp2.sys
2024-08-20 17:18 - 2024-03-14 17:28 - 000430280 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp1.sys
2024-08-20 17:04 - 2021-05-22 21:44 - 000003920 _____ C:\WINDOWS\system32\Drivers\etc\hosts.rollback
2024-08-20 17:01 - 2020-05-08 03:17 - 000000000 ____D C:\ProgramData\Package Cache
2024-08-20 16:57 - 2021-02-02 23:44 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2024-08-20 16:28 - 2020-06-26 16:09 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2024-08-16 18:30 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-08-16 18:20 - 2020-05-07 20:03 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-08-16 18:17 - 2021-04-16 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2024-08-16 18:17 - 2021-02-02 20:05 - 000003474 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2024-08-16 18:16 - 2021-04-16 22:41 - 000001078 _____ C:\Users\Public\Desktop\Avira.lnk
2024-08-15 00:32 - 2020-05-07 18:01 - 000000000 ____D C:\ProgramData\Packages
2024-08-15 00:32 - 2020-05-07 18:00 - 000000000 ____D C:\Users\pc\AppData\Local\Packages
2024-08-15 00:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-08-15 00:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-08-15 00:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-08-15 00:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-08-15 00:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning

==================== Files in the root of some directories ========

2021-05-16 21:27 - 2021-05-17 18:31 - 000012288 _____ () C:\Users\pc\AppData\Roaming\emp.bin

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2024
Ran by pc (13-09-2024 18:28:18)
Running from C:\Users\pc\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4894 (X64) (2021-01-16 13:52:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-591005949-3795881383-2982760695-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-591005949-3795881383-2982760695-503 - Limited - Disabled)
Guest (S-1-5-21-591005949-3795881383-2982760695-501 - Limited - Disabled)
pc (S-1-5-21-591005949-3795881383-2982760695-1001 - Administrator - Enabled) => C:\Users\pc
WDAGUtilityAccount (S-1-5-21-591005949-3795881383-2982760695-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Security (Enabled - Up to date) {4C413022-CD14-1794-9EDE-74904041925B}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Avira Security (Enabled) {BE55A40C-05CA-1096-36EB-CCA92DEAF539}
FW: Avira Security (Enabled) {877B141C-E73B-9A54-223E-108CC963426A}
FW: Avira Security (Enabled) {71EC0A3F-391C-0E33-A103-0C8A6DF0EBF0}
FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523}
FW: Avira Security (Enabled) {12CE3622-C811-64DE-1773-AA1774F2B8E1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 1.6.1 - )
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1029-1033-7760-BC15014EA700}) (Version: 24.003.20054 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601078}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version: - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.44.1.19908 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.103.1167 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 7.3.0.502 - Avira Operations GmbH) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 6.08 - Piriform)
Endling - Extinction is Forever (HKLM-x32\...\2076457657_is1) (Version: 0.17.17 - GOG.com)
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2206.2990 - Avira Operations GmbH & Co. KG) Hidden
FastShare.cz verze 2.4.0 (HKLM-x32\...\FastShare.cz_is1) (Version: 2.4.0 - )
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: 2.2.0.0205 - Foxit Software)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 96.0.0.0 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 128.0.6613.138 - Google LLC)
Hellbound (HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Hellbound) (Version: - HOODLUM)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{BCDD692B-172D-440A-9A1B-501C71D72CC8}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Kontrola stavu osobního počítače s Windows (HKLM\...\{D1F15F7A-707A-42BD-BE6B-3380616F796D}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 128.0.2739.67 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 130.0 (x64 cs)) (Version: 130.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 76.0 - Mozilla)
NVIDIA Ovladače grafiky 512.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.15 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ori and The Blind Forest: Definitive Edition (HKLM-x32\...\1384944984_is1) (Version: 1.0 - GOG.com)
Prince of Persia - The Two Thrones (HKLM-x32\...\1207659091_is1) (Version: 1.1 v2 - GOG.com)
Prince of Persia Zapomenuté písky verze 1.3 (HKLM-x32\...\{5C7E4938-6E2A-48BB-9C24-5CA3CD0D980C}_is1) (Version: 1.3 - tomi2k9)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.5.4 - The qBittorrent project)
Scars Above verze 1.0.0.134246 (HKLM\...\{E021EF5B-DC05-4325-9286-AAF98AEDF833}_is1) (Version: 1.0.0.134246 - Threadt)
Sex Chess (HKLM-x32\...\Sex Chess_is1) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skully (HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Skully) (Version: - HOODLUM)
SteamWorld Heist II (HKLM-x32\...\SteamWorld Heist II_is1) (Version: - )
The Saboteur (HKLM-x32\...\1403000599_is1) (Version: 2.1.0.4 - GOG.com)
The Saboteur Čeština (HKLM-x32\...\The Saboteur Čeština 1.2.0) (Version: 1.2.0 - BonusWeb)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version: - )
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 126.1.10597 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Unlocker (HKLM-x32\...\{5577A25D-E4FE-4BFB-A660-E0D766BC4EDD}) (Version: 1.9.2 - ajua Custom Installers)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Vidmore Player 1.1.26 (HKLM-x32\...\{013786C4-21D4-45E3-88CD-86481399AD42}_is1) (Version: 1.1.26 - Vidmore)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)

Packages:
=========

Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2024-06-15] ()
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_155.1.1088.0_x64__v10z8vjag6ke6 [2024-08-06] (HP Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-24] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-591005949-3795881383-2982760695-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-591005949-3795881383-2982760695-1001_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\localserver32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\MicrosoftListSync.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-591005949-3795881383-2982760695-1001_Classes\CLSID\{917E8742-AA3B-7318-FA12-10485FB322A2}\localserver32 -> C:\Users\pc\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\MicrosoftListSync.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\96.0.0.0\drivefsext.dll [2024-08-29] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\96.0.0.0\drivefsext.dll [2024-08-29] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\96.0.0.0\drivefsext.dll [2024-08-29] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\96.0.0.0\drivefsext.dll [2024-08-29] (Google LLC -> Google, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\96.0.0.0\drivefsext.dll [2024-08-29] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2024-07-23] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2024-08-12] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\96.0.0.0\drivefsext.dll [2024-08-29] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2024-07-23] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\96.0.0.0\drivefsext.dll [2024-08-29] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_1408eaf9a25ed64f\nvshext.dll [2020-12-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2024-07-23] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\WINDOWS\system32\ff_vfw.dll [127488 2013-08-14] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2013-08-14] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-11-17 22:58 - 2009-11-17 22:58 - 000342656 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2009-11-17 22:58 - 2009-11-17 22:58 - 000559232 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2011-04-29 19:08 - 2011-04-29 19:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2024-08-15 16:18 - 2024-08-15 16:18 - 003092992 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\2f071795c7a0b6298db219f85899af0a\Newtonsoft.Json.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKU\S-1-5-21-591005949-3795881383-2982760695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2022-01-28 11:56:04&iid=e133fe3f-019c-4feb-adc0-b4fd3d2ce439&bName=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-05-07 18:01 - 2024-08-20 17:04 - 000003920 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 fitgirls-repacks.com # Fake FitGirl site
109.94.209.70 fitgirlrepack.cc # Fake FitGirl site
109.94.209.70 fitgirlrepacks.org # Fake FitGirl site
109.94.209.70 www.fitgirls-repacks.com # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.cc # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.org # Fake FitGirl site
109.94.209.70 fitgirltorrent.org # Fake FitGirl site
109.94.209.70 www.fitgirltorrent.org # Fake FitGirl site
109.94.209.70 fitgirl-repacks.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.net # Fake FitGirl site
109.94.209.70 fitgirlrepack.net # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.net # Fake FitGirl site
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site

2020-07-18 08:47 - 2020-07-18 08:47 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-591005949-3795881383-2982760695-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\440058701_10225387315732773_533487596415775252_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Intel(R) 82579V Gigabit Network Connection -> e1i65x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8400D88A-CC4A-4489-8445-53C4AAF9BB0C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FC73ADF5-7360-4EA6-A38D-C712B6B1E2DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{463C951F-D8EC-49CD-8817-B9C245007F5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4F23A84-2D83-47A3-BB27-A3F1BF10F42E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2084A04-C463-40F0-8A4B-AD2115AA69D1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63B878E9-043A-4C32-AE45-20AC85F133F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{E4115DEB-7E11-48BD-9CAD-618C67089EFA}D:\games\prince of persia zapomenuté písky\prince of persia.exe] => (Allow) D:\games\prince of persia zapomenuté písky\prince of persia.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed]
FirewallRules: [UDP Query User{3FC3F77E-78B5-410E-8878-7D211FCA66A9}D:\games\prince of persia zapomenuté písky\prince of persia.exe] => (Allow) D:\games\prince of persia zapomenuté písky\prince of persia.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed]
FirewallRules: [TCP Query User{40CD5024-9143-4055-AE54-C09842998719}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{441E410F-DA59-4A71-B9D4-6CD1E5DF15C6}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BB381AA7-179E-4E6D-9CC9-47F124ADE8FC}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{B74FAB01-49CD-4634-B9D5-62074281EC80}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{436D2244-55B8-4121-88AA-A32C4973E44D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9DA126AE-BF93-4535-9357-8A1439131690}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

02-09-2024 16:41:46 Naplánovaný kontrolní bod
10-09-2024 16:44:09 Naplánovaný kontrolní bod
12-09-2024 08:50:49 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============

Name: PC Camera
Description: PC Camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/13/2024 05:22:00 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (09/12/2024 02:27:25 PM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (09/12/2024 08:10:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program PhoneExperienceHost.exe verze 1.24081.89.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1d6c

Čas spuštění: 01dafedc6be4b959

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24081.89.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe

ID hlášení: ffcd2f71-52a0-40a9-babe-087681d113d7

Úplný název balíčku s chybou: Microsoft.YourPhone_1.24081.89.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (09/08/2024 04:42:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (09/08/2024 04:42:25 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (09/08/2024 04:01:05 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (09/08/2024 03:41:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (09/08/2024 03:35:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (09/13/2024 05:21:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (09/13/2024 05:21:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Aktualizace Google (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (09/13/2024 05:20:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Avira Security Updater neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (09/13/2024 05:20:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Avira Security Updater bylo dosaženo časového limitu (30000 ms).

Error: (09/13/2024 05:17:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba GameInput Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (09/13/2024 05:17:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba GameInput Service byla ukončena s následující chybou:
Složený soubor GameInput Service byl vytvořen s novější verzi úložného prostoru.

Error: (09/13/2024 05:17:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (7:05:20, ‎13.‎09.‎2024) bylo neočekávané.

Error: (09/12/2024 08:58:38 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Windows Defender:
================
Date: 2021-02-02 16:35:04
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A3964236-309C-48F8-A8F5-541A79E6CEC3}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-02 16:24:54
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {990F0FA3-4E9D-45FA-9DD2-677A669554CE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-02 16:14:16
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/GameHack
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe; file:_C:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe; file:_D:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-BUIQGPN\pc
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.331.33.0, AS: 1.331.33.0, NIS: 1.331.33.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-02 16:13:59
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {021DB1EC-4EE5-4E5A-A12E-3D17722759E1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-02 15:49:34
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/GameHack
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe; file:_D:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-BUIQGPN\pc
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.331.33.0, AS: 1.331.33.0, NIS: 1.331.33.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

CodeIntegrity:
===============
Date: 2024-09-13 18:26:23
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Intel Corp. BLH6710H.86A.0119.2011.0523.1030 05/23/2011
Motherboard: Intel Corporation DH67CL
Processor: Intel(R) Pentium(R) CPU G860 @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 8169.45 MB
Available physical RAM: 5028 MB
Total Virtual: 10601.45 MB
Available Virtual: 6906.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:291.92 GB) (Free:95.09 GB) (Model: ST500DM002-1BD142 ATA Device) NTFS
Drive d: () (Fixed) (Total:172.79 GB) (Free:37.93 GB) (Model: ST500DM002-1BD142 ATA Device) NTFS

\\?\Volume{81168116-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{81168116-0000-0000-0000-801d49000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 81168116)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=291.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=520 MB) - (Type=27)
Partition 4: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

ahoj,
citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >> •Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-09-2024
Ran by pc (14-09-2024 16:52:49) Run:3
Running from C:\Users\pc\Desktop
Loaded Profiles: pc
Boot Mode: Normal
==============================================

fixlist content:
*****************

*****************


==== End of Fixlog 16:52:49 ==== snad to je dobře děkuji

Evypada to dobre
Tie zelene pismenka musia byt obsahom toho txt suboru
Skus znovu