Podezření TrojanPSW.Lumma, Win32:Malware-gen, Trojan-Spy.Inno.Agent
Napsal: 04 led 2025 14:20
Dobrý den, poslední dobou se mi při přihlášení do počítače spouští podezželá skrytá aplikace. Po kliknutí zmizí, ale našel jsem její lokaci a onlineskcerey hlásí možný trojan. Zasílám log a prosím o kontrolu.
Díky
Marek
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by Parek (administrator) on PAREK-X360 (HP HP Spectre x360 Convertible 15-eb0xxx) (04-01-2025 14:15:37)
Running from C:\tmp\frst\FRST64.exe
Loaded Profiles: Parek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\EaseUS\ENS\ensserver.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrapExe.exe
(C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe <6>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> com.logitech) C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEM.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Parek\AppData\Local\Google\Chrome\Application\chrome.exe <41>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Broadcom Inc -> ) C:\Windows\System32\bcmUshUpgradeService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostControlService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostStorageService.exe
(services.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952720 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2024-04-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [com.messenger] => "C:\Users\Parek\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [GoogleUpdaterTaskUser132.0.6833.0] => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-02] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\RunOnce: [fghfbbc] => C:\hcghfce\AutoIt3.exe [943784 2025-01-01] (AutoIt Consulting Ltd -> AutoIt Team) <==== ATTENTION
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\RunOnce: [hcegbgh] => C:\hbeaegc\AutoIt3.exe [943784 2024-12-18] (AutoIt Consulting Ltd -> AutoIt Team) <==== ATTENTION
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [1829376 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1879552 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-02] (pdfforge GmbH) [File not signed]
Startup: C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-12-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7D108C1A-E51E-4A67-B337-339A2BC0F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Task: {F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846} - System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {4D8A0455-E1FD-41E6-AD7A-E04FE99B81ED} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Users\Parek\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {BA9DC40E-7CA2-48EB-9706-358A2FF4AFBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {833EEEBE-1ABD-4D6F-B1C8-A37D31A6F13E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70279CCA-5CEF-4B0B-B0D7-4725EC155553} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B87A016-3F33-4624-98A7-3DC97FB16301} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB9976A5-C8FC-4DE8-91FC-A58C9018ACEE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [186992 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DEE9340-7628-4F3D-AB71-6927A2B485C5} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe [7885824 2024-10-31] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {BEF3B4AD-35C1-4954-97E4-BF89EF19E975} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6C6130B-A6F8-4BC6-9D55-6F7DBFDB31AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CD9905F-5A6C-4D6E-BB4F-79512D2F28D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56F94A1C-C40E-438E-88FA-B626623D768F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1781271-B23F-4A85-A2CA-0E59B1B84CB4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8105478-0A37-45EC-8D69-35DF0BF2FC5B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\368616368616: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\84F64756C6F564275656: [DhcpNameServer] 185.75.138.254 185.75.138.253
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{9cc330eb-c712-4df8-a8a7-ad3bb867bef7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpDomain] home
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\5436F6665756C6: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\B6271626963656: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Profile 3
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2025-01-02]
Edge Notifications: Profile 3 -> hxxps://calendar.google.com; hxxps://www.messenger.com
Edge HomePage: Profile 3 -> hxxp://www.google.com
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
Edge Session Restore: Profile 3 -> is enabled.
Edge Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-10-23]
Edge Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cllnohpbfenopiakdcjmjcbaeapmkcdl [2024-09-11]
Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2024-09-11]
Edge Extension: (Popup View for Google™ Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cpogidebfcfffnbjlmoknfpemngaijdj [2024-09-11]
Edge Extension: (change-language) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fancfknaplihpclbhbpclnmmjcjanbaf [2024-12-18]
Edge Extension: (Google Translate in Right Click) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fcoongackakfdmiincikmjgkedcgjkdp [2024-09-11]
Edge Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-09-11]
Edge Extension: (Microsoft S/MIME) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gamjhjfeblghkihfjdpmbpajhlpmobbp [2024-09-11]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-02]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-18]
Edge Extension: (Coinbase Wallet extension) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2024-12-21]
Edge Extension: (OneTab) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2024-09-11]
Edge Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-09-11]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2025-01-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-11]
Edge Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\pnfonnnmfjnpfgagnklfaccicnnjcdkm [2024-12-04]
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2024-12-29]
Edge Session Restore: Profile 4 -> is enabled.
Edge Extension: (lock) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-12-27]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-27]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-12-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-03]
FireFox:
========
FF HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2024-09-13] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default [2025-01-04]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Entanglement Web App) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2024-12-18]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2024-12-18]
CHR Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-12-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-18]
CHR Extension: (OneTab) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-12-18]
CHR Extension: (Google Tips) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2024-12-18]
CHR Extension: (change-language) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2024-12-18]
CHR Extension: (Enhancer for Telegram™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafiggkhlbbhfcpgggcfeeoliillkabn [2024-12-18]
CHR Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-18]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2024-12-27]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2024-12-18]
CHR Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2024-12-18]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-12-18]
CHR Extension: (Dropbox) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2024-12-18]
CHR Extension: (Grepolis) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2024-12-18]
CHR Extension: (OneDrive) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2024-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-18]
CHR Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-12-31]
CHR Extension: (Drive Files to OneDrive™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcagpleiioillikneeillgemaanajfae [2024-12-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-03-30] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-08-16] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 EPMVssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{932D84CE-BAED-40E7-9D8C-43419DE47389} [22384 2023-12-04] (Microsoft Windows -> Microsoft Corporation)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [110098 2016-06-23] (Fortinet Inc.) [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 hostcontrolsvc; C:\Windows\System32\bcmHostControlService.exe [840416 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 hoststoragesvc; C:\Windows\System32\bcmHostStorageService.exe [176864 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [19903384 2024-12-18] (Logitech Inc -> Logitech, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [256856 2024-03-15] (Intel Corporation -> Intel Corporation)
R2 ushupgradesvc; C:\Windows\System32\bcmUshUpgradeService.exe [333064 2023-07-05] (Broadcom Inc -> )
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ddmdrv; C:\Windows\SysWOW64\ddmdrv.sys [34216 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm660.sys [150336 2023-10-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 DPMDriver; C:\Windows\System32\drivers\DPMDriver.sys [139680 2022-12-08] (IndiLogic LLC -> Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_7e337195b92a35b6\e1d.sys [611936 2023-08-31] (Intel Corporation -> Intel Corporation)
S3 epmdkdrv; C:\Windows\system32\epmdkdrv.sys [27728 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\Windows\System32\drivers\EUDCPEPM.sys [76344 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [24656 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [40016 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 MpKsl2b646de8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90D97141-EBF4-444F-9315-129685159F02}\MpKslDrv.sys [267552 2025-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 pppop; C:\Windows\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1169096 2023-06-15] (Realtek Semiconductor Corp. -> Realtek Corporation)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_fd307d9242e9056e\WiManH\WiManH.sys [182864 2023-11-09] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 14:15 - 2025-01-04 14:15 - 000000000 ____D C:\FRST
2025-01-04 14:05 - 2025-01-04 14:05 - 002833136 _____ (Malwarebytes) C:\Users\Parek\Downloads\MBSetup.exe
2025-01-02 20:18 - 2025-01-02 20:18 - 000000389 _____ C:\Users\Parek\OneDrive\Desktop\Kingdom Come Deliverance.url
2025-01-02 19:24 - 2025-01-02 19:24 - 000000000 ____D C:\Program Files\Epic Games
2025-01-02 19:22 - 2025-01-03 23:40 - 000000000 ____D C:\Users\Parek\AppData\Local\Epic Games
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngineLauncher
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\EpicGamesLauncher
2025-01-02 19:21 - 2025-01-02 19:23 - 000000000 ____D C:\ProgramData\Epic
2025-01-02 19:21 - 2025-01-02 19:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-02 19:21 - 2025-01-02 19:21 - 203468800 _____ C:\Users\Parek\Downloads\EpicInstaller-17.2.0.msi
2025-01-02 19:21 - 2025-01-02 19:21 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-02 17:48 - 2025-01-02 17:48 - 000150411 _____ C:\Users\Parek\Downloads\zakazane_zasilky_obecne_CZ.pdf
2025-01-01 19:38 - 2025-01-01 19:38 - 070486104 _____ C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00.exe
2025-01-01 19:38 - 2025-01-01 19:38 - 000000000 ____D C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00
2024-12-31 00:19 - 2024-12-31 00:19 - 000002410 _____ C:\Users\Parek\OneDrive\Desktop\Quake 4.lnk
2024-12-30 23:52 - 2025-01-02 19:23 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA Corporation
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\AppData\Roaming\NVIDIA
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\ansel
2024-12-30 16:53 - 2024-12-30 16:53 - 000000802 _____ C:\Users\Parek\OneDrive\Desktop\Manor Lords.lnk
2024-12-30 11:18 - 2024-12-30 11:18 - 000000000 ____D C:\Users\Parek\AppData\Local\ManorLords
2024-12-30 00:12 - 2024-12-30 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[K-Repack]
2024-12-29 18:10 - 2024-12-29 18:10 - 000000852 _____ C:\Users\Parek\OneDrive\Desktop\Warcraft I Remastered.lnk
2024-12-28 00:18 - 2024-12-28 13:53 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Mount and Blade II Bannerlord
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2024-12-27 23:29 - 2024-12-27 23:29 - 000000000 ____D C:\ProgramData\GOG.com
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-27 10:45 - 2024-12-27 10:45 - 003243852 _____ C:\Windows\Minidump\122724-12703-01.dmp
2024-12-25 11:25 - 2024-12-25 11:25 - 000000000 ____D C:\Users\Parek\AppData\Local\CrashDumps
2024-12-23 08:30 - 2024-12-23 08:31 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\CnCRemastered
2024-12-23 08:30 - 2024-12-23 08:30 - 000000000 ____D C:\Users\Parek\AppData\Roaming\CnCRemastered
2024-12-23 08:26 - 2024-12-23 08:26 - 000000000 ___HD C:\temp
2024-12-23 08:21 - 2024-12-23 08:21 - 000001045 _____ C:\Users\Parek\OneDrive\Desktop\Command and Conquer Remastered Collection.lnk
2024-12-23 08:21 - 2024-12-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2024-12-23 08:18 - 2024-12-24 11:09 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Notepad++
2024-12-23 08:18 - 2024-12-23 08:18 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-12-23 08:18 - 2024-12-23 08:18 - 000000000 ____D C:\Program Files\Notepad++
2024-12-23 08:17 - 2024-12-23 08:17 - 006652296 _____ (Don HO don.h@free.fr) C:\Users\Parek\Downloads\npp.8.7.4.Installer.x64.exe
2024-12-22 09:43 - 2024-12-22 09:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\FileZilla
2024-12-22 09:43 - 2024-12-22 09:46 - 000000000 ____D C:\Users\Parek\AppData\Local\FileZilla
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-12-22 09:11 - 2024-12-22 09:13 - 000000000 ____D C:\VMs
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Roaming\VMware
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Local\VMware
2024-12-22 09:09 - 2025-01-04 06:14 - 000000000 ____D C:\ProgramData\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000817478 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files (x86)\VMware
2024-12-22 09:09 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2024-12-22 09:09 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-12-22 09:09 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2024-12-22 09:02 - 2024-12-24 12:09 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Zero Hour Data
2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-22 08:38 - 2024-12-22 08:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\SpellForce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-20 17:23 - 2024-12-20 17:23 - 000000000 ___HD C:\$WinREAgent
2024-12-20 17:07 - 2024-12-20 17:07 - 000099732 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ARGENTINSKÁ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-20 17:06 - 2024-12-20 17:06 - 000084202 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ŽELEZNIČÁŘŮ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-12-19 07:49 - 2024-12-19 07:49 - 000000000 ____D C:\Program Files\Logi
2024-12-19 07:47 - 2024-12-19 07:48 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-12-19 07:47 - 2024-12-19 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 22:00 - 2024-12-18 22:01 - 000000000 ____D C:\Users\Parek\AppData\Local\keraP
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-20 17:00 - 000002502 _____ C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-20 17:00 - 000002471 _____ C:\Users\Parek\OneDrive\Desktop\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:57 - 2024-12-18 21:57 - 164068399 _____ (Wpf) C:\Users\Parek\Downloads\GoogleChrome.exe
2024-12-18 21:53 - 2024-12-18 00:13 - 000000717 _____ C:\Users\Parek\OneDrive\Desktop\Age of Empires IV.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 14:15 - 2024-09-09 20:13 - 000000000 ____D C:\tmp
2025-01-04 14:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2025-01-04 14:15 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-01-04 13:48 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-04 13:34 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Local\LogiOptionsPlus
2025-01-04 13:34 - 2024-09-09 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-04 13:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-04 06:22 - 2024-09-09 18:38 - 000799974 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-04 06:15 - 2024-09-09 18:51 - 000000000 __SHD C:\Users\Parek\IntelGraphicsProfiles
2025-01-04 06:15 - 2024-09-09 18:40 - 000000000 ___RD C:\Users\Parek\OneDrive
2025-01-04 06:14 - 2024-10-27 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-04 06:14 - 2024-09-09 18:51 - 000000000 ____D C:\Intel
2025-01-04 06:14 - 2024-09-09 18:30 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-04 06:14 - 2024-09-09 18:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-04 06:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-01-04 00:17 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-01-03 20:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-01-03 20:09 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Záruční listy
2025-01-02 19:23 - 2024-09-14 11:32 - 000000000 ____D C:\GOG Games
2025-01-02 19:23 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-02 19:22 - 2024-09-15 13:09 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngine
2025-01-02 17:58 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\Packages
2025-01-01 19:44 - 2024-09-26 16:22 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Word
2025-01-01 19:39 - 2024-09-18 17:55 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Excel
2024-12-31 15:55 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Rodina
2024-12-31 00:22 - 2024-09-13 20:08 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Free Download Manager
2024-12-30 23:51 - 2024-09-09 18:37 - 000000000 ____D C:\Users\Parek
2024-12-30 11:18 - 2024-09-09 18:48 - 000000000 ____D C:\Users\Parek\AppData\Local\D3DSCache
2024-12-30 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 00:05 - 2024-09-14 18:30 - 000000000 ____D C:\Games
2024-12-29 23:06 - 2024-11-11 18:36 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2024-12-29 23:05 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\My Games
2024-12-29 13:58 - 2024-11-02 19:58 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-12-27 10:45 - 2024-10-11 16:42 - 1482165546 _____ C:\Windows\MEMORY.DMP
2024-12-27 10:45 - 2024-10-11 16:42 - 000000000 ____D C:\Windows\Minidump
2024-12-23 08:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-23 06:08 - 2024-09-09 18:30 - 000479088 _____ C:\Windows\system32\FNTCACHE.DAT
2024-12-22 16:31 - 2024-09-28 20:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-12-22 16:06 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Data
2024-12-22 09:25 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Roaming\logioptionsplus
2024-12-22 08:46 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\VirtualStore
2024-12-22 08:35 - 2023-12-04 03:56 - 000000000 ____D C:\Windows\SystemTemp
2024-12-21 11:58 - 2024-09-09 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-21 11:57 - 2024-09-09 18:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 11:57 - 2024-09-09 18:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-12-20 17:36 - 2024-09-09 18:44 - 000000000 ____D C:\Users\Parek\AppData\Local\PlaceholderTileLogoFolder
2024-12-20 17:34 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2024-12-20 17:33 - 2024-09-09 18:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-12-20 17:26 - 2024-09-13 19:55 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-12-20 17:25 - 2024-09-09 19:17 - 000000000 ____D C:\Windows\system32\compatrel
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2024-12-18 22:05 - 2024-09-11 19:49 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-18 22:01 - 2024-09-13 20:29 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-12-18 22:01 - 2024-09-13 20:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-18 21:53 - 2024-09-09 19:40 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Jízdenky
2024-12-18 21:52 - 2024-09-11 19:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-12-18 21:52 - 2024-09-11 19:59 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-18 21:52 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Vstupenky
2024-12-18 21:52 - 2024-09-09 19:22 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001
2024-12-14 20:34 - 2024-09-09 19:39 - 000002424 _____ C:\Users\Parek\OneDrive\Dokumenty\Default.rdp
==================== Files in the root of some directories ========
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-11-21 21:24 - 2024-11-21 21:24 - 000000024 _____ () C:\Users\Parek\AppData\Roaming\epm_user.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (04-01-2025 14:17:32)
Running from C:\tmp\frst
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2024-09-09 17:32:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3391527302-3298552988-2452015091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3391527302-3298552988-2452015091-503 - Limited - Disabled)
Guest (S-1-5-21-3391527302-3298552988-2452015091-501 - Limited - Disabled)
Parek (S-1-5-21-3391527302-3298552988-2452015091-1001 - Administrator - Enabled) => C:\Users\Parek
WDAGUtilityAccount (S-1-5-21-3391527302-3298552988-2452015091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.08 (x64) (HKLM\...\7-Zip) (Version: 24.08 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.6.1 (HKLM-x32\...\AOMEI Partition Assistant_is1) (Version: 9.6.1 - RePack 9649)
Apple Mobile Device Support (HKLM\...\{336D80E8-E773-4B6F-BCAB-D291F34A6685}) (Version: 17.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2024.11.1 - Bitwarden Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command and Conquer Remastered Collection (HKLM-x32\...\Command and Conquer Remastered Collection_is1) (Version: - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
DisplayLink Graphics (HKLM\...\{FF7B0409-B387-4215-B575-7971A6B57F5D}) (Version: 11.2.3146.0 - DisplayLink Corp.)
EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
FileZilla 3.68.1 (HKLM-x32\...\FileZilla Client) (Version: 3.68.1 - Tim Kosse)
FortiClient (HKLM\...\{B611B858-9363-42FC-AE47-3430D54CCE1B}) (Version: 5.4.1.0840 - Fortinet Inc)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeTube 0.21.3 (HKLM\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.21.3 - PrestonN)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
iTunes (HKLM\...\{DA2C65E7-7091-46AD-A10F-AC34207C33B9}) (Version: 12.13.2.3 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.85.655119 - Logitech)
Logi Plugin Service (HKLM\...\{2751BCA2-7FA8-4CDF-A240-A53F46183755}) (Version: 6.0.2.21145 - Logitech)
Manor Lords [K] (HKLM\...\Manor Lords [K]_is1) (Version: 0.8.004 - K-Repack)
Messenger (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft S/MIME Control for Outlook on the web for Edge/Chrome (HKLM-x32\...\{80C59609-6400-4E37-A0F4-BAF6D3725E60}) (Version: 15.21.18833 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (HKLM-x32\...\{3D6AD258-61EA-35F5-812C-B7A02152996E}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (HKLM-x32\...\{E7D4E834-93EB-351F-B8FB-82CDAE623003}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
MiniTool Partition Wizard v12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited (RePack by Dodakaedr))
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.4 - Notepad++ Team)
NVIDIA Graphics Driver 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Název spolecnosti:)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roblox Player for Parek (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-07] (HP Inc.)
Bitwarden -> C:\Program Files\WindowsApps\bitwarden.com-8AD4A5AF_1.0.0.1_neutral__cm1p359qmnrhw [2024-11-17] (bitwarden.com)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16001.0_x64__8wekyb3d8bbwe [2024-11-14] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-28] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2024-09-09] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Parek\AppData\Local\Google\Chrome\Application\131.0.6778.205\notification_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53b77523eaecddc1\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39a55e8d68262d97\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2024-11-21 21:14 - 2021-09-26 08:58 - 000194048 _____ () [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssh2.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000552978 _____ () [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-06-23 14:25 - 2016-06-23 14:25 - 000145426 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiSkin.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000291346 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiTrayResc.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000061458 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\libcfg.dll
2016-06-23 14:24 - 2016-06-23 14:24 - 000408082 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sslvpnlib.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000716818 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\utilsdll.dll
2024-11-21 21:14 - 2022-08-16 13:11 - 000509064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrap.DLL
2024-11-21 21:14 - 2022-08-16 13:12 - 000141448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\EnsHelper.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000098440 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\register.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000461448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\wpnr.dll
2024-11-21 21:14 - 2022-08-16 13:10 - 000066696 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master\DC\bin\x64\VssEaseusProvider.dll
2024-09-12 08:22 - 2024-08-11 14:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2024-11-02 15:49 - 2024-11-02 15:49 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000428544 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcurl.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 002523136 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcrypto-1_1.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000531456 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssl-1_1.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-12-03] (Softdeluxe Ltd. -> FreeDownloadManager.ORG)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\sharepoint.com -> hxxps://cgiitczech-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2024-11-21 21:12 - 000001013 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 track.easeus.com
127.0.0.1 66.39.112.91
127.0.0.1 216.92.151.227
127.0.0.1 216.92.61.7
127.0.0.1 update.easeus.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parek\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5628546655569156232\133804189297507593.jpg
DNS Servers: 192.168.1.99 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: PPPoP WAN Adapter -> pppop64.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
Ethernet 5: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Bluetooth Network Connection 2: Bluetooth Device (Personal Area Network) #2 -> bthpan.sys
Wi-Fi 2: Intel(R) Wi-Fi 6 AX201 160MHz #2 -> Netwtw10.sys
vmware_bridge: VMware Bridge Protocol
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4564D46C-8D38-48BA-A007-A5A5BE88242B}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{41E1167F-3364-43BA-8FD4-CD4286495171}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{B605F3CE-F421-4095-AAD9-6D20C57681DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4B000B3-904A-42CF-9005-45CC68DD1420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70B53AB0-0A4B-4F73-85F4-BDBC6792DC96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65B472B7-0627-4046-B1A0-F83EE5E4D876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB474E93-F508-4AA5-9A92-AE6023993BF1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{0FF19C45-E2FF-4F3C-B64A-66DE5FB73C85}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [{A8DA1959-2F69-4F6F-8A4A-33AF116C36DD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{5C4EE56C-14B3-42BD-929F-32B8003C0185}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{D84EE90D-1170-404F-BE48-A33DFF713D0E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{94DF1953-2C5D-4E9F-8E79-735582A4AD95}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [{AA429FCB-F2DE-4C4D-B278-29D9839A93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61FE3BD0-CC98-4AE6-9D2B-DA7E50239E8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC288BE1-A23B-4AE8-9047-909B0A709F1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{817A5C39-085D-4904-8DBF-EB7D37B3F37A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{525CCC00-F7A1-40AE-A563-DA8B9887D8C7}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1646C64-12E6-4B1E-B9D1-1C56DE874437}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA882022-3AD7-4409-BE01-6EABF84C292B}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{2FF10A1E-FF78-41BB-BAFE-B104E1D8AF6F}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [TCP Query User{267035D8-1E6C-40E0-9568-1AEF128DABBE}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A4118F8-9177-4F9D-95FD-2EA08149BEF1}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{070347D7-6B2A-4EEE-8F81-9213C3BB149E}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{93674AC2-0603-4D1A-B42D-A26F2D7C2AC0}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [{78CEA249-073D-4BD4-BDFD-29892C9082BA}] => (Block) %SystemDrive%\Games\A Year Of Rain\AYearOfRain.exe => No File
FirewallRules: [TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [{9B8B03A9-E587-4334-8DB8-3F7939DD9373}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{601241F7-DFD0-4897-88F1-31B659D95982}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{EEB4A53F-1E83-4326-A5AD-AA8D67782882}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{081C13DE-EC20-470B-8D04-843D4614AB13}] => (Allow) C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe (LoupeDeck Oy -> Logitech)
FirewallRules: [{E68DA63B-55DD-4BC1-831A-0C3A7C66C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34917D7B-78AB-4E05-9754-E5C791C5B7FD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{03ECE3F8-8C0E-4F9A-9384-A83BEB323DCE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2BEBBB9B-FF0A-49C6-B7A1-A38E515331D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A25797-8C46-4DC1-9FFA-609ADFFCFAC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{533199E0-ECCE-4AF1-A37F-1C5F0E346838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{257C9E53-0817-460B-8F96-A3FB08031119}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{78C4BA2D-3FFD-4F66-97AD-3E446D4F6F58}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{3E0F1D1E-41FB-4213-88E7-1435BE3ECE71}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:607.6 GB) (Free:93.46 GB) (15%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Parek-x360.local already in use; will try Parek-x360-2.local instead
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 16 Parek-x360.local. AAAA FE80:0000:0000:0000:35F5:766E:A520:38EF
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:35F5:766E:A520:38EF:5353 4 Parek-x360.local. Addr 169.254.190.111
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (12/26/2024 11:41:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
System errors:
=============
Error: (01/04/2025 01:34:46 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {56a4f8e4-1b78-48df-9515-e310e95634d6}, had event 74
Error: (01/04/2025 06:14:47 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Error: (01/04/2025 06:14:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/04/2025 06:14:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2025-01-04 13:34:47
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {47FE5F70-936A-4FBB-B4CD-DBCE6F10249B}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-04 00:17:01
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {9FD109FC-AAD0-403F-94CC-35C23A9C6CE9}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:11:43
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {BEBA0D7A-EF75-42EB-A344-F6DB0A603CCE}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-01 01:45:29
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {41A867D5-8F54-4908-AF99-ADC52EE25692}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-30 08:25:50
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {8D4740D1-60F7-4DEB-882D-F790AEBE7A03}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Backup
Kód chyby: 0x80004004
Popis chyby: Operation aborted
Verze bezpečnostních informací: 1.419.377.0;1.419.377.0
Verze modulu: 1.1.24080.9
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Current
Kód chyby: 0x80501102
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Verze bezpečnostních informací: 1.419.387.0;1.419.387.0
Verze modulu: 1.1.24080.9
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80240022
Popis chyby: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2025-01-04 14:18:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2025-01-04 14:03:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.20 04/22/2024
Motherboard: HP 86E7
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 16081.58 MB
Available physical RAM: 6434.54 MB
Total Virtual: 18513.58 MB
Available Virtual: 7815.56 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:607.6 GB) (Free:93.46 GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
\\?\Volume{9025fdea-f346-417e-ab2c-5c0e7875a15c}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{a84bcc09-f93f-421e-aed0-9893fe441ab6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f5916b01-d3c0-46d7-ab8a-bd0b50faedd8}\ () (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{d2562ee7-52f9-49c2-8814-aab90d85c24d}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1788.5 GB) (Disk ID: 0DBB4B75)
Partition: GPT.
==================== End of Addition.txt =======================
Díky
Marek
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-01-2025
Ran by Parek (administrator) on PAREK-X360 (HP HP Spectre x360 Convertible 15-eb0xxx) (04-01-2025 14:15:37)
Running from C:\tmp\frst\FRST64.exe
Loaded Profiles: Parek
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\EaseUS\ENS\ensserver.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrapExe.exe
(C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.) C:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe <6>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> com.logitech) C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxEM.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\Parek\AppData\Local\Google\Chrome\Application\chrome.exe <41>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Broadcom Inc -> ) C:\Windows\System32\bcmUshUpgradeService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostControlService.exe
(services.exe ->) (Broadcom Inc -> Broadcom Corporation) C:\Windows\System32\bcmHostStorageService.exe
(services.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_baf36d4852e8e257\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a439e07c373809e2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e8b0d2fc8e70edd8\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\ThunderboltService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSysSvc64.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WavesSvc] => C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesSvc64.exe [5332192 2023-10-11] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952720 2022-05-31] (Microsoft Windows Hardware Compatibility Publisher -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2024-04-22] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5006880 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3911240 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [com.messenger] => "C:\Users\Parek\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [GoogleUpdaterTaskUser132.0.6833.0] => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2025-01-02] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\RunOnce: [fghfbbc] => C:\hcghfce\AutoIt3.exe [943784 2025-01-01] (AutoIt Consulting Ltd -> AutoIt Team) <==== ATTENTION
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\RunOnce: [hcegbgh] => C:\hbeaegc\AutoIt3.exe [943784 2024-12-18] (AutoIt Consulting Ltd -> AutoIt Team) <==== ATTENTION
HKLM\...\Windows x64\Print Processors\CnXP0PP: C:\Windows\System32\spool\prtprocs\x64\CnXP0PP.DLL [1829376 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1879552 2024-06-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [196096 2024-11-02] (pdfforge GmbH) [File not signed]
Startup: C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-12-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7D108C1A-E51E-4A67-B337-339A2BC0F8BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {9E6E3F11-5F7F-4B80-A10A-D54C8179B6A4} - System32\Tasks\BackupWinTask => C:\Users\Parek\AppData\Roaming\BackupWin\GoogleChrome.exe [164068399 2024-12-18] (Wpf) [File not signed]
Task: {F67BE6A0-EB81-4BB6-A3C7-2F3FB45F1846} - System32\Tasks\GoogleUser\GoogleUpdater\GoogleUpdaterTaskUser132.0.6833.0{DB784D77-20E1-47E5-AE9B-95B5F0463FCE} => C:\Users\Parek\AppData\Local\Google\GoogleUpdater\132.0.6833.0\updater.exe [5591136 2024-11-11] (Google LLC -> Google LLC)
Task: {4D8A0455-E1FD-41E6-AD7A-E04FE99B81ED} - System32\Tasks\Meta\Messenger-SL-Helper-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Users\Parek\AppData\Local\Programs\Messenger\MessengerHelper.exe [2192632 2024-09-17] (Facebook, Inc. -> Meta Platforms, Inc.)
Task: {BA9DC40E-7CA2-48EB-9706-358A2FF4AFBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {833EEEBE-1ABD-4D6F-B1C8-A37D31A6F13E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28660920 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {70279CCA-5CEF-4B0B-B0D7-4725EC155553} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4B87A016-3F33-4624-98A7-3DC97FB16301} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [311976 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB9976A5-C8FC-4DE8-91FC-A58C9018ACEE} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [186992 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DEE9340-7628-4F3D-AB71-6927A2B485C5} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe [7885824 2024-10-31] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {BEF3B4AD-35C1-4954-97E4-BF89EF19E975} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6C6130B-A6F8-4BC6-9D55-6F7DBFDB31AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CD9905F-5A6C-4D6E-BB4F-79512D2F28D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {56F94A1C-C40E-438E-88FA-B626623D768F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1781271-B23F-4A85-A2CA-0E59B1B84CB4} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8105478-0A37-45EC-8D69-35DF0BF2FC5B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214288 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\368616368616: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\84F64756C6F564275656: [DhcpNameServer] 185.75.138.254 185.75.138.253
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{012fd79b-f57a-4bab-b72b-a352bcbf1331}\D616D616A656265786: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{5c3c7bcc-9433-4506-8e59-842e80d043eb}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{9cc330eb-c712-4df8-a8a7-ad3bb867bef7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af4e37ef-d24f-4efb-8470-6ec7f68a2f2d}: [DhcpDomain] home
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}: [DhcpDomain] home.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpNameServer] 192.168.1.99 8.8.8.8
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\140513: [DhcpDomain] chata.parek.net
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\5436F6665756C6: [DhcpNameServer] 31.30.90.11 31.30.90.12
Tcpip\..\Interfaces\{cacc309f-13e3-4feb-be61-251dd47a765a}\B6271626963656: [DhcpNameServer] 192.168.100.1
Edge:
=======
Edge DefaultProfile: Profile 3
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3 [2025-01-02]
Edge Notifications: Profile 3 -> hxxps://calendar.google.com; hxxps://www.messenger.com
Edge HomePage: Profile 3 -> hxxp://www.google.com
Edge StartupUrls: Profile 3 -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
Edge Session Restore: Profile 3 -> is enabled.
Edge Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2024-10-23]
Edge Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cllnohpbfenopiakdcjmjcbaeapmkcdl [2024-09-11]
Edge Extension: (Picture-in-Picture Everywhere) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cmnlinjalaieggoebkmamaphjghpafhn [2024-09-11]
Edge Extension: (Popup View for Google™ Translate) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\cpogidebfcfffnbjlmoknfpemngaijdj [2024-09-11]
Edge Extension: (change-language) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fancfknaplihpclbhbpclnmmjcjanbaf [2024-12-18]
Edge Extension: (Google Translate in Right Click) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fcoongackakfdmiincikmjgkedcgjkdp [2024-09-11]
Edge Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-09-11]
Edge Extension: (Microsoft S/MIME) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gamjhjfeblghkihfjdpmbpajhlpmobbp [2024-09-11]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-02]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-18]
Edge Extension: (Coinbase Wallet extension) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hnfanknocfeofbddgcijnmhnfnkdnaad [2024-12-21]
Edge Extension: (OneTab) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\hoimpamkkoehapgenciaoajfkfkpgfop [2024-09-11]
Edge Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-09-11]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2025-01-02]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-09-11]
Edge Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 3\Extensions\pnfonnnmfjnpfgagnklfaccicnnjcdkm [2024-12-04]
Edge Profile: C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4 [2024-12-29]
Edge Session Restore: Profile 4 -> is enabled.
Edge Extension: (lock) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-12-27]
Edge Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-27]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-12-27]
Edge Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2024-12-28]
Edge Extension: (Edge relevant text changes) - C:\Users\Parek\AppData\Local\Microsoft\Edge\User Data\Profile 4\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-03]
FireFox:
========
FF HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2024-09-13] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-12-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetCacheCleanEx -> C:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2016-06-23] (Fortinet Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default [2025-01-04]
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://websearch.thesearchpage.info/?pid=2171&r=2015/01/23&hid=14513732107745859819&lg=EN&cc=ME&unqvl=74","hxxp://www.mystartsearch.com/?type=hp&ts=14380 ... SAF780112A"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Entanglement Web App) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2024-12-18]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2024-12-18]
CHR Extension: (DuckDuckGo) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2024-12-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-12-18]
CHR Extension: (OneTab) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2024-12-18]
CHR Extension: (Google Tips) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2024-12-18]
CHR Extension: (change-language) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2024-12-18]
CHR Extension: (Enhancer for Telegram™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafiggkhlbbhfcpgggcfeeoliillkabn [2024-12-18]
CHR Extension: (iCloud Bookmarks) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2024-12-18]
CHR Extension: (Google Docs Offline) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-12-18]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2024-12-27]
CHR Extension: (Picture-in-Picture Extension (by Google)) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgfoiooedgoejojocmhlaklaeopbecg [2024-12-18]
CHR Extension: (Simple Translate) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibplnjkanclpjokhdolnendpplpjiace [2024-12-18]
CHR Extension: (Office - Enable Copy and Paste) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2024-12-18]
CHR Extension: (Dropbox) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2024-12-18]
CHR Extension: (Grepolis) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkgkognjknhcgbgbeijjondlikfkgnog [2024-12-18]
CHR Extension: (OneDrive) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2024-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-12-18]
CHR Extension: (Bitwarden Password Manager) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-12-31]
CHR Extension: (Drive Files to OneDrive™) - C:\Users\Parek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcagpleiioillikneeillgemaanajfae [2024-12-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2024-03-30] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13512888 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-08-16] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [367064 2024-11-23] (Epic Games Inc. -> Epic Games, Inc.)
R3 EPMVssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{932D84CE-BAED-40E7-9D8C-43419DE47389} [22384 2023-12-04] (Microsoft Windows -> Microsoft Corporation)
R2 FA_Scheduler; C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [110098 2016-06-23] (Fortinet Inc.) [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncHelper.exe [3528208 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 hostcontrolsvc; C:\Windows\System32\bcmHostControlService.exe [840416 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 hoststoragesvc; C:\Windows\System32\bcmHostStorageService.exe [176864 2023-07-05] (Broadcom Inc -> Broadcom Corporation)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.226.1110.0004\OneDriveUpdaterService.exe [3873312 2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [19903384 2024-12-18] (Logitech Inc -> Logitech, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559368 2024-10-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [256856 2024-03-15] (Intel Corporation -> Intel Corporation)
R2 ushupgradesvc; C:\Windows\System32\bcmUshUpgradeService.exe [333064 2023-07-05] (Broadcom Inc -> )
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
R2 WavesAudioService; C:\Windows\System32\DriverStore\FileRepository\wavesapo10de_sc.inf_amd64_27f7a4b4c0b30ba1\WavesAudioService.exe [161000 2023-10-11] (Waves Inc -> Waves Audio Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 ampa; C:\Windows\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 ddmdrv; C:\Windows\SysWOW64\ddmdrv.sys [34216 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
S3 dlcdcncm; C:\Windows\System32\drivers\dlcdcncm660.sys [150336 2023-10-06] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
S3 DPMDriver; C:\Windows\System32\drivers\DPMDriver.sys [139680 2022-12-08] (IndiLogic LLC -> Dell Inc.)
S3 e1dexpress; C:\Windows\System32\DriverStore\FileRepository\e1d.inf_amd64_7e337195b92a35b6\e1d.sys [611936 2023-08-31] (Intel Corporation -> Intel Corporation)
S3 epmdkdrv; C:\Windows\system32\epmdkdrv.sys [27728 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\Windows\System32\drivers\EUDCPEPM.sys [76344 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [24656 2022-05-19] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [18000 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [37456 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [147536 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [40016 2016-06-23] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
R3 ft_vnic; C:\Windows\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Technologies -> Fortinet Inc)
R2 hcmon; C:\Windows\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-09] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 MpKsl2b646de8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90D97141-EBF4-444F-9315-129685159F02}\MpKslDrv.sys [267552 2025-01-04] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 pppop; C:\Windows\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc.)
S3 rtump64x64; C:\Windows\System32\drivers\rtump64x64.sys [1169096 2023-06-15] (Realtek Semiconductor Corp. -> Realtek Corporation)
S2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [12464 2024-12-22] (Macrovision Europe Ltd) [File not signed]
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\Windows\System32\DriverStore\FileRepository\wiman.inf_amd64_fd307d9242e9056e\WiManH\WiManH.sys [182864 2023-11-09] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 14:15 - 2025-01-04 14:15 - 000000000 ____D C:\FRST
2025-01-04 14:05 - 2025-01-04 14:05 - 002833136 _____ (Malwarebytes) C:\Users\Parek\Downloads\MBSetup.exe
2025-01-02 20:18 - 2025-01-02 20:18 - 000000389 _____ C:\Users\Parek\OneDrive\Desktop\Kingdom Come Deliverance.url
2025-01-02 19:24 - 2025-01-02 19:24 - 000000000 ____D C:\Program Files\Epic Games
2025-01-02 19:22 - 2025-01-03 23:40 - 000000000 ____D C:\Users\Parek\AppData\Local\Epic Games
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngineLauncher
2025-01-02 19:22 - 2025-01-02 19:22 - 000000000 ____D C:\Users\Parek\AppData\Local\EpicGamesLauncher
2025-01-02 19:21 - 2025-01-02 19:23 - 000000000 ____D C:\ProgramData\Epic
2025-01-02 19:21 - 2025-01-02 19:22 - 000000000 ____D C:\Program Files (x86)\Epic Games
2025-01-02 19:21 - 2025-01-02 19:21 - 203468800 _____ C:\Users\Parek\Downloads\EpicInstaller-17.2.0.msi
2025-01-02 19:21 - 2025-01-02 19:21 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2025-01-02 17:48 - 2025-01-02 17:48 - 000150411 _____ C:\Users\Parek\Downloads\zakazane_zasilky_obecne_CZ.pdf
2025-01-01 19:38 - 2025-01-01 19:38 - 070486104 _____ C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00.exe
2025-01-01 19:38 - 2025-01-01 19:38 - 000000000 ____D C:\Users\Parek\Downloads\GPlus_PCL6_Driver_V311_32_64_00
2024-12-31 00:19 - 2024-12-31 00:19 - 000002410 _____ C:\Users\Parek\OneDrive\Desktop\Quake 4.lnk
2024-12-30 23:52 - 2025-01-02 19:23 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA Corporation
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\AppData\Roaming\NVIDIA
2024-12-30 23:51 - 2024-12-30 23:51 - 000000000 ____D C:\Users\Parek\ansel
2024-12-30 16:53 - 2024-12-30 16:53 - 000000802 _____ C:\Users\Parek\OneDrive\Desktop\Manor Lords.lnk
2024-12-30 11:18 - 2024-12-30 11:18 - 000000000 ____D C:\Users\Parek\AppData\Local\ManorLords
2024-12-30 00:12 - 2024-12-30 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[K-Repack]
2024-12-29 18:10 - 2024-12-29 18:10 - 000000852 _____ C:\Users\Parek\OneDrive\Desktop\Warcraft I Remastered.lnk
2024-12-28 00:18 - 2024-12-28 13:53 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Mount and Blade II Bannerlord
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\Users\Parek\AppData\Local\NVIDIA
2024-12-28 00:18 - 2024-12-28 00:18 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2024-12-27 23:29 - 2024-12-27 23:29 - 000000000 ____D C:\ProgramData\GOG.com
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-27 10:45 - 2024-12-27 10:45 - 003243852 _____ C:\Windows\Minidump\122724-12703-01.dmp
2024-12-25 11:25 - 2024-12-25 11:25 - 000000000 ____D C:\Users\Parek\AppData\Local\CrashDumps
2024-12-23 08:30 - 2024-12-23 08:31 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\CnCRemastered
2024-12-23 08:30 - 2024-12-23 08:30 - 000000000 ____D C:\Users\Parek\AppData\Roaming\CnCRemastered
2024-12-23 08:26 - 2024-12-23 08:26 - 000000000 ___HD C:\temp
2024-12-23 08:21 - 2024-12-23 08:21 - 000001045 _____ C:\Users\Parek\OneDrive\Desktop\Command and Conquer Remastered Collection.lnk
2024-12-23 08:21 - 2024-12-23 08:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command and Conquer Remastered Collection
2024-12-23 08:18 - 2024-12-24 11:09 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Notepad++
2024-12-23 08:18 - 2024-12-23 08:18 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-12-23 08:18 - 2024-12-23 08:18 - 000000000 ____D C:\Program Files\Notepad++
2024-12-23 08:17 - 2024-12-23 08:17 - 006652296 _____ (Don HO don.h@free.fr) C:\Users\Parek\Downloads\npp.8.7.4.Installer.x64.exe
2024-12-22 09:43 - 2024-12-22 09:53 - 000000000 ____D C:\Users\Parek\AppData\Roaming\FileZilla
2024-12-22 09:43 - 2024-12-22 09:46 - 000000000 ____D C:\Users\Parek\AppData\Local\FileZilla
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2024-12-22 09:43 - 2024-12-22 09:43 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2024-12-22 09:11 - 2024-12-22 09:13 - 000000000 ____D C:\VMs
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Roaming\VMware
2024-12-22 09:10 - 2024-12-22 11:15 - 000000000 ____D C:\Users\Parek\AppData\Local\VMware
2024-12-22 09:09 - 2025-01-04 06:14 - 000000000 ____D C:\ProgramData\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000817478 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-12-22 09:09 - 2024-12-22 09:09 - 000000000 ____D C:\Program Files (x86)\VMware
2024-12-22 09:09 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2024-12-22 09:09 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2024-12-22 09:09 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2024-12-22 09:02 - 2024-12-24 12:09 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Zero Hour Data
2024-12-22 08:45 - 2024-12-22 08:46 - 000012464 _____ (Macrovision Europe Ltd) C:\Windows\SysWOW64\Drivers\SECDRV.SYS
2024-12-22 08:44 - 2024-12-22 16:31 - 000000981 _____ C:\Windows\eReg.dat
2024-12-22 08:44 - 2024-12-22 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2024-12-22 08:44 - 2024-12-22 08:49 - 000000000 ____D C:\Program Files (x86)\EA Games
2024-12-22 08:38 - 2024-12-22 08:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\SpellForce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ___HD C:\hcghfce
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Roaming\GHISLER
2024-12-21 11:57 - 2024-12-21 11:57 - 000000000 ____D C:\Users\Parek\AppData\Local\GHISLER
2024-12-21 11:56 - 2025-01-01 10:29 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Strong
2024-12-20 17:23 - 2024-12-20 17:23 - 000000000 ___HD C:\$WinREAgent
2024-12-20 17:07 - 2024-12-20 17:07 - 000099732 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ARGENTINSKÁ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-20 17:06 - 2024-12-20 17:06 - 000084202 _____ C:\Users\Parek\Downloads\CENÍK-PARKOVNÉHO_ŽELEZNIČÁŘŮ_KRÁTKODOBÉ_13.6.2024.pdf
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-12-19 07:49 - 2024-12-19 07:49 - 000000000 ____D C:\Program Files\Logi
2024-12-19 07:47 - 2024-12-19 07:48 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-12-19 07:47 - 2024-12-19 07:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-12-18 22:03 - 2024-12-18 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-12-18 22:00 - 2024-12-18 22:01 - 000000000 ____D C:\Users\Parek\AppData\Local\keraP
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ___HD C:\hbeaegc
2024-12-18 21:59 - 2024-12-18 21:59 - 000000000 ____D C:\Users\Parek\AppData\Local\Yandex
2024-12-18 21:58 - 2025-01-01 10:29 - 000003336 _____ C:\Windows\system32\Tasks\BackupWinTask
2024-12-18 21:58 - 2024-12-20 17:00 - 000002502 _____ C:\Users\Parek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-20 17:00 - 000002471 _____ C:\Users\Parek\OneDrive\Desktop\Google Chrome.lnk
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Windows\system32\Tasks\GoogleUser
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Monitoring
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Roaming\BackupWin
2024-12-18 21:58 - 2024-12-18 21:58 - 000000000 ____D C:\Users\Parek\AppData\Local\Google
2024-12-18 21:57 - 2024-12-18 21:57 - 164068399 _____ (Wpf) C:\Users\Parek\Downloads\GoogleChrome.exe
2024-12-18 21:53 - 2024-12-18 00:13 - 000000717 _____ C:\Users\Parek\OneDrive\Desktop\Age of Empires IV.lnk
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-01-04 14:15 - 2024-09-09 20:13 - 000000000 ____D C:\tmp
2025-01-04 14:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Registration
2025-01-04 14:15 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-01-04 13:48 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-01-04 13:34 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Local\LogiOptionsPlus
2025-01-04 13:34 - 2024-09-09 18:30 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-01-04 13:34 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2025-01-04 06:22 - 2024-09-09 18:38 - 000799974 _____ C:\Windows\system32\PerfStringBackup.INI
2025-01-04 06:15 - 2024-09-09 18:51 - 000000000 __SHD C:\Users\Parek\IntelGraphicsProfiles
2025-01-04 06:15 - 2024-09-09 18:40 - 000000000 ___RD C:\Users\Parek\OneDrive
2025-01-04 06:14 - 2024-10-27 14:55 - 000000000 ____D C:\ProgramData\NVIDIA
2025-01-04 06:14 - 2024-09-09 18:51 - 000000000 ____D C:\Intel
2025-01-04 06:14 - 2024-09-09 18:30 - 000008192 ___SH C:\DumpStack.log.tmp
2025-01-04 06:14 - 2024-09-09 18:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-01-04 06:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2025-01-04 00:17 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2025-01-03 20:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-01-03 20:09 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Záruční listy
2025-01-02 19:23 - 2024-09-14 11:32 - 000000000 ____D C:\GOG Games
2025-01-02 19:23 - 2024-09-11 18:34 - 000000000 ____D C:\ProgramData\Package Cache
2025-01-02 19:22 - 2024-09-15 13:09 - 000000000 ____D C:\Users\Parek\AppData\Local\UnrealEngine
2025-01-02 17:58 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\Packages
2025-01-01 19:44 - 2024-09-26 16:22 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Word
2025-01-01 19:39 - 2024-09-18 17:55 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Microsoft\Excel
2024-12-31 15:55 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Rodina
2024-12-31 00:22 - 2024-09-13 20:08 - 000000000 ____D C:\Users\Parek\AppData\Roaming\Free Download Manager
2024-12-30 23:51 - 2024-09-09 18:37 - 000000000 ____D C:\Users\Parek
2024-12-30 11:18 - 2024-09-09 18:48 - 000000000 ____D C:\Users\Parek\AppData\Local\D3DSCache
2024-12-30 10:04 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-12-30 00:05 - 2024-09-14 18:30 - 000000000 ____D C:\Games
2024-12-29 23:06 - 2024-11-11 18:36 - 000000000 ____D C:\Program Files (x86)\DODI-Repacks
2024-12-29 23:05 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\My Games
2024-12-29 13:58 - 2024-11-02 19:58 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-12-27 10:45 - 2024-10-11 16:42 - 1482165546 _____ C:\Windows\MEMORY.DMP
2024-12-27 10:45 - 2024-10-11 16:42 - 000000000 ____D C:\Windows\Minidump
2024-12-23 08:28 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-12-23 06:08 - 2024-09-09 18:30 - 000479088 _____ C:\Windows\system32\FNTCACHE.DAT
2024-12-22 16:31 - 2024-09-28 20:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2024-12-22 16:06 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Command and Conquer Generals Data
2024-12-22 09:25 - 2024-09-11 19:27 - 000000000 ____D C:\Users\Parek\AppData\Roaming\logioptionsplus
2024-12-22 08:46 - 2024-09-09 18:38 - 000000000 ____D C:\Users\Parek\AppData\Local\VirtualStore
2024-12-22 08:35 - 2023-12-04 03:56 - 000000000 ____D C:\Windows\SystemTemp
2024-12-21 11:58 - 2024-09-09 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-12-21 11:57 - 2024-09-09 18:30 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-12-21 11:57 - 2024-09-09 18:30 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2024-12-20 17:38 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2024-12-20 17:36 - 2024-09-09 18:44 - 000000000 ____D C:\Users\Parek\AppData\Local\PlaceholderTileLogoFolder
2024-12-20 17:34 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2024-12-20 17:33 - 2024-09-09 18:36 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-12-20 17:26 - 2024-09-13 19:55 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-12-20 17:25 - 2024-09-09 19:17 - 000000000 ____D C:\Windows\system32\compatrel
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-12-20 17:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2024-12-18 22:05 - 2024-09-11 19:49 - 000000000 ____D C:\Program Files\Microsoft Office
2024-12-18 22:01 - 2024-09-13 20:29 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-12-18 22:01 - 2024-09-13 20:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-12-18 21:53 - 2024-09-09 19:40 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Jízdenky
2024-12-18 21:52 - 2024-09-11 19:59 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-12-18 21:52 - 2024-09-11 19:59 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-12-18 21:52 - 2024-09-09 19:39 - 000000000 ____D C:\Users\Parek\OneDrive\Dokumenty\Vstupenky
2024-12-18 21:52 - 2024-09-09 19:22 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3391527302-3298552988-2452015091-1001
2024-12-14 20:34 - 2024-09-09 19:39 - 000002424 _____ C:\Users\Parek\OneDrive\Dokumenty\Default.rdp
==================== Files in the root of some directories ========
2024-12-27 13:50 - 2024-12-27 13:50 - 001766414 _____ (Open Source Developer Masha Novedad) C:\Users\Parek\AppData\Roaming\134f9b3685dc4139abed78b205b5e028.exe
2024-12-19 08:03 - 2024-12-19 08:03 - 003359352 _____ (O&O Software GmbH) C:\Users\Parek\AppData\Roaming\70d4c9a122874f27ad0184f2d6fa1c57.exe
2024-11-21 21:24 - 2024-11-21 21:24 - 000000024 _____ () C:\Users\Parek\AppData\Roaming\epm_user.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2025
Ran by Parek (04-01-2025 14:17:32)
Running from C:\tmp\frst
Microsoft Windows 10 Pro Version 22H2 19045.5247 (X64) (2024-09-09 17:32:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3391527302-3298552988-2452015091-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3391527302-3298552988-2452015091-503 - Limited - Disabled)
Guest (S-1-5-21-3391527302-3298552988-2452015091-501 - Limited - Disabled)
Parek (S-1-5-21-3391527302-3298552988-2452015091-1001 - Administrator - Enabled) => C:\Users\Parek
WDAGUtilityAccount (S-1-5-21-3391527302-3298552988-2452015091-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 24.08 (x64) (HKLM\...\7-Zip) (Version: 24.08 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.005.20320 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AOMEI Partition Assistant 9.6.1 (HKLM-x32\...\AOMEI Partition Assistant_is1) (Version: 9.6.1 - RePack 9649)
Apple Mobile Device Support (HKLM\...\{336D80E8-E773-4B6F-BCAB-D291F34A6685}) (Version: 17.5.0.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2024.11.1 - Bitwarden Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command and Conquer Remastered Collection (HKLM-x32\...\Command and Conquer Remastered Collection_is1) (Version: - )
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
DisplayLink Graphics (HKLM\...\{FF7B0409-B387-4215-B575-7971A6B57F5D}) (Version: 11.2.3146.0 - DisplayLink Corp.)
EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Epic Games Launcher (HKLM-x32\...\{C5C3EE71-4047-4144-946E-18D500510CB5}) (Version: 1.3.128.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{5122B8BC-D6DF-48FF-8D4E-15A63EEC5073}) (Version: 2.8.1 - Epic Games, Inc.)
FileZilla 3.68.1 (HKLM-x32\...\FileZilla Client) (Version: 3.68.1 - Tim Kosse)
FortiClient (HKLM\...\{B611B858-9363-42FC-AE47-3430D54CCE1B}) (Version: 5.4.1.0840 - Fortinet Inc)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeTube 0.21.3 (HKLM\...\609c326f-6a5e-5cd1-9fc0-6e966fad073f) (Version: 0.21.3 - PrestonN)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
Google Chrome (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\Google Chrome) (Version: 131.0.6778.205 - Google LLC)
iTunes (HKLM\...\{DA2C65E7-7091-46AD-A10F-AC34207C33B9}) (Version: 12.13.2.3 - Apple Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logi Options+ (HKLM\...\{850cdc16-85df-4052-b06e-4e3e9e83c5c6}) (Version: 1.85.655119 - Logitech)
Logi Plugin Service (HKLM\...\{2751BCA2-7FA8-4CDF-A240-A53F46183755}) (Version: 6.0.2.21145 - Logitech)
Manor Lords [K] (HKLM\...\Manor Lords [K]_is1) (Version: 0.8.004 - K-Repack)
Messenger (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 215.6.643112060 - Facebook, Inc.)
Microsoft .NET Host - 8.0.11 (x64) (HKLM\...\{362B4D0D-8438-44DA-86B2-FEC44E000FCA}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.11 (x64) (HKLM\...\{F59C11F0-D73F-452B-8D1D-8C33B82D8507}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.11 (x64) (HKLM\...\{9C80213E-9079-4561-8D57-1FDD0D62251F}) (Version: 64.44.23191 - Microsoft Corporation) Hidden
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18227.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.112 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.112 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.226.1110.0004 - Microsoft Corporation)
Microsoft S/MIME Control for Outlook on the web for Edge/Chrome (HKLM-x32\...\{80C59609-6400-4E37-A0F4-BAF6D3725E60}) (Version: 15.21.18833 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (HKLM\...\{764384C5-BCA9-307C-9AAC-FD443662686A}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (HKLM\...\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (HKLM-x32\...\{3D6AD258-61EA-35F5-812C-B7A02152996E}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (HKLM-x32\...\{E7D4E834-93EB-351F-B8FB-82CDAE623003}) (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM\...\{C0790AA0-0F40-4836-85B2-677B87625E63}) (Version: 64.44.23253 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.11 (x64) (HKLM-x32\...\{bd40e761-3e88-4202-9b53-26c6bed3d467}) (Version: 8.0.11.34221 - Microsoft Corporation)
MiniTool Partition Wizard v12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited (RePack by Dodakaedr))
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7.4 - Notepad++ Team)
NVIDIA Graphics Driver 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20082 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18227.20162 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{6F668A7E-FD30-4B9F-A8CD-FC3A0F9AF32A}) (Version: 5.3.1 - Avanquest pdfforge GmbH)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Název spolecnosti:)
Rise of Nations (HKLM-x32\...\RiseOfNationsExpansion 1.0) (Version: 1.0 - Microsoft)
Roblox Player for Parek (HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\roblox-player) (Version: - Roblox Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WinRAR 7.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.01.0 - win.rar GmbH)
Packages:
=========
Bang & Olufsen Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BangOlufsenAudioControl_1.26.249.0_x64__v10z8vjag6ke6 [2024-10-07] (HP Inc.)
Bitwarden -> C:\Program Files\WindowsApps\bitwarden.com-8AD4A5AF_1.0.0.1_neutral__cm1p359qmnrhw [2024-11-17] (bitwarden.com)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16001.0_x64__8wekyb3d8bbwe [2024-11-14] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.967.0_x64__56jybvy8sckqj [2024-12-28] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-12-18] (INTEL CORP) [Startup Task]
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.37.0_x64__8j3eq9eme6ctt [2024-09-09] (INTEL CORP)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm [2024-12-28] (WhatsApp Inc.) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\Parek\AppData\Local\Google\Chrome\Application\131.0.6778.205\notification_helper.exe (Google LLC -> Google LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.226.1110.0004\FileSyncShell64.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2024-08-11] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2024-05-12] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\53b77523eaecddc1\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Parek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\39a55e8d68262d97\Profile 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 4"
==================== Loaded Modules (Whitelisted) =============
2024-11-21 21:14 - 2021-09-26 08:58 - 000194048 _____ () [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssh2.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000552978 _____ () [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sqlite3.dll
2016-06-23 14:25 - 2016-06-23 14:25 - 000145426 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiSkin.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000291346 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\FortiTrayResc.dll
2016-06-23 14:23 - 2016-06-23 14:23 - 000061458 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\libcfg.dll
2016-06-23 14:24 - 2016-06-23 14:24 - 000408082 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\sslvpnlib.dll
2016-06-23 14:22 - 2016-06-23 14:22 - 000716818 _____ (Fortinet Inc.) [File not signed] C:\Program Files (x86)\Fortinet\FortiClient\utilsdll.dll
2024-11-21 21:14 - 2022-08-16 13:11 - 000509064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\AliyunWrap.DLL
2024-11-21 21:14 - 2022-08-16 13:12 - 000141448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\EnsHelper.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000098440 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\register.dll
2024-11-21 21:14 - 2022-08-16 13:12 - 000461448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\ENS\wpnr.dll
2024-11-21 21:14 - 2022-08-16 13:10 - 000066696 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master\DC\bin\x64\VssEaseusProvider.dll
2024-09-12 08:22 - 2024-08-11 14:00 - 000101376 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2024-11-02 15:49 - 2024-11-02 15:49 - 000196096 _____ (pdfforge GmbH) [File not signed] C:\Windows\System32\pdfcmon.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000428544 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcurl.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 002523136 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libcrypto-1_1.dll
2024-11-21 21:14 - 2021-09-26 08:58 - 000531456 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\EaseUS\ENS\libssl-1_1.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-12-03] (Softdeluxe Ltd. -> FreeDownloadManager.ORG)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-12-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\sharepoint.com -> hxxps://cgiitczech-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 10:14 - 2024-11-21 21:12 - 000001013 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.easeus.com
127.0.0.1 activation.easeus.com
127.0.0.1 track.easeus.com
127.0.0.1 66.39.112.91
127.0.0.1 216.92.151.227
127.0.0.1 216.92.61.7
127.0.0.1 update.easeus.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Parek\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\5628546655569156232\133804189297507593.jpg
DNS Servers: 192.168.1.99 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Local Area Connection: PPPoP WAN Adapter -> pppop64.sys
VMware Network Adapter VMnet8: VMware Virtual Ethernet Adapter for VMnet8 -> vmnetadapter.sys
Ethernet 5: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
VMware Network Adapter VMnet1: VMware Virtual Ethernet Adapter for VMnet1 -> vmnetadapter.sys
Bluetooth Network Connection 2: Bluetooth Device (Personal Area Network) #2 -> bthpan.sys
Wi-Fi 2: Intel(R) Wi-Fi 6 AX201 160MHz #2 -> Netwtw10.sys
vmware_bridge: VMware Bridge Protocol
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "com.messenger"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D7E5E7C0A9696275910388A174E5F120"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "GoogleUpdaterTaskUser132.0.6833.0"
HKU\S-1-5-21-3391527302-3298552988-2452015091-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{4564D46C-8D38-48BA-A007-A5A5BE88242B}] => (Allow) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{41E1167F-3364-43BA-8FD4-CD4286495171}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [{B605F3CE-F421-4095-AAD9-6D20C57681DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C4B000B3-904A-42CF-9005-45CC68DD1420}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70B53AB0-0A4B-4F73-85F4-BDBC6792DC96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{65B472B7-0627-4046-B1A0-F83EE5E4D876}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB474E93-F508-4AA5-9A92-AE6023993BF1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39C4288B-4B99-4EC3-B6CE-70ED83124B1F}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiProxy.exe => No File
FirewallRules: [{0FF19C45-E2FF-4F3C-B64A-66DE5FB73C85}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\ipsec.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{1B2F3CAC-95EF-4FFB-855C-B696601D7AA3}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\FortiWad.exe => No File
FirewallRules: [{A8DA1959-2F69-4F6F-8A4A-33AF116C36DD}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortiesnac.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{5C4EE56C-14B3-42BD-929F-32B8003C0185}] => (Allow) C:\Program Files (x86)\Fortinet\FortiClient\fortifws.exe (Fortinet Inc.) [File not signed]
FirewallRules: [{D84EE90D-1170-404F-BE48-A33DFF713D0E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [{94DF1953-2C5D-4E9F-8E79-735582A4AD95}] => (Allow) C:\Program Files (x86)\Microsoft Games\Rise of Nations\thrones.exe (Big Huge Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{ECBE9AAC-6755-40EB-8FCF-89C8B987ACB6}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{3EFA6C9F-4B47-4094-867A-44FA2629FB6C}C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EA513E2F-EA13-493D-AB82-544741586946}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FF339D05-0107-41AB-817C-D85CECF63F17}C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe] => (Allow) C:\downloads\age.of.darkness.final.stand.v0.12.0a\achilles\binaries\win64\achilles-win64-shipping.exe => No File
FirewallRules: [{AA429FCB-F2DE-4C4D-B278-29D9839A93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{61FE3BD0-CC98-4AE6-9D2B-DA7E50239E8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EC288BE1-A23B-4AE8-9047-909B0A709F1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{817A5C39-085D-4904-8DBF-EB7D37B3F37A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{525CCC00-F7A1-40AE-A563-DA8B9887D8C7}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{B1646C64-12E6-4B1E-B9D1-1C56DE874437}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{BA882022-3AD7-4409-BE01-6EABF84C292B}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{2FF10A1E-FF78-41BB-BAFE-B104E1D8AF6F}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [TCP Query User{267035D8-1E6C-40E0-9568-1AEF128DABBE}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [UDP Query User{6A4118F8-9177-4F9D-95FD-2EA08149BEF1}C:\users\parek\downloads\age of mythology retold\aomrt_s.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\aomrt_s.exe (Tantalus Media Pty Ltd -> Microsoft Corporation)
FirewallRules: [TCP Query User{070347D7-6B2A-4EEE-8F81-9213C3BB149E}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [UDP Query User{93674AC2-0603-4D1A-B42D-A26F2D7C2AC0}C:\users\parek\downloads\age of mythology retold\battleserver.exe] => (Allow) C:\users\parek\downloads\age of mythology retold\battleserver.exe (Tantalus Media Pty Ltd -> )
FirewallRules: [{78CEA249-073D-4BD4-BDFD-29892C9082BA}] => (Block) %SystemDrive%\Games\A Year Of Rain\AYearOfRain.exe => No File
FirewallRules: [TCP Query User{EF01EFEA-81B7-43AB-9F84-DF486E275A01}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{556E2D25-F0B8-4073-B60A-D2900FF735FD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [{9B8B03A9-E587-4334-8DB8-3F7939DD9373}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{CA9A8E0A-C9C3-4459-908B-74B7CF8B1CAD}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [UDP Query User{4C1A326B-A7AD-4CB1-8D8A-EFEE403BECEE}C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe] => (Block) C:\games\a year of rain\ayearofrain\binaries\win64\ayearofrain.exe => No File
FirewallRules: [TCP Query User{601241F7-DFD0-4897-88F1-31B659D95982}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{EEB4A53F-1E83-4326-A5AD-AA8D67782882}C:\users\parek\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\parek\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{081C13DE-EC20-470B-8D04-843D4614AB13}] => (Allow) C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe (LoupeDeck Oy -> Logitech)
FirewallRules: [{E68DA63B-55DD-4BC1-831A-0C3A7C66C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{34917D7B-78AB-4E05-9754-E5C791C5B7FD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{03ECE3F8-8C0E-4F9A-9384-A83BEB323DCE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{2BEBBB9B-FF0A-49C6-B7A1-A38E515331D5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{09A25797-8C46-4DC1-9FFA-609ADFFCFAC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{533199E0-ECCE-4AF1-A37F-1C5F0E346838}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{257C9E53-0817-460B-8F96-A3FB08031119}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.134.3202.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{531772D5-87A0-44E0-8400-436C49A7149A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [UDP Query User{C573665D-4D22-4492-BE8C-09E9826FE03A}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => No File
FirewallRules: [TCP Query User{78C4BA2D-3FFD-4F66-97AD-3E446D4F6F58}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
FirewallRules: [UDP Query User{3E0F1D1E-41FB-4213-88E7-1435BE3ECE71}C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\program files\epic games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe (Warhorse Studios sro) [File not signed]
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:607.6 GB) (Free:93.46 GB) (15%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (01/02/2025 09:12:18 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Parek-x360.local already in use; will try Parek-x360-2.local instead
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 16 Parek-x360.local. AAAA FE80:0000:0000:0000:35F5:766E:A520:38EF
Error: (01/01/2025 04:00:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:35F5:766E:A520:38EF:5353 4 Parek-x360.local. Addr 169.254.190.111
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
Error: (12/31/2024 01:40:55 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
Error: (12/26/2024 11:41:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..
System errors:
=============
Error: (01/04/2025 01:34:46 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #4, {56a4f8e4-1b78-48df-9515-e310e95634d6}, had event 74
Error: (01/04/2025 06:14:47 AM) (Source: NetBT) (EventID: 4307) (User: )
Description: Initialization failed because the transport refused to open initial addresses.
Error: (01/04/2025 06:14:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error:
This driver has been blocked from loading
Error: (01/04/2025 06:14:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SECDRV.SYS
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (01/04/2025 12:16:59 AM) (Source: DCOM) (EventID: 10010) (User: PAREK-X360)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2025-01-04 13:34:47
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {47FE5F70-936A-4FBB-B4CD-DBCE6F10249B}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-04 00:17:01
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {9FD109FC-AAD0-403F-94CC-35C23A9C6CE9}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-02 18:11:43
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {BEBA0D7A-EF75-42EB-A344-F6DB0A603CCE}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2025-01-01 01:45:29
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {41A867D5-8F54-4908-AF99-ADC52EE25692}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Date: 2024-12-30 08:25:50
Description:
Prohledávání Microsoft Defender Antivirus bylo zastaveno před dokončením.
ID prohledávání: {8D4740D1-60F7-4DEB-882D-F790AEBE7A03}
Typ prohledávání: Antimalware
Parametry prohledávání: Quick Scan
Uživatel: NT AUTHORITY\SYSTEM
Event[0]:
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Backup
Kód chyby: 0x80004004
Popis chyby: Operation aborted
Verze bezpečnostních informací: 1.419.377.0;1.419.377.0
Verze modulu: 1.1.24080.9
Date: 2024-10-07 21:06:53
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací a pokusí se o obnovení na předchozí verzi.
Bezpečnostní informace, které se měly načíst: Current
Kód chyby: 0x80501102
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Verze bezpečnostních informací: 1.419.387.0;1.419.387.0
Verze modulu: 1.1.24080.9
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiSpyware
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.419.375.0
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: User
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.24080.9
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80509004
Popis chyby: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Date: 2024-10-06 23:01:30
Description:
Microsoft Defender Antivirus narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.419.373.0
Zdroj aktualizace: Microsoft Update Server
Typ bezpečnostních informací: AntiVirus
Typ aktualizace: Full
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.24080.9
Kód chyby: 0x80240022
Popis chyby: The program can't check for definition updates.
CodeIntegrity:
===============
Date: 2025-01-04 14:18:08
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2025-01-04 14:03:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: AMI F.20 04/22/2024
Motherboard: HP 86E7
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 16081.58 MB
Available physical RAM: 6434.54 MB
Total Virtual: 18513.58 MB
Available Virtual: 7815.56 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:607.6 GB) (Free:93.46 GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) NTFS
Drive d: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
Drive e: () (Fixed) (Total: ? GB) (Free: ? GB) (Model: Seagate IronWolf510 ZP1920NM30001-2S9303) (Protected) (Locked)
\\?\Volume{9025fdea-f346-417e-ab2c-5c0e7875a15c}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{a84bcc09-f93f-421e-aed0-9893fe441ab6}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{f5916b01-d3c0-46d7-ab8a-bd0b50faedd8}\ () (Fixed) (Total:0.54 GB) (Free:0.09 GB) NTFS
\\?\Volume{d2562ee7-52f9-49c2-8814-aab90d85c24d}\ () (Fixed) (Total:0.09 GB) (Free:0.03 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1788.5 GB) (Disk ID: 0DBB4B75)
Partition: GPT.
==================== End of Addition.txt =======================
Mám z tvého notebooku rozporuplné pocity. Vypadá to na tvůj osobní endpoint, kterým se ale připojuješ i do práce/korporátní sítě. V takovém případě není vhodné instalovat neověřené aplikace/stahovat je z pochybných zdrojů, protože v případě tohoto Lumma stealeru/RedLine stealera došlo ke kompromitaci tvého stroje (minimálně krádeži hesel), ale mohlo dokonce dojít i ke kompromitaci firemní sítě (VPN přístup, O365 credentials, krádež souborů, ...). 